SEI Blog | Cyber Missions

SEI Blog | Cyber Missionshttp://sei.cmu.edu/feeds/tag/Updates on changes and additions to the SEI Blog for posts matching Cyber Missionsen-usMon, 02 Dec 2019 00:00:00 -0500Machine Learning in Cybersecurityhttps://www.sei.cmu.edu/blog/machine-learning-cybersecurity-2019/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesOur technical report provides an overview of the relevant parts of an ML lifecycle--selecting the right problem, the right data, and the right math and summarizing the model output for consumption--as well as questions that relate to those areas of focus.Jonathan SpringMon, 02 Dec 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/machine-learning-cybersecurity-2019/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceMachine LearningCyber MissionsManaging the Risks of Ransomwarehttps://www.sei.cmu.edu/blog/managing-the-risks-of-ransomware/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRansomware poses a growing threat to both businesses and government agencies. Though no strategy can fully eliminate these risks, this post provides recommendations....David Tobar, Jason FrickeFri, 11 Oct 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/managing-the-risks-of-ransomware/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Situational AwarenessCyber MissionsBest Practices in Network SecuritySituational AwarenessSix Free Tools for Creating a Cyber Simulatorhttps://www.sei.cmu.edu/blog/six-free-tools-for-creating-a-cyber-simulator/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIt can be hard for developers of cybersecurity training to create realistic simulations and training exercises when trainees are operating in closed (often classified) environments with no ability to connect to the Internet....Joseph MayesMon, 15 Apr 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/six-free-tools-for-creating-a-cyber-simulator/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurityCyber MissionsBest Practices in Network SecurityBusiness Email Compromise: Operation Wire Wire and New Attack Vectorshttps://www.sei.cmu.edu/blog/business-email-compromise-operation-wire-wire-and-new-attack-vectors/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn June 2018, Federal authorities announced a significant coordinated effort to disrupt business email compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals....Anne ConnellMon, 08 Apr 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/business-email-compromise-operation-wire-wire-and-new-attack-vectors/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMalwareCyber MissionsBest Practices in Network SecuritySocial EngineeringHow to Use Static Analysis to Enforce SEI CERT Coding Standards for IoT Applicationshttps://www.sei.cmu.edu/blog/how-to-use-static-analysis-to-enforce-sei-cert-coding-standards-for-iot-applications/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe Jeep hack, methods to hack ATMs, and even hacks to a casino's fish tank provide stark evidence of the risks associated with the Internet of Things (IoT)....David SvobodaMon, 01 Apr 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/how-to-use-static-analysis-to-enforce-sei-cert-coding-standards-for-iot-applications/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity-Related RequirementsSecure CodingCyber Risk and Resilience ManagementStatic AnalysisCybersecuritySecure DevelopmentCyber MissionsBest Practices in Network SecuritySecurely Connecting Africahttps://www.sei.cmu.edu/blog/securely-connecting-africa/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWhile the Internet has enabled modernization in parts of the developing world, it has also introduced new cybersecurity challenges....Vijay SarvepalliMon, 25 Mar 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/securely-connecting-africa/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCSIRTCyber MissionsCybersecurity Center DevelopmentUsing the SEI CERT Coding Standards to Improve Security of the Internet of Thingshttps://www.sei.cmu.edu/blog/using-the-sei-cert-coding-standards-to-improve-security-of-the-internet-of-things/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe Internet of Things (IoT) is insecure. The Jeep hack received a lot of publicity, and there are various ways to hack ATMs, with incidents occurring with increasing regularity....David SvobodaMon, 11 Feb 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/using-the-sei-cert-coding-standards-to-improve-security-of-the-internet-of-things/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity-Related RequirementsSecure CodingSecure DevelopmentCyber MissionsInternet of ThingsExpectations for Implementing DevOps in a Highly Regulated Environment: Second in a Serieshttps://www.sei.cmu.edu/blog/expectations-for-implementing-devops-in-a-highly-regulated-environment-second-in-a-series/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis second installment in the blog post series on implementing DevOps in highly regulated environments (HREs), which is excerpted from a recently published paper, discusses the first step in a DevOps assessment....José MoralesFri, 08 Feb 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/expectations-for-implementing-devops-in-a-highly-regulated-environment-second-in-a-series/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber MissionsDevopsHuman-Machine InteractionsMission AssuranceContinuous Deployment of CapabilityEvaluating Threat-Modeling Methods for Cyber-Physical Systemshttps://www.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAddressing cybersecurity for a complex system, especially for a cyber-physical system of systems (CPSoS), requires a strategic approach during the entire lifecycle of the system....Nataliya ShevchenkoMon, 04 Feb 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity-Related RequirementsOCTAVECyber Risk and Resilience ManagementNetwork Situational AwarenessEnterprise Risk and Resilience ManagementCyber MissionsThreat Modeling Best Practices in Network SecurityRiskCyber-Physical SystemsCritical Infrastructure ProtectionImproving Assessments for Cybersecurity Traininghttps://www.sei.cmu.edu/blog/improving-assessments-for-cybersecurity-training/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe CERT Cyber Workforce Development Directorate conducts training in cyber operations for the DoD and other government customers as part of its commitment to strengthen the nation's cybersecurity workforce....April GalyardtMon, 21 Jan 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/improving-assessments-for-cybersecurity-training/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber MissionsCybersecurityMachine