Improvements in systems, practices, and capable personnel to enable cyber missions
Adversary cyber maneuvers against the nation’s defense networks and systems are happening at a scale and speed that outpace human ability to respond. Current analysis, threat-awareness, and workforce development practices struggle to stay ahead of rapidly evolving threats to infrastructure, networks, and data.
We build capacity through increased use of autonomy to defend the data and networks of the Department of Defense, its mission partners, and the nation’s critical infrastructure. Additionally, we work to create, prototype, and apply learning platforms to build cyber operator and analyst capability, anytime and anywhere. Our work produces tools to automate malware analysis and innovate cyber incident handling and response. We also develop and deploy situational awareness and proactive monitoring practices, aimed at increasing the flow of actionable information about vulnerabilities.
Attacks on machine learning (ML) systems can make them learn the wrong thing, do the wrong thing, or reveal sensitive information. Train, But Verify protects ML systems by training them to act against two of these threats at the same time and verifying them against realistic threat models.
CERT researchers develop automated tools that discover and mitigate software vulnerabilities and transfer them to researchers, procurement specialists, and software vendors.
The new CERT method for validating and repairing defects found by static analysis tools helps auditors and coders address more alerts with less effort.
December 21, 2016 • Technical Report
Presents recommendations for mitigating insider threat based on CERT's continued research and analysis of over 1,000 cases.Download
April 19, 2016 • Technical Report
As they constantly change network infrastructure, adversaries consistently use and update their tools. This report presents a way for researchers to begin threat analysis with those tools rather than with network or incident data alone.Download
November 24, 2010 • Book
In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.Download
April 01, 2003 • Handbook
In this 2003 handbook, the authors describe different organizational models for implementing incident handling capabilities.Download
History of Innovation at the SEI in Cybersecurity
The SEI has performed innovative research in cybersecurity for almost 30 years that has benefited government, industry, and academia. Learn more about a few of the highlights.
Building Capability to Defend Against Malware
To analyze malware, SEI CERT researchers have developed a suite of tools based on a framework called Pharos, which is built on top of Lawrence Livermore National Laboratory's ROSE compiler infrastructure.Read the Story
Assessing Cyber Risk Readiness
The SEI has created several frameworks for gauging cyber risk, such as the CERT Resilience Management Model, the Risk and Vulnerability Assessment, and the External Dependencies Management Assessment.Read the Story
Codifying Resilience Practice
After the 9/11 terror attacks, organizations sought greater operational resilience through security and business continuity. The SEI developed the CERT Resilience Management Model to improve operational resilience.Read the Story
Strengthening Network Traffic Analysis
Casual conversation among members of the DoD and SEI staff sparked a collaboration that produced the DHS Einstein program, which helps protect federal computer networks and the delivery of essential government servicesRead the Story
Enabling Large-Scale Network Flow Analysis
Since the early 1990s, SEI and CERT have developed numerous tools and techniques to assist in analyzing network traffic flow and identifying cybersecurity incidents.Read the Story
Bringing Science to Insider Threat Mitigation
For nearly two decades, the SEI CERT Division has focused on gathering and analyzing data about actual malicious insider acts and potential threats to U.S. critical infrastructures.Read the Story
Fostering Growth in Professional Cyber Incident Management
The Morris Worm disrupted the nascent internet in 1988. In its aftermath, DARPA requested that the SEI create a Computer Emergency Response Team, and the CERT Coordination Center (CERT/CC) was born.Read the Story