Developing and implementing measurable methodologies for improving the security and resilience of a national postal sector directly contribute to protecting public and postal personnel, assets, and revenues. Such methodologies also contribute to the security and resilience of the mode of transport used to carry mail and the protection of the global mail supply chain. Since 2011, the U.S. Postal Inspection Service (USPIS) has collaborated with the CERT Division at Carnegie Mellon University’s Software Engineering Institute to improve the resilience of selected U.S. Postal Service (USPS) products and services. The CERT Resilience Management Model (CERT-RMM) and its companion diagnostic methods served as the foundational tool for this collaboration.
This report includes one result of the USPIS/CERT collaboration. It is an extension of CERT-RMM to include a new mail-specific process area for the transportation of international mail. The purpose is to ensure that all international mail is transported in accordance with the standards established by the Universal Postal Union (UPU), which is the governing body that regulates the transportation of international mail.
Categories: Cyber Risk and Resilience Management
Julia Allen is a principal researcher within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Allen’s areas of interest include operational resilience, security governance, and measurement and analysis. Prior to this technical assignment, Allen served as acting director of the SEI for an interim period of six months as well as deputy director/chief operating officer for three years. Her degrees include a Bachelor’s of Science in Computer Science (University of Michigan) and a Master’s of Science degree in Electrical Engineering (University of Southern California). Allen is the author of The CERT Guide to System and Network Security Practices (Addison-Wesley 2001) and moderator for the CERT Podcast Series: Security for Business Leaders. She is a co-author of Software Security Engineering: A Guide for Project Managers (Addison-Wesley 2008) and CERT Resilience Management Model (RMM): A Maturity Model for Managing Operational Resilience (Addison-Wesley 2010).
Gregory Crabb is Inspector in Charge of Revenue, Product, and Global Security for the U.S. Postal Inspection Service. Greg manages a number of programmatic efforts for the Postal Inspection Service, including the investigation of cybercrime and revenue fraud. He also guides the development of secure U.S. Postal Service products. Greg leads Global Security for the Postal Service, including both global law enforcement liaison and security controls through forums such as Interpol and the Universal Postal Union.
Pamela Curtis is a Senior Researcher on the Resilient Enterprise Management Team in the CERT Program at the Software Engineering Institute. Curtis conducts analytical studies and investigations and develops models and assessments related to improving and measuring operational resilience. She has over 25 years of experience in the information technology domain as a systems analyst, programmer, process improvement team leader, technical communicator, and manager. Curtis holds a BA with a concentration in Management from Simmons College and an MS in Management Information Systems from Boston University.
Dr. Nader Mehravari is with the CERT® Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. His current areas of interest and research include operational resilience, protection and sustainment of critical infrastructure, preparedness planning, and associated risk management principles and practices. Nader was with Lockheed Martin from 1992 through 2011. In his most recent assignment, he was the Director for Business Resiliency. In this capacity, he led and oversaw all preparedness planning and associated governance and compliance activities. He was responsible for building and leading Lockheed Martin's resiliency program where he successfully implemented a modern, integrated, risk management based approach to disaster recovery, business continuity, pandemic planning, crisis management, emergency management, and workforce continuity for all of Lockheed Martin. Prior to Lockheed Martin, Nader was a distinguished member of the technical staff at AT&T Bell Laboratories, where he was involved with the design, development, and performance analysis of new telecommunications systems. Nader received his MS and PhD in Electrical Engineering from Cornell University and his BS in Electrical Engineering from George Washington University. He is currently an Adjunct Professor at Departments of Electrical and Computer Engineering of Cornell University and Syracuse University. He also currently serves as the chair of the Advisory Council for Cornell University's School of Electrical and Computer Engineering.