Software Engineering Institute

August 5, 2014—On July 30, the SEI hosted an address delivered by John P. Carlin, assistant attorney general for national security in the U.S. Department of Justice (DOJ). The talk was part of the White House Business Council's Business Leader Forum and was organized by Business Forward, the National Cyber-Forensics & Training Alliance, the Pittsburgh Technology Council, and Carnegie Mellon University. Members of the audience represented more than 60 Pittsburgh area organizations in industry and education. Also attending were representatives from federal law enforcement agencies, representatives of the sponsoring organizations, and SEI leadership.

Carlin opened with a recent quote from 9/11 Commission. The commission noted, "We are at September 10th levels in terms of cyber preparedness…. One lesson of the 9/11 story is that, as a nation, Americans did not awaken to the gravity of the terrorist threat until it was too late. History may be repeating itself in the cyber realm." Carlin went on to discuss ways in which government, industry, and academia can work together to improve preparedness and combat cyber threats. 

Carlin cited "Operation Bot Roast," the 2007 FBI operation aimed at operators of major botnets, as an example of the kind of cooperation needed. Operation Bot Roast involved the FBI's Cyber Fusion Center, which is located in Pittsburgh, the DOJ, the SEI's CERT Division, and private-sector companies. Their effort ultimately resulted in the prosecution of a number of criminals who controlled millions of compromised computers as part of an infrastructure for their various illegal enterprises. 

Carlin also noted more recent collaborations in which the SEI's CERT Division joined forces with the Pittsburgh office of the FBI to identify the Gameover Zeus computer theft network that resulted in the indictment of five members of the Chinese military. "These charges against uniformed members of the Chinese military were the first of their kind," said Carlin. "Some said they [the charges] could not be brought. But this indictment alleges, with particularity, specific actions on specific days by specific actors to use their computers to steal valuable information from across our economy."

Carlin concluded his remarks by noting both the strides made over the past several years to counter cyber threats and the work that remains to be done. He reiterated his call for enhanced cooperation among federal agencies, law enforcement, private industry, academia, and citizens at large. "Together," he said, "we can ensure that, here in America's heartland and throughout this country, the hard work of Americans doesn't fall prey to cyber criminals."

"The SEI is pleased to have hosted this event," said SEI Director and CEO, Paul Nielsen. "Certainly, Assistant Attorney General Carlin's remarks touched on a number of important cybersecurity matters directly related to the work we do here. The opportunities we've had to collaborate with government, law enforcement, and the private sector against specific cyber threats give our folks firsthand experience countering real-world challenges. This experience, in turn, helps strengthen and focus their research and development efforts."