LearningArtificial Intelligence EngineeringSCALe v. 3: Automated Classification and Advanced Prioritization of Static Analysis Alertshttps://www.sei.cmu.edu/blog/scale-v-3-automated-classification-and-advanced-prioritization-of-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesStatic analysis tools analyze code without executing it, to identify potential flaws in source code. These tools produce a large number of alerts with high false-positive rates that an engineer must....Lori Flynn, Ebonie McNeilMon, 17 Dec 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/scale-v-3-automated-classification-and-advanced-prioritization-of-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSCALE: A Static Analysis Auditing ToolSecure CodingStatic Analysis Classification and PrioritizationSecure DevelopmentCyber MissionsPath Finding in Malicious Binaries: First in a Serieshttps://www.sei.cmu.edu/blog/path-finding-in-malicious-binaries-first-in-a-series/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn a previous post, I discussed the Pharos Binary Analysis Framework and tools to support reverse engineering of binaries with a focus on malicious code analysis. Recall that Pharos is....Jeff GennariMon, 10 Dec 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/path-finding-in-malicious-binaries-first-in-a-series/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesReverse Engineering for Malware AnalysisMalware AnalysisCyber MissionsMalwareThreat Modeling: 12 Available Methodshttps://www.sei.cmu.edu/blog/threat-modeling-12-available-methods/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAlmost all software systems today face a variety of threats, and the number of threats grows as technology changes....Nataliya ShevchenkoMon, 03 Dec 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/threat-modeling-12-available-methods/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity-Related RequirementsOCTAVECyber Risk and Resilience ManagementNetwork Situational AwarenessEnterprise Risk and Resilience ManagementCyber MissionsThreat Modeling Best Practices in Network SecurityRiskCyber-Physical SystemsCritical Infrastructure ProtectionIPV6 Adoption: Is your ISP ready to support IPv6?https://www.sei.cmu.edu/blog/ipv6-adoption-is-your-isp-ready-to-support-ipv6/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post examines best practices for transitioning to IPv6 and presents points to help determine if your current ISP can support IPv6 ambitions.Joseph MayesMon, 22 Oct 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/ipv6-adoption-is-your-isp-ready-to-support-ipv6/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIPV6Cyber MissionsBest Practices in Network SecurityBest Practices in Network Traffic Analysis: Three Perspectiveshttps://www.sei.cmu.edu/blog/best-practices-in-network-traffic-analysis-three-perspectives/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn July of this year, a major overseas shipping company had its U.S. operations disrupted by a ransomware attack, one of the latest attacks to disrupt the daily operation of a major, multi-national organization....Angela Horneman, Timothy Shimeall, Timur SnokeMon, 08 Oct 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/best-practices-in-network-traffic-analysis-three-perspectives/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesHuman-Machine InteractionsCyber MissionsBest Practices in Network SecuritySCALe: A Tool for Managing Output from Static Analysis Toolshttps://www.sei.cmu.edu/blog/scale-a-tool-for-managing-output-from-static-analysis-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesExperience shows that most software contains code flaws that can lead to vulnerabilities. Static analysis tools used to identify potential vulnerabilities in source code produce....Lori FlynnMon, 24 Sep 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/scale-a-tool-for-managing-output-from-static-analysis-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure CodingSecure DevelopmentStatic Analysis Classification and PrioritizationCyber MissionsSCALE: A Static Analysis Auditing ToolEngaging the CSIRT Community: Cyber Capacity Building on a Global Scalehttps://www.sei.cmu.edu/blog/engaging-the-csirt-community-cyber-capacity-building-on-a-global-scale/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAt the 2018 World Economic Forum, global leaders voiced concerns about the growing trend of cyberattacks targeting critical infrastructure and strategic industrial sectors, citing fears of a worst-case scenario that could....Angel HuecaMon, 10 Sep 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/engaging-the-csirt-community-cyber-capacity-building-on-a-global-scale/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCSIRTCyber MissionsCybersecurity Center DevelopmentDecision-Making Factors for Selecting Application Security Testing Toolshttps://www.sei.cmu.edu/blog/decision-making-factors-for-selecting-application-security-testing-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn the first post in this series, I presented 10 types of application security testing (AST) tools and discussed when and how to use them....Tom ScanlonMon, 20 Aug 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/decision-making-factors-for-selecting-application-security-testing-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber MissionsCybersecuritySecure CodingSecurity-Related RequirementsSoftware and Information AssuranceTestingVulnerability AnalysisSecure DevelopmentIPv6 Adoption: 4 Questions and Answershttps://www.sei.cmu.edu/blog/ipv6-adoption-4-questions-and-answers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIPv6 deployment is on the rise. Google reported that as of July 14 2018, 23.94 percent of users accessed its site via IPv6, up 6.16 percent from that same date in 2017....Joseph MayesMon, 13 Aug 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/ipv6-adoption-4-questions-and-answers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesBest Practices in Network SecurityCyber MissionsSecure CodingSecurity-Related RequirementsIPV6Secure DevelopmentSecurity Begins at the Home Routerhttps://www.sei.cmu.edu/blog/security-begins-at-the-home-router/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn recent days, the VPNFilter malware has attracted attention, much of it in the wake of a May 25 public service announcement from the FBI, as well as a number of announcements from vendors and security companies....Vijay SarvepalliMon, 30 Jul 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/security-begins-at-the-home-router/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber MissionsMalware