A Technical History of the SEI
ihQTwP
ihQTwP
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The CERT/CC helps guard against devastating consequences from incidents by sharing its expertise<br />
with government and o<strong>the</strong>r incident handlers and <strong>the</strong>ir managers, including US-CERT. The<br />
CERT/CC protects <strong>the</strong> U.S. information infrastructure by providing technical assistance in repairing<br />
compromised systems and limiting <strong>the</strong> damage caused by high-impact attacks. Access to composite<br />
data enables <strong>the</strong> U.S. Department <strong>of</strong> Defense (DoD) and federal agencies to have a comprehensive<br />
view <strong>of</strong> attack methods, vulnerabilities, and <strong>the</strong> impact <strong>of</strong> attacks.<br />
Evolution <strong>of</strong> <strong>the</strong> CERT Division<br />
In <strong>the</strong> years following CERT/CC’s establishment, <strong>the</strong> DoD and federal agencies became highly dependent<br />
on <strong>the</strong> internet, as did businesses, including critical infrastructure providers. Moreover, <strong>the</strong>y<br />
moved away from proprietary s<strong>of</strong>tware to adopt common information technologies. To better manage<br />
<strong>the</strong>se changes, <strong>the</strong> CERT/CC began addressing a wider range <strong>of</strong> security issues, and <strong>the</strong> larger<br />
CERT program was formed, later becoming a division. Through <strong>the</strong> CERT Division, <strong>the</strong> <strong>SEI</strong> develops<br />
and promotes <strong>the</strong> use <strong>of</strong> appropriate technology and systems management practices to resist attacks<br />
on networked systems, to limit damage, and to ensure continuity <strong>of</strong> critical services.<br />
Range <strong>of</strong> Issues<br />
Establishment <strong>of</strong> <strong>the</strong> CERT/CC was <strong>the</strong> <strong>SEI</strong>’s introduction to a broad range <strong>of</strong> s<strong>of</strong>tware and network<br />
security issues.<br />
The first issue, in accord with <strong>the</strong> CERT charter, was incident response (IR). From <strong>the</strong> beginning<br />
it was clear that <strong>the</strong> need for skilled incident responders and response organizations would grow.<br />
In addition to serving as a key response organization, <strong>the</strong> CERT/CC took on <strong>the</strong> task <strong>of</strong> developing<br />
<strong>the</strong> mentoring and training programs, training delivery platforms, and cyber exercise platforms<br />
that would scale to meet <strong>the</strong> growing workforce development need. After defining best<br />
practices and sharing <strong>the</strong>m with <strong>the</strong> IR community, <strong>the</strong> CERT/CC worked at <strong>the</strong> organizational<br />
level <strong>the</strong>n moved to <strong>the</strong> national level and its special technical IR needs; <strong>the</strong>se activities included<br />
helping to establish and providing ongoing support to US-CERT. Recognizing <strong>the</strong> need for a network<br />
<strong>of</strong> incident responders, <strong>the</strong> CERT/CC was one <strong>of</strong> <strong>the</strong> founding members <strong>of</strong> <strong>the</strong> Forum <strong>of</strong> Incident<br />
Response and Security Teams (FIRST). Later, GFIRST was formed to meet <strong>the</strong> particular<br />
needs <strong>of</strong> government CSIRTs (computer security incident response teams). In effect, <strong>the</strong> <strong>SEI</strong> not<br />
only spawned this international collection <strong>of</strong> cooperating organizations, it has also been a leader<br />
in coordinating technical support to evolving incidents throughout <strong>the</strong> world.<br />
Perpetrators <strong>of</strong> incidents take advantage <strong>of</strong> vulnerabilities in s<strong>of</strong>tware products, so ano<strong>the</strong>r early<br />
issue was vulnerability analysis, also called for in <strong>the</strong> CERT charter. This work began with collecting<br />
and categorizing vulnerability reports and establishing working relationships with more<br />
than 600 vendors to mitigate security problems responsibly. The CERT/CC <strong>the</strong>n established an<br />
initiative to develop vulnerability discovery tools and analysis techniques, <strong>the</strong>n provide <strong>the</strong>m to<br />
vendors, leading to fewer vulnerabilities in released s<strong>of</strong>tware as <strong>the</strong> vendors begin using <strong>the</strong>m in<br />
<strong>the</strong>ir s<strong>of</strong>tware development process. As a result, DoD and o<strong>the</strong>rs’ acquisition teams are assured <strong>of</strong><br />
more secure s<strong>of</strong>tware products out <strong>of</strong> <strong>the</strong> box and increased resistance to attacks.<br />
Collecting and analyzing malicious code was a logical next step as vulnerability analysts and incident<br />
responders saw “malcode” and “malware” toolkits exploiting vulnerabilities. The CERT/CC<br />
CMU/<strong>SEI</strong>-2016-SR-027 | SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY 163<br />
Distribution Statement A: Approved for Public Release; Distribution is Unlimited.