As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, and presentations highlighting our work in cyber warfare, emerging technologies and their risks, domain name system blocking to disrupt malware, best practices in network border protection, robotics, technical debt, and insider threat and workplace violence. These publications highlight the latest work of SEI technologists in these areas. This post includes a listing of each publication, author(s), and links where they can be accessed on the SEI website.

R-EACTR: A Framework for Designing Realistic Cyber Warfare Exercises
by Geoffrey B. Dobson, Thomas G. Podnar, Adam D. Cerini, Luke J. Osterritter

As the cyberspace domain expands into nearly every aspect of military operations, leaders are challenged to provide valuable training and exercises to a growing number of cyber units. In order to be valuable, the exercise experience must feel realistic. This report introduces a design framework for cyber warfare exercises called Realistic-Environment, Adversary, Communications, Tactics, and Roles (R-EACTR). The R-EACTR framework places realism at the forefront of every cyber warfare exercise design decision. This report also describes challenges involved in creating military cyber exercises, a framework for building realism into each aspect of the exercise, and a case study of one exercise where the framework was successfully employed.
Download the technical report.

2017 Emerging Technology Domains Risk Survey by Dan J. Klinedinst, Joel Land, Kyle O'Meara

In today's increasingly interconnected world, the information security community must be prepared to address emerging vulnerabilities that may arise from new technology domains. Understanding trends and emerging technologies can help information security professionals, leaders of organizations, and others interested in information security to anticipate and prepare for such vulnerabilities. This report, originally prepared in 2015 for the Department of Homeland Security United States Computer Emergency Readiness Team (US-CERT), provides a snapshot in time of the current understanding of future technologies. This report also helps US-CERT make an informed decision about the best areas to focus resources for identifying new vulnerabilities, promoting good security practices, and increasing understanding of systemic vulnerability risk.
Download the technical report.

DNS Blocking to Disrupt Malware
by Vijay S. Sarvepalli

For some time now, the cyber world has been under attack by a diffused set of enemies who improvise their own tools in many different varieties and hide them where they can do much damage. In this podcast, CERT researcher Vijay Sarvepalli explores Domain Name System or DNS blocking, the idea of disrupting communications from malicious code such as ransomware that is used to lock up your digital assets, or data-exfiltration software that is used to steal your digital data. DNS blocking ensures a wide impact while avoiding the complexity of having to install or instrument every device in your enterprise. The key takeaway is to target a break in the chain of malware to minimize its effectiveness and the malicious code developer's intended success.
Download the podcast.

Best Practices: Network Border Protection
by Rachel Kartch

When it comes to network traffic, it's important to establish a filtering process that identifies and blocks potential cyberattacks, such as worms spreading ransomware and intruders exploiting vulnerabilities, while permitting the flow of legitimate traffic. In this podcast, the latest in a series on best practices for network security, Rachel Kartch explores best practices for network border protection at the Internet router and firewall. It is important to note that these recommendations are geared toward large organizations and government agencies and would not likely be appropriate for a home network or very small business network.
Download the podcast.

SEI Cyber Minute: Predictable, Scalable Artificial Intelligence
by James Edmondson

At the SEI, we are developing tools, techniques, and tutorials to help developers make autonomous systems that are dependable and predictable while preserving core system features and functionality that extend and complement human operators. Watch James Edmondson in this SEI Cyber Minute as he discusses predictable, scalable artificial intelligence.
View the SEI Cyber Minute.

Why does Software Cost so Much? Towards a Causal Model
by Robert W. Stoddard, Michael D. Konrad

The DoD needs to identify factors causing high software costs in order to enact new software policy and enable more informed negotiated pricing of contracted software. In this work, we use new data mining techniques to evaluate datasets representing about 60 unique cost factors and more than 15 cost relationships. From that evaluation, we are building an actionable, full causal model of software cost factors that is immediately useful to DoD programs and contract negotiators. This presentation details research to build an actionable, full causal model of software cost factors that is immediately useful to DoD programs and contract negotiators.
Download the presentation.

What will the Robot do Next?
by Jonathan Chu

The DoD, federal agencies, and industry are increasingly using robots in important tasks such as search and rescue operations. However, because robot behaviors can be hard to distinguish and understand, users mistrust and often abandon these very useful tools. In these projects, we are developing algorithms for robots to

• • automatically explain their behaviors to users to improve users' trust and assurance of them
  • proactively adapt their behavior during execution to enable users to accurately predict what the robot will do next

In this presentation Jonathan Chu discusses research to build algorithms that allow robots to explain their behaviors to users and adapt their behavior during execution to enable users to accurately predict what they will do next.
Download the presentation.

Technical Detection of Intended Violence against Self or Others by Tracy Cassidy

In support of the DoD mission and mandated insider threat program efforts, this project is determining the extent to which it is possible to technically detect indicators of employees who may be on a path to harm themselves and/or others within the workplace via insider threat detection tools. Project findings can also be used to drive technical requirements that advance the state-of-the-art in automated insider threat data collections and analysis tools. These advances will increase the efficacy and efficiency of DoD insider threat programs and ultimately improve DoD mission assurance.

In this presentation, Tracy Cassidy discusses research to use insider threat tools to detect indicators of employees who are may be on a path to harm themselves and/or others within the workplace.
Download the presentation.

Technical Debt Analysis through Software Analytics
by Ipek Ozkaya

In this work, we are developing tools that integrate data from multiple, commonly available sources to pinpoint problematic design decisions and quantify their consequences in a repeatable and reliable way for uncovering technical debt. Improving identification of such issues and quantifying effect on accumulating rework provides data to help DoD control lifecycle costs, mitigate technical risk, and reduce cycle times. In this presentation, Ipek Ozkaya discusses research to develop tools that pinpoint problematic design decisions and quantify their consequences for uncovering technical debt.
Download the presentation.

Additional Resources

View the latest SEI research in the SEI library.
View the latest installments in the SEI Podcast Series.
View the latest installments in the SEI Webinar Series.