DOD recommits to CMU software security center with $732M award
For more than 30 years the Software Engineering Institute has developed the science and technologies behind the software that defends the country in the real world and, increasingly, in cyberspace.
The Defense Department agreed Monday to fund the Carnegie Mellon University research center for at least five years for $732 million with the option to fund it for five additional years for $1 billion, according to federal contract documents.
The relatively new and rapidly developing field of cyberwarfare is “precisely the area where the federal government should invest a great deal in,” said Cedric Leighton, a retired Air Force colonel and former deputy training director at the National Security Agency.
In a field where advances can render accepted security practices obsolete overnight, the institute has a track record of staying at the leading edge, he said.
“The renewal of the DOD contract marries some of the best academic talent with the federal government’s efforts to secure our vital defense sector,” he said.
The Software Engineering Institute is the only federally funded research and development center focused specifically on software-related security and engineering issues.
“It is an honor for CMU to be selected to manage the government’s research and development center for software engineering and cybersecurity at such a critical time for this work,” university President Subra Suresh said Tuesday in a statement.
The institute has been the model for what academia can do for government in the cybersecurity field and has led innovation both in government practices and major research, said Brian Nussbaum, a cybersecurity professor at the University of Albany in New York.
“On both sides they’re a well-known and well-respected brand,” he said.
While the institute’s work with the Defense Department receives much of the attention, it has also played a key role with the FBI and other law enforcement investigating computer-related crimes, said Nussbaum, who is also a former intelligence analyst for New York’s Office of Counterterrorism.
“There’s a lot of value there,” he said. “CMU and SEI have had a big impact on the way in which the federal government frames and addresses cybersecurity issues, and I think it has been a positive (impact).”
The institute developed the first Computer Emergency Response Team, which responds to cyberattacks, said David Ries, a lawyer in the Pittsburgh office of the Detroit-based law firm Clark Hill PLC and a leading expert on cybersecurity at law firms. Consequently, it served as the model for CERTS that have been set up in several government agencies, including Homeland Security, he said.
“SEI and CERT are internationally recognized as being one of the leaders if not the leaders in their field,” Ries said.
The government needs the research and the expertise provided by the institute and other organizations because it has a hard time attracting and retaining the expertise it needs to protect the country, he said.
“It’s always easy for the attackers because they only have to find one thing wrong and the defenders have to defend everything,” Ries said.
The SEI employs 619 people in Pittsburgh and the Washington area, with most of its employees in Pittsburgh, said Richard Lynch, an institute spokesman.
Brian Bowling is a staff writer for Trib Total Media. Reach him at 412-325-4301 or [email protected].