Cyber Technology and...

Cyber Technology and Information Security Laboratory (CTISL)

A new generation of cyber warriors has suited up for battle and is targeting U.S. interests. GTRI is a leader in developing the technologies that secure, defend, and respond to threats within our country’s information, distribution, and network systems on the virtual battlefield. GTRI experts are tackling tough security issues within military and non-military networks, developing new tools and methods for securing information, educating and increasing awareness in the cyber domain, and applying leading technologies in network design to keep us safe now — and in the future.

The Cyber Technology and Information Security Laboratory (CTISL) conducts applied research focused on cyber threats and countermeasures, secure multi-level information sharing, resilient command and control network architectures, reverse engineering, information operations and exploitation, high performance computing, and data analytics. CTISL engineers develop and apply cutting-edge technologies in computing, network architectures, signal and protocol analysis, network forensics, malware analysis, open source threat information collection and correlation, insider threat detection and mitigation, hardware and software reverse engineering, and advanced analytics to solve the toughest problems of the times. CTISL brings this knowledge to the classroom by providing professional education offerings across the cyber landscape.

CTISL has six strategic thrusts:

  • Reverse Engineering, Vulnerability Identification, and Exploitation
  • Resilient Network Systems Engineering
  • Malicious Software Analysis, Threat Intelligence and Penetration Testing
  • High Performance Computing and Analytics
  • Multi-Level, Secure Software Systems and Collaboration Tools
  • Professional Education, Outreach, and Awareness

Reverse Engineering, Vulnerability Identification, and Exploitation

CTISL's Network Vulnerability Division (NVD) concentrates on exploitation and reconstruction of information in the form of signals, communication protocols, and application and embedded binaries. NVD engineers determine hardware and software vulnerabilities and reconstruct signals to determine overt and covert methods of exploitation. Threat countermeasures span a wide range, from "conventional" radio frequency (RF) jamming/denial-of-service to offensive computer network operations tactics.

Providing support to the U.S. military for more than 20 years, NVD engineers are well-versed in assessing the operating capabilities and vulnerabilities of communications and routing equipment. The division also supports various other government agencies and industry sponsors in countering adversary information networks.

Resilient Network Systems Engineering

CTISL's Command and Control Mission Assurance Division (C2MA) concentrates on design and fielding of resilient information distribution systems. Cutting edge technologies, including secure network enclaves, virtualization, multi-level security, and adaptive quality of service management, are applied to construct joint command and control systems for combat operations. The division's solutions have been accredited, tested, and fielded for ground, air, and maritime operations centers. Many of these systems have been deployed around the globe for a variety of operations, such as the Haiti humanitarian relief effort.

Malicious Software Analysis, Threat Intelligence and Penetration Testing

CTISL’s Emerging Threats and Countermeasures (ETCM) Division performs research in the areas of malicious software analysis, network and media intelligence gathering, and unique clustering and analytic visualization tools to provide cyber situational awareness. ETCM has developed “Apiary" (formerly Titan) a repository of more than 23 million malware samples that provide to the community automated analysis and threat reporting. Leveraging the Apiary framework, other ETCM tools such as spear phishing utilize the intelligence data to perform sophisticated clustering and grouping to reveal hidden relationships. ETCM develops custom algorithms, frameworks, and visualizations to support the detection of targeted malware and other sophisticated threats. ETC also provides unique penetration testing services and consultation to help customers comprehensive information security programs.

High Performance Computing (HPC) and Analytics

The Innovative Computing Division (ICD) designs, develops, and applies HPC techniques to advance the field of parallel computing and to support ultra-fast analytics in support of “Big Data” problems, real-time deep packet inspection, insider threat detection, password cracking, and high speed relational mapping of feature sets. ICD has extensive experience with diverse aspects of high throughput computing systems, including GPU computing, massively parallel systems, high performance software libraries, middleware, compilers, low-level optimization, and platform design for diverse application domains including cryptanalysis, network analysis, signal processing, and more.

Multi-Level, Secure Software Systems and Collaboration Tools

CTISL's Secure Information Systems (SIS) Division concentrates on the design and development of secure real-world, multi-level information sharing applications. Both hardware and software design methodologies are combined to deliver information exchange solutions that pass the rigorous testing required to operate on the nation’s most secure networks. SIS solutions are nationally recognized within the government as state-of-the-art, affordable, secure, and scalable.

Professional Education, Outreach and Awareness

Although much hype exists about the threat of cyber attacks, many organizations still fail to understand the costs of data exfiltration, network disruptions, and other nefarious actions that may result from a cyber attack. Perimeter protection, although necessary, is not enough. CTISL is dedicated to “Equipping and Educating the Good Guys.” To that end, CTISL cyber security experts provide tailored educational opportunities, hacker competitions, emerging threat conferences, threat landscape reports, and other outreach activities. We believe that effective information security programs must first be grounded in education and training as threats become more and more sophisticated.