Taking a Comprehensive Approach to Cyber Security

Begun with a simple handshake and a fundamental mission, the CERT^® Program, once just the CERT Coordination Center, has evolved dramatically since it was created in 1988 in response to the Morris worm incident. The small organization established to coordinate response to internet security incidents now has more than 150 cybersecurity professionals working on projects that take a proactive approach to securing systems. Recognized as a trusted, authoritative organization dedicated to improving the security and resiliency of computer systems and networks, the CERT Program is a national asset in the field of cybersecurity. We regularly partner with government, industry, law enforcement, and academia to develop advanced methods and technologies to counter large-scale, sophisticated cyber threats.

The CERT Program is enriched by its connection to the internationally respected Carnegie Mellon University. Our proximity to other world-class researchers and practitioners enables numerous collaboration opportunities and strengthens our research focus. And because the CERT Program is located within the Software Engineering Institute, a federally funded research and development center at Carnegie Mellon University, the majority of our work contributes to government and national security efforts.

The Value of Knowledge and Experience

Our diverse group of researchers, software engineers, security analysts, and digital intelligence specialists rely on both theoretical and empirical knowledge to understand security problems. In addition to our scientific research, collecting actual, real-world data helps us gain insight into the current climate. By analyzing network traffic, we can help organizations identify patterns that may indicate attacks. Our databases of information about software vulnerabilities and malicious code, coupled with our understanding of the software development lifecycle, serve as a basis for developing remediation strategies and solutions and working with developers to improve new software. We also focus on improving organizations' security by helping them identify security gaps and internal threats. Malicious insiders pose a serious threat to organizations, and our database of information about over 800 actual insider threat cases helps us identify motivations and warning signs.

Creating Impact in the Community

We use the insights gained through our research and analysis of these data collected across the CERT Program to develop practical, applicable solutions to relevant problems. Then we make these solutions available to the people who need them. We are also contributing to standards efforts to improve software security. We have published numerous open source tools for a range of activities, including discovering vulnerabilities, analyzing network traffic, and facilitating digital investigations. Organizations can choose from our many assessments and models to enhance their security profile through activities such as identifying information security gaps, improving resilience, and measuring susceptibility to insider threat. And we document our insights in a variety of publications, including technical reports, white papers, journal articles, conference presentations, blogs, and podcasts.

In the area of digital intelligence and investigation, we work closely with federal law enforcement and intelligence agencies to provide operational support, identify and develop tools that address gap area needs not met by commercial tools, and provide training to improve the state of practice among digital forensic analysts. Our staff has helped agencies craft strategies for executing search warrants when the subject was known to be employing particularly sophisticated, technical countermeasures. We have also provided the analytic support that law enforcement needed to successfully prosecute some of the nation's largest credit card theft cases.

To increase the preparedness of other cybersecurity professionals faced with these issues, we have developed training options. In addition to traditional classroom-based courses, we offer course materials through our virtual training environment (VTE), a platform that allows users to access a variety of online resources at their own pace, at any time and from any location. Our staff has also collaborated with educators from a number of other universities to develop a curriculum in software assurance, which will join our existing survivability and information assurance curriculum. In addition, many of our staff members teach courses in information security at Carnegie Mellon University.

Contributing to National Security Efforts

Our efforts extend to the national and global levels as well. Over the years, we have provided direct support to the Department of Defense (DoD) through projects designed to improve the security of networks. Working with the Defense Information Systems Agency in an effort to increase global situational awareness, we provide core analytical systems that are used across the DoD. Our technical staff members have also been at the center of the engineering and developing activities for the Community Data Center, an initiative created to compile an array of analytical processes and systems to address threats to DoD networks. We are working with partners in the Navy's Space and Naval Warfare Systems Center and the Mitre Corporation to develop a proof-of-concept vulnerability remediation capability that will use standards-based remediation processes for the first time. In the area of malicious code analysis, CERT analysts are providing critical support to DoD and intelligence community partners to understand and counter the malicious code threat to national systems. We are also providing core analytical support to the Defense Industrial Base Collaborative Information Sharing Environment (DCISE), the focal point and clearinghouse for referrals of intrusion events on defense organizations' unclassified corporate networks. In this project, CERT analysts work with multiple DoD agencies to produce threat information products for industry partners who share relevant information to more effectively protect critical data.

We have been instrumental in building a network of more than 50 computer security response teams (CSIRTs) with national responsibility, and we worked with the Department of Homeland Security (DHS) to create US-CERT. Although the CERT Program and US-CERT are two distinct organizations, CERT staff work closely with the staff at US-CERT and regularly contribute content for their website, as well as the Build Security In and Software Assurance Community Resources and Information Clearinghouse websites. Our involvement with DHS extends beyond US-CERT, however. Various agencies within DHS, as well as other government entities, regularly seek our experience and insights to assist them with projects that strengthen our nation's resistance to cyber threats. Of interest to consumers, we are also involved with the Software Engineering Institute's smart grid effort. This project focuses on improving the efficiency of the power grid while reducing the impact to the environment.

The CERT Charter

• Provide a reliable, trusted, 24-hour, single point of contact for emergencies.

• Facilitate communication among experts working to solve security problems.

• Serve as a central point for identifying and correcting vulnerabilities in computer systems.

• Maintain close ties with research activities and conduct research to improve the security of existing systems.

• Initiate proactive measures to increase awareness and understanding of information security and computer security issues throughout the community of network users and service providers.