Archive: 2017-10

The first post in this series introduced the basic concepts of multicore processing and virtualization, highlighted their benefits, and outlined the challenges these technologies present. The second post addressed multicore processing, whereas the third and fourth posts concentrated on virtualization via virtual machines (VMs) and containers (containerization), respectively. This fifth and final post in the series provides general recommendations for the use of these three technologies--multicore processing, virtualization via VMs, and virtualization via containers--including mitigating their associated challenges.

by Dan Klinedinst
Vulnerability Analyst
CERT Division

As the world becomes increasingly interconnected through technology, information security vulnerabilities emerge from the deepening complexity. Unexpected interactions between hardware and software components can magnify the impact of a vulnerability. As technology continues its shift away from the PC-centric environment of the past to a cloud-based, perpetually connected world, it exposes sensitive systems and networks in ways that were never before imagined.

The information security community must be prepared to address emerging systemic vulnerabilities. To help identify these vulnerabilities, a team of researchers--in addition to myself, the team included Joel Land and Kyle O'Meara--identified at-risk, emerging technologies by breaking down major technology trends over the next 10 years. This blog post, which is abstracted from our technical report on this work, highlights the findings of our research, which helps the Department of Homeland Security United States Computer Emergency Readiness Team (US-CERT) in their work towards vulnerability triage, outreach, and analysis.

As organizations' critical assets have become digitized and access to information has increased, the nature and severity of threats has changed. Organizations' own personnel--insiders--now have greater ability than ever before to misuse their access to critical organizational assets. Insiders know where critical assets are, what is important, and what is valuable. Their organizations have given them authorized access to these assets and the means to compromise the confidentiality, availability, or integrity of data. As organizations rely on cyber systems to support critical missions, a malicious insider who is trying to harm an organization can do so through, for example, sabotaging a critical IT system or stealing intellectual property to benefit a new employer or a competitor. Government and industry organizations are responding to this change in the threat landscape and are increasingly aware of the escalating risks. CERT has been a widely acknowledged leader in insider threat since it began investigating the problem in 2001. The CERT Guide to Insider Threat was inducted in 2016 into the Palo Alto Networks Cybersecurity Canon, illustrating its value in helping organizations understand the risks that their own employees pose to critical assets. This blog post describes the challenge of insider threats, approaches to detection, and how machine learning-enabled software helps provide protection against this risk.

Could software save lives after a natural disaster? Meteorologists use sophisticated software-reliant systems to predict a number of pathways for severe and extreme weather events, such as hurricanes, tornados, and cyclones. Their forecasts can trigger evacuations that remove people from danger.

In this blog post, I explore key technology enablers that might pave the path toward achieving an envisioned end-state capability for software that would improve decision-making and response for disaster managers and warfighters in a modern battlefield, along with some technology deficits that we need to address along the way.