By Kevin Fall
Deputy Director, Research, and CTO
Department of Defense (DoD) and other government agencies increasingly
rely on software and networked software systems. As one of over 40 federally funded research and development centers sponsored by the United States government, Carnegie Mellon University’s Software Engineering Institute (SEI)
is working to help the government acquire, design, produce, and evolve
software-reliant systems in an affordable and secure manner. The
quality, safety, reliability, and security of software and the
cyberspace it creates are major concerns for both embedded systems and
enterprise systems employed for information processing tasks in health
care, homeland security, intelligence, logistics, etc. Cybersecurity risks, a primary focus area of the SEI’s CERT Division, regularly appear in news media and have resulted in policy action at the highest levels of the US government (See Report to the President: Immediate Opportunities for Strengthening the Nation’s Cybersecurity
). This blog posting is the first in a series describing the SEI’s
five-year technical strategic plan, which aims to equip the government
with the best combination of thinking, technology, and methods to
address its software and cybersecurity challenges.
By Douglas C. Schmidt
launching the SEI blog two years ago, one of our top priorities was to
advance the scope and impact of SEI research and development projects,
while increasing the visibility of the work by SEI technologists who
staff these projects. After 114 posts, and 72,608 visits from readers of
our blog, this post reflects on some highlights from the last two years
and gives our readers a preview of posts to come.
First in a Series
By Bill Scherlis
Chief Technology Officer, Acting
The Department of Defense (DoD) has become deeply and fundamentally reliant on software. As a federally funded research and development center (FFRDC),
the SEI is chartered to work with the DoD to meet the challenges of
designing, producing, assuring, and evolving software-reliant systems in
an affordable and dependable manner. This blog post—the first in a
multi-part series—outlines key elements of the forthcoming SEI Strategic
Research Plan that addresses these challenges through research and
acquisition support and collaboration with DoD, other federal agencies,
industry, and academia.
By Troy Townsend,
SEI Emerging Technology Center
The majority of research in cyber security focuses on incident response or network defense, either trying to keep the bad guys out or facilitating the isolation and clean-up when a computer is compromised. It’s hard to find a technology website that’s not touting articles on fielding better firewalls, patching operating systems, updating anti-virus signatures, and a slew of other technologies to help detect or block malicious actors from getting on your network. What’s missing from this picture is a proactive understanding of who the threats are and how they intend to use the cyber domain to get what they want. Our team of researchers—which included Andrew Mellinger, Melissa Ludwick, Jay McAllister, and Kate Ambrose Sereno—sought to help organizations bolster their cyber security posture by leveraging best practices in methodologies and technologies that provide a greater understanding of potential risks and threats in the cyber domain. This blog posting describes how we are approaching this challenge and what we have discovered thus far.
By Bjorn Andersson,
Senior Member of the Technical Staff
Research, Technology & System Solutions
Many DoD computing systems—particularly cyber-physical systems—are subject to stringent size, weight, and power requirements. The quantity of sensor readings and functionalities is also increasing, and their associated processing must fulfill real-time requirements. This situation motivates the need for computers with greater processing capacity. For example, to fulfill the requirements of nano-sized unmanned aerial vehicles (UAVs), developers must choose a computer platform that offers significant processing capacity and use its processing resources to meet its needs for autonomous surveillance missions. This blog post discusses these issues and highlights our research that addresses them.