Welcome to CRI

Cyber Resilience for the
Whole-of-Society

CRI provides the connection for information exchange to enable national advocacy, knowledge sharing, community organizing, training resources and local activities for the advancement of cyber resilience. Support us with your donations.

Announcements

08/31/2021 – Wrapped up final reporting on the Tokyo Olympics

06/30/2021 – c-Market Toolkit consolidated on CRI Website. Go to the c-Market dropdown to access Toolkit links.

12/8/2020– CRI Board Member Jane Ginn has been honored by Oasis Open. Click on the following link to learn more Jane’s contributions and Oasis Open.

11/17/2020– The November Cybersecurity and Information Environment webinar is pleased to host the Cyber Resilience Institute’s (CRI) Doug DePeppe and Jane Ginn on November 17th at 3PM MST. Click on this link to register.

8/23/2020– Network Traffic Analysis and the ATT&CK Framework webinar recording available with Stephen H. Campbell.

8/22/2020 – Online content now available for free on cyber threat hunting models.

8/20/2020Enroll now for the upcoming c-Watch Elections2020 training – It starts October 5th, 2020.

6/19/2020– Exciting news as the Cyber Resilience Institute partners with the National Cybersecurity Center on c-Watch Training.

5/26/2020– New posts in our blog section. Go and check it out!!

4/26/2020– Check out our research page for the latest in research concerning COVID-19 and cybersecurity.

Contact us to learn about our educational programs, research and potential partnerships.

c-Watch Course

c-Watch Training

Training is interdisciplinary across the domains of cyber intelligence, social media, and international cyberspace conflict. This enables students to develop cross-disciplinary knowledge and skills. The training is structured so that students with diverse backgrounds can participate in an interdisciplinary team. The course culminates in the Capstone where students concentrate on attaining knowledge along the intelligence continuum: Collection – Analysis – Sharing & Reporting.

Training Overview

Prerequisites:There are no prerequisites for this course. This course is open to college age students, mid-career professionals or anyone who wants to learn Cyber Threat Intelligence. Bring your willingness to learn. You will get more out of it if you have some background in information technology, computer science, international affairs, geography, political science, history, journalism or a related field of study.
Course Length:3 Week Intensive – Plus an Event-Driven Capstone.
Delivery:Online with individual research; Team collaboration and threat hunting occurs on a distributed basis, coached by mentors.
Tools:Each Learner receives a user license and access to a repository of open source tools and is trained on tool usage, tradecraft, and cross-domain hunting using tools like:  threat intelligence platform (TIP), social media tools, analytic frameworks, and collection management resources.
Format:The program includes lectures on foundational knowledge, user training, tool orientation, hands-on scenarios and labs, and a live, experiential collection and analysis operation during the Capstone.  There are three separate areas of focus:  Social Media Threat Hunting, Cyber Observable Threat Hunting, and Cyber Policy.
Schedule:Watch for the c-Watch training prior to the winter games coming up in 2022

A sample of our course content is provided here.

This online program allows you to learn at your own pace.  You can join a working cohort of professionals building a world-class cyber defense force. 

“Such an amazing program, I can’t describe how excited I became every day during the month of training on Cyber Threat Hunting….. I ended up loving it; the new tools and techniques we spent days and weeks learning and practicing were fantastic.”

— Marcelle Licciardi – Summer2020 c-Watch Graduate

Contact us if you have questions!

c-Watch Accomplishments

During the summers of 2016 through 2020 the Cyber Resilience Institute ran  Internship programs for graduate and undergraduate students in computer science, information technology, law, and international affairs. In 2020 we expanded to a mixed cohort of mid-career professionals and college students. The Internship is comprised of an intensive training program followed by a live-fire pop-up Security Operations Center (SOC) experience. Training is delivered on a virtual platform and students get hands-on practice with cyber threat hunting best practices on a threat intelligence platform. The pop-up SOC is scheduled around a global sports event like the Olympics or the World Cup.

