As software has become essential to all aspects of system capabilities and operations, there has been a dramatic increase in the significance of cybersecurity. The CERT Division focuses its research on cybersecurity challenges in national security, homeland security, and critical infrastructure protection.
We seek to develop and broadly transition new technologies, tools, and practices that enable informed trust and confidence in using information and communication technology.
Note from the CERT Division Chief Scientist, Greg Shannon
Welcome to the CERT Research page. We work at the nexus of government, industry, and academia to research significant concerns in cyber risk and resilience, software vulnerability, insider threat, secure coding practices, and other areas. Our research produces new approaches, analysis tools, and training options to improve the practice of cybersecurity in private and public sector organizations. I invite you to begin your engagement with us through the videos and other resources offered here and to contact us to continue the discussion.
In this project, we are developing an automated cyber-readiness evaluation capability that can interpret the actions a user is performing on a screen within a defined desktop environment and, based on those actions, objectively measure the individual’s competence within a defined knowledge and skill set.
Rotem Guttman describes the benefits of this project.
“The Department of Defense is in the midst of a three year
journey that’s going to create a cyber workforce of
approximately over six–thousand individuals.”
ADM Michael Rogers, Commander USCYBERCOM, 2014
Behavior-Based Analysis and Detection of Mobile Devices
Jose Morales, Principal Investigator
Both the number of Android OS-enabled mobile device users and the malware targeting Android OS are growing exponentially. This research aims to disallow malicious apps from ever being available for download via app markets and to detect and triage apps exhibiting malicious behavior on a mobile device.
“Scarcity of cybersecurity experts is a real problem that can be quantified and described—but not one that can easily be solved.”
James Arlen, Leviathan Security Group
Deep Focus: Increasing User Depth of Field to Improve Threat Detection
William R. Claycomb, Principal Investigator
As a recognized leader in insider threat research, the CERT Division is leading the way in finding answers to improving detection capabilities and preventing future leaks. We believe the next step in the insider-threat research roadmap is to develop a fundamental understanding of individual users.
“Malicious activity by insiders looks like their authorized day-to-day online activity. As a result, many insider threat detection tools produce so many false positives that the tools are unusable.”
The CERT Division
Insider Threat Mitigation
Andrew P. Moore and William R. Claycomb, Principal Investigators
By moving into trends that characterize emerging threats, we are able to understand the requirements for next-generation enterprise system architectures needed to defend effectively against insider threats.
“This Presidential Memorandum transmits the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Minimum Standards) to provide direction and guidance to promote the development of effective insider threat programs within departments and agencies...”
Presidential Memorandum, November 21, 2012
Ed Stoner, Principal Investigator
Program analysis techniques can be useful in providing automated understanding of software behavior.
Researcher Jonathan Spring describes the tasks in this project for the
automatic static analysis of malware binaries, the exploration of suffix
tree use, and the use of model checking to describe formally invariant
behavior that malicious software expresses.
“Malware analysts need an approach that allows them to sort out the massive amount of new samples that arrive daily in a fundamental way so they can assign priority to the most malicious of binary files.”
Jose Morales, The CERT Division, Software Engineering Institute
Malware Distribution Networks
Jose Morales and William Casey, Principal Investigators
This research fundamentally advances the field by providing a way to graph Malicious Distribution Networks (MDNs) accurately using already discovered malicious URLs.
Jason Clark describes the method and outcomes of this research.
"The exposure of information on the Internet poses a genuine threat to the privacy of users."
Jason Clark, The CERT Division, Software Engineering Institute
Robert Seacord, Principal Investigator
The goal of the CERT Secure Coding Initiative is to reduce the number of vulnerabilities to a level that can be mitigated fully in DoD operational environments. This goal will be accomplished by preventing coding errors or discovering and eliminating security flaws during implementation and testing.
"The customer trusts us that product is secure, and we as an industry, should accept our responsibility and enforce higher security standards on our products. This starts at practicing secure programming."
Don Eijndhoven, founder and CEO of Argent Consulting B.V.
Simulating Malicious Insiders in Real Host-Monitored Background Data
Kurt Wallnau and Brian Lindauer, Principal Investigators
We create threat data from a combination of synthetic threat data overlaid on real background data. The novelty of our approach is in the way we make constructive use of background data to create threat data with plausible threats that exhibit richly textured social realism.
Kurt Wallnau details the development of insider threat cyberplays.
“Nonetheless, even with numerous safeguards in place, why are there
so many high-profile breaches? The reason is because the solutions most
organizations employ focus on the wrong thing—data... A better approach
is to look at the activities of the user...”
Daniel Yelez, Raytheon Cyber Products
Software Assurance Engineering—Integrating Assurance into System and Software Engineering
Carol Woody, Principal Investigator
The U.S. Department of Defense (DoD) goal of implementing software assurance throughout the development lifecycle needs to be translated into practical actions that designers and developers can take. This project aims to improve capabilities in analyzing cybersecurity risk early in the software lifecycle and using software quality models to support software assurance.
“Implementing software with a level of confidence that software functions
as intended and is free of vulnerabilities, either intentionally or unintentionally
designed or inserted as part of the software, throughout the lifecycle.”