GTRI

Cyber Technology and...

Cyber Technology and Information Security Laboratory (CTISL)

GTRI’s Cyber Technology and Information Security Laboratory (CTISL) is a leader in developing the technologies that secure, defend, and respond to threats within our country’s information, distribution, and network systems. CTISL provides high-impact solutions to some of today’s most challenging cybersecurity problems for both government and industry, while also developing far-reaching high-risk high-payoff cyber technologies to respond to future threats.

Research areas include cyber threats and countermeasures, secure multi-level information sharing, resilient command and control network architectures, reverse engineering, information operations and exploitation, quantum computing and sensing, and data analytics. CTISL engineers develop and apply cutting-edge technologies in computing, network architectures, signal and protocol analysis, network forensics, malware analysis, open source threat information collection and correlation, insider threat detection and mitigation, hardware and software reverse engineering, and advanced analytics.

CTISL brings this knowledge to the classroom by providing professional education offerings across the cyber landscape. CTISL engineers teach courses targeted at a range of audiences, from government program managers to industry executives to cybersecurity professionals. CTISL is also a critical part of many Georgia Tech campus interdisciplinary centers, most notably the Institute for Information Security & Privacy (IISP).

CTISL has six strategic thrusts:

  • Reverse Engineering, Vulnerability Identification, and Exploitation
  • Resilient Network Systems Engineering
  • Malicious Software Analysis, Threat Intelligence and Penetration Testing
  • Multi-Level, Secure Software Systems and Collaboration Tools
  • Quantum Computing and Quantum Sensing
  • Professional Education, Outreach, and Awareness

Embedded System Reverse Engineering, Vulnerability Discovery and Exploitation

CTISL's Network Vulnerability Division (NVD) is skilled in reverse engineering, vulnerability discovery, forensics analysis and exploit development and has supported government assessment programs for more than 25 years.  Red team activities often focus on vulnerability discovery and the development and demonstration of RF and network-based techniques to gain unauthorized access to and/or exploit information networks. These efforts identify weaknesses and help ensure that mitigations are effective. The division specializes in wireless and embedded devices such as radios, modems, routers and embedded controllers comprising various military and Industrial Control System (ICS) networks.  Research is also focused on developing innovative hardware oriented security and trust solutions to support needs in ICS and Internet of Things (IoT) communities.

Resilient Network Systems Engineering

CTISL's Command and Control Mission Assurance Division (C2MA) concentrates on design and fielding of resilient information management systems. Cutting edge technologies, including secure network enclaves, virtualization, multi-level security, and adaptive quality of service management, are applied to construct joint command and control systems for combat operations. The division's solutions have been accredited, tested, in multiple DoD operations centers. Many of these systems have been deployed around the globe for a variety of operations, such as the Haiti humanitarian relief effort.

Malicious Software Analysis, Threat Intelligence and Penetration Testing

CTISL’s Emerging Threats and Countermeasures (ETCM) Division performs research in the areas of malicious software analysis, software assurance, open source intelligence gathering, and unique clustering and analytic visualization tools to provide cyber situational awareness. ETCM has developed Apiary, a malware analysis tool containing a repository of more than 200 million malware samples that provides automated analysis and threat reporting capabilities to the information security community. Leveraging the Apiary framework, other ETCM tools utilize the intelligence data to perform sophisticated clustering and grouping to reveal hidden relationships. ETCM develops custom algorithms, frameworks, and visualizations to support the detection of targeted malware and other sophisticated threats. ETCM also provides unique penetration testing services and consultation to help customers develop and maintain comprehensive information security programs.

Multi-Level, Secure Software Systems and Collaboration Tools

CTISL's Secure Information Systems (SIS) Division concentrates on the design and development of secure real-world, multi-level information sharing applications. Both hardware and software design methodologies are combined to deliver information exchange solutions that pass the rigorous testing required to operate on the nation’s most secure networks. SIS solutions are nationally recognized within the government as state-of-the-art, affordable, secure, and scalable.

Quantum Computing and Quantum Sensors

CTISL’s Quantum Systems Division (QSD) investigates quantum computing systems based on individual trapped atomic ions and novel quantum sensor devices based on atomic systems. Sensors under investigation include chip-scale atomic magnetometers, atomic clocks, and cold-atom gyroscopes. QSD researchers collaborate with academic research groups and government and industry partners to develop integrated state-of-the-art technologies to support both fundamental research and fieldable quantum systems.

Professional Education, Outreach and Awareness

Although the threat of cyber attacks is often in the news, many organizations still fail to understand the costs of data exfiltration, network disruptions, and other nefarious actions that may result from a cyber attack. Perimeter protection, although necessary, is not enough. CTISL cybersecurity experts provide tailored educational opportunities, hacker competitions, emerging threat conferences, threat landscape reports, and other outreach activities. We believe that effective information security programs must first be grounded in education and training as threats become more and more sophisticated.