http://sei.cmu.edu/feeds/tag/Updates on changes and additions to the SEI Blog for posts matching Cybersecurityen-usMon, 16 Jun 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/radio-frequency-101-can-you-really-hack-a-radio-signal/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRecent reports indicate the DoD is susceptible to radio frequency (RF) attacks. This post discusses common RF tools and ways malicious actors can attack systems.Roxxanne White, Michael BraggMon, 16 Jun 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/radio-frequency-101-can-you-really-hack-a-radio-signal/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurityInternet of Thingshttps://www.sei.cmu.edu/blog/the-essential-role-of-aisirt-in-flaw-and-vulnerability-management/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe SEI established the first Artificial Intelligence Security Incident Response Team (AISIRT) in 2023. This post discusses the role of AISIRT in coordinating flaws and vulnerabilities in AI systems.Lauren McIlvenny, Vijay SarvepalliWed, 26 Mar 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/the-essential-role-of-aisirt-in-flaw-and-vulnerability-management/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCERT/CC VulnerabilitiesCybersecurityAISIRThttps://www.sei.cmu.edu/blog/cyber-informed-machine-learning/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post proposes cyber-informed machine learning as a conceptual framework for emphasizing three types of explainability when ML is used for cybersecurity.Jeffrey Mellon, Clarence WorrellMon, 10 Feb 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/cyber-informed-machine-learning/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurityMachine LearningCybersecurity EngineeringAI Engineering and Machine Learninghttps://www.sei.cmu.edu/blog/3-activities-for-making-software-secure-by-design/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesUnderstanding key principles, roadblocks, and accelerators can shift the secure software development paradigm.Dr. Carol Woody, Robert SchielaTue, 05 Sep 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/3-activities-for-making-software-secure-by-design/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure DevelopmentCybersecurityhttps://www.sei.cmu.edu/blog/Using-Game-Theory-to-Advance-Cyber-Threat-Hunting/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post describes an effort to apply game theory to the development of algorithms suitable for informing a fully autonomous threat hunting capability and introduces the concept of chain games, a set of games in which threat hunting strategies can be evaluated and refined.Phil GroceMon, 24 Jul 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/Using-Game-Theory-to-Advance-Cyber-Threat-Hunting/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurityhttps://www.sei.cmu.edu/blog/process-and-technical-vulnerabilities-6-key-takeaways-from-a-chemical-plant-disaster/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWeak processes can be as risky as technical vulnerabilities. This post describes how both of them worsened a cyber attack on a chemical plant.Daniel KambicMon, 08 May 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/process-and-technical-vulnerabilities-6-key-takeaways-from-a-chemical-plant-disaster/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementOperational ResilienceResilience Management Model (RMM)CybersecurityCybersecurity ControlsEnterprise Risk and Resilience ManagementBest Practices in Network SecurityCritical Infrastructure Protectionhttps://www.sei.cmu.edu/blog/designing-great-challenges-for-cybersecurity-competitions/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post highlights the SEI’s experience developing cybersecurity challenges for the President’s Cup Cybersecurity Competition and general-purpose guidelines and best practices for developing effective challenges.Jarrett Booz, Josh Hammerstein, Matt KaarMon, 17 Apr 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/designing-great-challenges-for-cybersecurity-competitions/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurityCyber Workforce Developmenthttps://www.sei.cmu.edu/blog/the-benefits-of-cyber-assessment-training/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post discusses how cybersecurity assessments can help critical infrastructure organizations improve their cybersecurity with help from free assessment tools developed by the SEI and offered by the U.S. government.Rhonda Brown, Alexander PetrilliMon, 13 Mar 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/the-benefits-of-cyber-assessment-training/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurity EngineeringCyber Risk and Resilience ManagementCybersecurityCyber Workforce Developmenthttps://www.sei.cmu.edu/blog/2-approaches-to-risk-and-resilience-asset-based-and-service-based/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThere are benefits and challenges of the two approaches to risk and resilience management: one based on an organization’s assets and the other on its services.Emily ShawgoMon, 06 Feb 2023 00:00:00 -0500https://www.sei.cmu.edu/blog/2-approaches-to-risk-and-resilience-asset-based-and-service-based/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementOperational ResilienceResilience Management Model (RMM)CybersecurityEnterprise Risk and Resilience ManagementRiskCritical Infrastructure Protectionhttps://www.sei.cmu.edu/blog/six-dimensions-of-trust-in-autonomous-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post chronicles the adoption and growth of autonomous systems and provides six considerations for establishing trust.Paul NielsenWed, 20 Apr 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/six-dimensions-of-trust-in-autonomous-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSoftware