CERT-SEI

About Us

Begun with a simple handshake and a fundamental mission, the CERT Division of the Software Engineering Institute (SEI) has evolved dramatically since it was created in 1988 as the CERT Coordination Center in response to the Morris worm incident. The small organization established to coordinate response to internet security incidents now has more than 150 cybersecurity professionals working on projects that take a proactive approach to securing systems.

Recognized as a trusted, authoritative organization dedicated to improving the security and resilience of computer systems and networks, the CERT Division is a national asset in the field of cybersecurity. We regularly partner with government, industry, law enforcement, and academia to develop advanced methods and technologies to counter large-scale, sophisticated cyber threats.

The CERT Division is enriched by its connection to the internationally respected Carnegie Mellon University. Our proximity to other world-class researchers and practitioners enables numerous collaboration opportunities and strengthens our research focus. And because the CERT Division is located within the SEI, a federally funded research and development center at Carnegie Mellon University, the majority of our work contributes to government and national security efforts.

The CERT Division works closely with the Department of Homeland Security (DHS) to meet mutually set goals in areas such as data collection and mining, statistics and trend analysis, computer and network security, incident management, insider threat, software assurance, and more. The results of this work include exercises, courses, and systems that were designed, implemented, and delivered to DHS and its customers as part of the SEI's mission to transition SEI capabilities to the public and private sectors and improve the practice of cybersecurity.

The Value of Knowledge and Experience

Our diverse group of researchers, software engineers, security analysts, and digital intelligence specialists relies on both theoretical and empirical knowledge to understand security problems. In addition to our scientific research, collecting actual, real-world data helps us to gain insight into the current climate. By analyzing network traffic, we can help organizations to identify patterns that may indicate attacks.

Our databases of information about software vulnerabilities and malicious code, coupled with our understanding of the software development lifecycle, serve as a basis for developing remediation strategies and solutions and working with developers to improve new software. We also focus on improving organizations' security by helping them identify security gaps and internal threats. Malicious insiders pose a serious threat to organizations, and our database of information about over 800 actual insider threat cases helps us to identify motivations and warning signs.

Creating Impact in the Community

We use the insights gained through our research and analysis of these data collected across the CERT Division to develop practical, applicable solutions to relevant problems. Then we make these solutions available to the people who need them. We also contribute to standards efforts to improve software security. We publish numerous open source tools for a range of activities, including discovering vulnerabilities, analyzing network traffic, and facilitating digital investigations.

Organizations can choose from our many assessments and models to enhance their security profiles through activities such as identifying information security gaps, improving resilience, and measuring susceptibility to insider threats. We document our insights in a variety of publications, including technical reports, white papers, journal articles, conference presentations, blog posts, and podcasts.

In the area of digital intelligence and investigation, we work closely with federal law enforcement and intelligence agencies to provide operational support, identify and develop tools that address gaps not met by commercial tools, and provide training to improve the state of the practice among digital forensic analysts. Our staff members help agencies craft strategies for executing search warrants when the subject is known to be employing particularly sophisticated, technical countermeasures. We also provide the analytical support that law enforcement needs to successfully prosecute some of the nation's largest credit card theft cases.

To increase the preparedness of other cybersecurity professionals faced with these issues, we developed training. In addition to traditional classroom-based courses, we offer course materials through STEPfwd, our virtual training environment that allows users to access a variety of online resources at their own pace, at any time and from any location.

Geographically dispersed team members can work together on customized scenarios to improve and hone their skills. Our staff has also collaborated with educators from a number of other universities to develop a curriculum in software assurance, which will join our existing survivability and information assurance curriculum. In addition, many of our staff members teach courses in information security at Carnegie Mellon University.

Contributing to National Security Efforts

Our efforts extend to the national and global levels as well. Over the years, we have provided direct support to the Department of Defense (DoD) through projects designed to improve the security of networks. Working with the Defense Information Systems Agency in an effort to increase global situational awareness, we provide core analytical systems that are used across the DoD. Our technical staff members have also been at the center of the engineering and development activities for the Community Data Center, an initiative created to compile an array of analytical processes and systems to address threats to DoD networks.

We are working with partners in the Navy's Space and Naval Warfare Systems Center and the MITRE Corporation to develop a proof-of-concept vulnerability remediation capability that will use standards-based remediation processes for the first time. In the area of malicious code analysis, CERT analysts are providing critical support to DoD and intelligence community partners to understand and counter the malicious code threat to national systems.

We also provide core analytical support to the Defense Industrial Base Collaborative Information Sharing Environment (DCISE), the focal point and clearinghouse for referrals of intrusion events on defense organizations' unclassified corporate networks. In this project, CERT analysts work with multiple DoD agencies to produce threat information products for industry partners who share relevant information to more effectively protect critical data.

We have been instrumental in building a network of more than 50 computer security incident response teams (CSIRTs) with national responsibility, and we worked with the Department of Homeland Security (DHS) to create US-CERT, work that draws on CERT/CC capabilities to help prevent cyber attacks, protect system, and respond to the effects of cyber attacks across the internet. Although the CERT Division and US-CERT are two distinct organizations, CERT staff work closely with the staff at US-CERT and have contributed content to their website, as well as the Build Security In and Software Assurance Community Resources and Information Clearinghouse websites.

Our involvement with DHS extends beyond US-CERT, however. Various agencies within DHS, as well as other government entities, regularly seek our experience and insights to assist them with projects that strengthen our nation's resistance to cyber threats.

We are also involved with the Software Engineering Institute's Smart Grid effort. This project focuses on improving the efficiency of the power grid while reducing the impact to the environment.

The CERT Mission

The CERT Division is a trusted provider of operationally relevant cybersecurity research and innovative and timely solutions to our nation's cybersecurity challenges. Through our operationally relevant cybersecurity research, innovative and timely responses to cybersecurity challenges, and broad transition to our stakeholder communities, the CERT Division develops, executes, and evolves a technical agenda that brings unique solutions to cybersecurity challenges that measurably improve the security of the cyber environment.