2017 Security Operations Center

Program Features in Summary

The c-Watch training

  • Has been organized by the Sports-ISAO program since 2016, and is administered by Cyber Resilience Institute, a 501(c)(3) not-for-profit entity.
  • Is comprised of accomplished undergraduate and graduate students and mid-career selected from leading universities and mid-career professionals to participate in this intensive three-week program. 
  • Provides real world, real time, interdisciplinary cyber threat training across the domains of cyber intelligence, social media, and international cyberspace conflict using a wide spectrum of tools and techniques.
  • Enables students to develop cross-disciplinary knowledge and important critical thinking skills vital to threat hunting, cyber security and information sharing professionals.

Graduates of the c-Watch program are eligible to enter CrowdWatch, a national network of cyber c-Watch interns, whom we make available for a wide range of project work including staff augmentation and outsourced analytics. CrowdWatch provides participants compensation opportunities while they gain valuable real world-work experience. Our ultimate goal is to place CrowdWatch participants into full time paid internships and jobs.

2016 Summer Olympics 

  • Monitored and reported Anonymous and Fancy Bear attacks
  • A Pop-up SOC hosted at a Colorado National Guard facility
  • Demonstration of public/private partnership operations and coordination with the FBI Field Office
  • Analysis and visualization of Mirai data sets

2017 IAAF World Championships

  • Over 20 Corporate Sponsors
  • College students from over 30 Universities
  • Collaboration via reporting to DHS
  • Fusion of Social Media and cyber attack data
  • Analysis of Grizzly Steppe data

2018 Winter Olympics

  • Discovery and tracking of the Olympic Destroyer Malware
  • Tracking of multiple influence operations
  • Identification of disinformation campaigns

2018 FIFA Men’s World Cup

  • Discovery of significant St. Petersburg-based Internet Research Agency (IRA) activity that has now been made public through indictments of Russian citizens and the recent reports to the US Senate Select Committee on Intelligence on social media influence operations by 28 countries and the IRA’s extensive and well-funded operation.

2019 FIFA Women’s World Cup

  • Ongoing monitoring of APT activities throughout the games; topics that generated attack traffic included gender pay inequality and LGBT rights. 
  • During this operation it became much more clear to us how criminal gangs were using “free” video-streaming sites to lure victims to sites infected with malware.  Once at the infected sites users were subjected to various ad click fraud schemes, botnet recruitment and other maliciousness. 
  • Ad fraud is a multi-billion dollar criminal enterprise; our threat hunting documented the mechanics of several of the criminal gangs involved in this activity.

2020 COVID-19 Hack & Hype

  • The global novel coronavirus pandemic has caused public health and economic upheaval all around the world. Our Summer 2020 cohort focused on the hack and hype from threat actors and fraudsters.
  • Our findings were shared with the Global Health Crisis Coordination Center and other stakeholders.

We are currently recruiting for the upcoming c-Watch Olympics 2022 training program.  Our objectives are to train the students on basic skills in cyber threat hunting using both a threat intelligence platform and social media threat hunting tools.

During each of our previous programs a wide range of speakers from many global corporations participated in the lecture series.  This included representatives from Reprivata, Facebook, Target, Chevron, Symantec, TruSTAR, Dunami, InfoCyte and the Cyber Threat Intelligence Network, among others.  Students were trained on the methods and models of cyber threat hunting with the intent of establishing a crowd-sourced cadre of cyber threat hunters skilled in understanding the trade craft and nomenclature.

Sucessful graduates from our programs are eligible to be nominated to our CrowdWatch cadre.

CrowdWatch participants possess superior critical thinking skills vital to threat hunting, cyber security, information sharing, and SOC professionals. Direct access to this highly qualified group offers cost savings to organizations requiring full time cyber professionals with real world work experience, or access to talent for contract-based, or project work. Our ultimate goal is to place CrowdWatch participants into full time paid internships and jobs.

Toolkit

This Toolkit, assembled for information sharing and analysis organizations (ISAOs) when building out their communities and used as a resource for our c-Watch training programs, provides resources for getting started organizing  ISAOs.

  ISAOs are for improving communications among and between key stakeholders and owners of critical infrastructure resources.

Getting Started

Community Building Handbook

Threat Intelligence Resources

 

Begin the Journey!