AssuranceVulnerability DiscoveryDevopsArtificial Intelligence EngineeringMachine LearningCybersecurityAutonomy and Counter-AutonomySoftware and Information AssuranceHuman-Machine InteractionsArtificial IntelligenceDigital EngineeringCyber-Physical Systemshttps://www.sei.cmu.edu/blog/using-machine-learning-to-increase-the-fidelity-of-non-player-characters-in-training-simulations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesUse of machine-learning (ML) modeling and a suite of software tools to create decision-making preferences that make non-player characters (NPCs) more realistic in simulations.Dustin Updyke, Thomas Podnar, Geoffrey Dobson, John YargerMon, 11 Apr 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/using-machine-learning-to-increase-the-fidelity-of-non-player-characters-in-training-simulations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurityCyber Workforce Developmenthttps://www.sei.cmu.edu/blog/translating-the-risk-management-framework-for-nonfederal-organizations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.Emily Shawgo, Brian BenestelliMon, 23 Aug 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/translating-the-risk-management-framework-for-nonfederal-organizations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementCybersecurityCybersecurity ControlsEnterprise Risk and Resilience ManagementRiskhttps://www.sei.cmu.edu/blog/dns-over-https-3-strategies-for-enterprise-security-monitoring/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDNS over HTTPS (DoH) can impair enterprise network visibility and security by bypassing traditional DNS monitoring and protections. In this post, I'll provide enterprise defenders three strategies for security monitoring of DoH.Sean HutchisonMon, 09 Aug 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/dns-over-https-3-strategies-for-enterprise-security-monitoring/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Traffic Analysis Cybersecurity EngineeringCybersecurityBest Practices in Network Securityhttps://www.sei.cmu.edu/blog/generating-realistic-non-player-characters-for-training-cyberteams/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post describes efforts underway to improve the realism of non-player characters (NPCs) in training exercises with new software called ANIMATOR.Dustin Updyke, Tyler BrooksMon, 12 Apr 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/generating-realistic-non-player-characters-for-training-cyberteams/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurityCyber Workforce Developmenthttps://www.sei.cmu.edu/blog/six-key-cybersecurity-engineering-activities-for-building-a-cybersecurity-strategy/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post highlights the importance of cybersecurity strategy in designing and integrating technology for mission success under attack.Dr. Carol Woody, Rita CreelMon, 01 Feb 2021 00:00:00 -0500https://www.sei.cmu.edu/blog/six-key-cybersecurity-engineering-activities-for-building-a-cybersecurity-strategy/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurityhttps://www.sei.cmu.edu/blog/cat-and-mouse-age-net/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post explores evolving .NET threat landscape with challenges faced by red and blue teams and suggests ways to stay ahead of attackers.Brandon MarzikThu, 19 Nov 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/cat-and-mouse-age-net/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity VulnerabilitiesCERT/CCCybersecurityBest Practices in Network Securityhttps://www.sei.cmu.edu/blog/how-to-protect-your-high-value-assets/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post will outline the background of the federal High Value Asset (HVA) Program, explain the resources available to guide the securing of high value assets, and discuss ways to apply these resources to your own assets.Brian Benestelli, Emily ShawgoMon, 26 Oct 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/how-to-protect-your-high-value-assets/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurityBest Practices in Network Securityhttps://www.sei.cmu.edu/blog/is-your-organization-using-cybersecurity-analysis-effectively/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post explores how organizations can effectively use cybersecurity analysis and discusses the importance of an effective incident response plan.Angela HornemanMon, 31 Aug 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/is-your-organization-using-cybersecurity-analysis-effectively/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Situational AwarenessCybersecurityhttps://www.sei.cmu.edu/blog/could-blockchain-improve-the-cybersecurity-of-supply-chains/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesA September 2018 report to the President, Assessing and Strengthening the Manufacturing and Defense Industrial Base and Supply Chain Resiliency of the United States, raised concerns about cybersecurity....Eliezer KanalMon, 04 Nov 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/could-blockchain-improve-the-cybersecurity-of-supply-chains/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesBlockchainCybersecurityBest Practices in Network Securityhttps://www.sei.cmu.edu/blog/six-free-tools-for-creating-a-cyber-simulator/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIt can be hard for developers of cybersecurity training to create realistic simulations and training exercises when trainees are operating in closed (often classified) environments with no ability to connect to the Internet....Joseph MayesMon, 15 Apr 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/six-free-tools-for-creating-a-cyber-simulator/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurityCyber MissionsBest Practices in Network Security