By Douglas C. Schmidt
part of an ongoing effort to keep you informed about our latest work, I
would like to let you know about some recently published SEI technical
reports and notes. These reports highlight the latest work of SEI
technologists in malware analysis, acquisition strategies, network situational awareness, and resilience management (with three reports from this research area), incident management, and future architectures.
This post includes a listing of each report, author(s), and links where
the published reports can be accessed on the SEI website.
By Nader Mehravari
Senior Member of the Technical Staff
CERT Cyber Risk Management Team
October 2010, two packages from Yemen containing explosives were
discovered on U.S.-bound cargo planes of two of the largest worldwide
shipping companies, UPS and FedEx, according to reports by CNN and the Wall Street Journal.
The discovery highlighted a long-standing problem—securing
international cargo—and ushered in a new area of concern for such
entities as the United States Postal Inspection Service (USPIS) and the Universal Postal Union (UPU),
a specialized agency of the United Nations that regulates the postal
services of 192 member countries. In early 2012, the UPU and several
stakeholder organizations developed two standards to improve security in
the transport of international mail and to improve the security of
critical postal facilities. As with any new set of standards, however, a
mechanism was needed to enable implementation of the standards and
measure compliance to them. This blog post describes the method
developed by researchers in the CERT Division at Carnegie Mellon
University’s Software Engineering Institute, in conjunction with the
USPIS, to identify gaps in the security of international mail processing
centers and similar shipping and transportation processing facilities.