DOD recommits to CMU software security center with $732M award |

DOD recommits to CMU software security center with $732M award

For more than 30 years the Software Engineering Institute has developed the science and technologies behind the software that defends the country in the real world and, increasingly, in cyberspace.

The Defense Department agreed Monday to fund the Carnegie Mellon University research center for at least five years for $732 million with the option to fund it for five additional years for $1 billion, according to federal contract documents.

The relatively new and rapidly developing field of cyberwarfare is “precisely the area where the federal government should invest a great deal in,” said Cedric Leighton, a retired Air Force colonel and former deputy training director at the National Security Agency.

In a field where advances can render accepted security practices obsolete overnight, the institute has a track record of staying at the leading edge, he said.

“The renewal of the DOD contract marries some of the best academic talent with the federal government’s efforts to secure our vital defense sector,” he said.

The Software Engineering Institute is the only federally funded research and development center focused specifically on software-related security and engineering issues.

“It is an honor for CMU to be selected to manage the government’s research and development center for software engineering and cybersecurity at such a critical time for this work,” university President Subra Suresh said Tuesday in a statement.

The institute has been the model for what academia can do for government in the cybersecurity field and has led innovation both in government practices and major research, said Brian Nussbaum, a cybersecurity professor at the University of Albany in New York.

“On both sides they’re a well-known and well-respected brand,” he said.

While the institute’s work with the Defense Department receives much of the attention, it has also played a key role with the FBI and other law enforcement investigating computer-related crimes, said Nussbaum, who is also a former intelligence analyst for New York’s Office of Counterterrorism.

“There’s a lot of value there,” he said. “CMU and SEI have had a big impact on the way in which the federal government frames and addresses cybersecurity issues, and I think it has been a positive (impact).”

The institute developed the first Computer Emergency Response Team, which responds to cyberattacks, said David Ries, a lawyer in the Pittsburgh office of the Detroit-based law firm Clark Hill PLC and a leading expert on cybersecurity at law firms. Consequently, it served as the model for CERTS that have been set up in several government agencies, including Homeland Security, he said.

“SEI and CERT are internationally recognized as being one of the leaders if not the leaders in their field,” Ries said.

The government needs the research and the expertise provided by the institute and other organizations because it has a hard time attracting and retaining the expertise it needs to protect the country, he said.

“It’s always easy for the attackers because they only have to find one thing wrong and the defenders have to defend everything,” Ries said.

The SEI employs 619 people in Pittsburgh and the Washington area, with most of its employees in Pittsburgh, said Richard Lynch, an institute spokesman.

Brian Bowling is a staff writer for Trib Total Media. Reach him at 412-325-4301 or [email protected].

TribLIVE commenting policy

You are solely responsible for your comments and by using you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.