Cyber Missions
Blog Posts
Machine Learning in Cybersecurity
Our technical report provides an overview of the relevant parts of an ML lifecycle--selecting the right problem, the right data, and the right math and summarizing the model output for …
• By Jonathan Spring
In CERT/CC Vulnerabilities
Managing the Risks of Ransomware
Ransomware poses a growing threat to both businesses and government agencies. Though no strategy can fully eliminate these risks, this post provides recommendations....
• By David Tobar, Jason Fricke
In Situational Awareness
Six Free Tools for Creating a Cyber Simulator
It can be hard for developers of cybersecurity training to create realistic simulations and training exercises when trainees are operating in closed (often classified) environments with no ability to connect …
• By Joseph Mayes
In Cyber Workforce Development
Business Email Compromise: Operation Wire Wire and New Attack Vectors
In June 2018, Federal authorities announced a significant coordinated effort to disrupt business email compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals....
• By Anne Connell
In Reverse Engineering for Malware Analysis
How to Use Static Analysis to Enforce SEI CERT Coding Standards for IoT Applications
The Jeep hack, methods to hack ATMs, and even hacks to a casino's fish tank provide stark evidence of the risks associated with the Internet of Things (IoT)....
• By David Svoboda
In Secure Development
Securely Connecting Africa
While the Internet has enabled modernization in parts of the developing world, it has also introduced new cybersecurity challenges....
• By Vijay S. Sarvepalli
In CSIRT Development
Using the SEI CERT Coding Standards to Improve Security of the Internet of Things
The Internet of Things (IoT) is insecure. The Jeep hack received a lot of publicity, and there are various ways to hack ATMs, with incidents occurring with increasing regularity....
• By David Svoboda
In Secure Development
Expectations for Implementing DevOps in a Highly Regulated Environment: Second in a Series
This second installment in the blog post series on implementing DevOps in highly regulated environments (HREs), which is excerpted from a recently published paper, discusses the first step in a …
• By Jose A. Morales
In DevSecOps
Evaluating Threat-Modeling Methods for Cyber-Physical Systems
Addressing cybersecurity for a complex system, especially for a cyber-physical system of systems (CPSoS), requires a strategic approach during the entire lifecycle of the system....
• By Nataliya Shevchenko
In Enterprise Risk and Resilience Management
Improving Assessments for Cybersecurity Training
The CERT Cyber Workforce Development Directorate conducts training in cyber operations for the DoD and other government customers as part of its commitment to strengthen the nation's cybersecurity workforce....
• By April Galyardt
In Artificial Intelligence Engineering
