CRI provides the connection for information exchange to enable national advocacy, knowledge sharing, community organizing, training resources and local activities for the advancement of cyber resilience. Support us with your donations.
02/01/2023 – The Sports-ISAO will be standing up a Pop-up SOC for the U.S. Football event – The Superbowl
11/01/2022 – The Sports-ISAO will be standing up a Pop-up SOC for the FIFA-sponsored Men’s World Cup in Doha, Qatar.
01/09/2022 – The Sports-ISAO is gearing up for the 2022 Beijing Olympics.
09/22/2021 – Webmaster Martin Burrows will be presenting a paper at the 15th International Symposium for Olympic and Paralympic Research’s Committee
08/31/2021 – Wrapped up final reporting on the Tokyo Olympics
06/30/2021 – c-Market Toolkit consolidated on CRI Website. Go to the c-Market dropdown to access Toolkit links.
12/8/2020– CRI Board Member Jane Ginn has been honored by Oasis Open. Click on the following link to learn more Jane’s contributions and Oasis Open.
11/17/2020– The November Cybersecurity and Information Environment webinar is pleased to host the Cyber Resilience Institute’s (CRI) Doug DePeppe and Jane Ginn on November 17th at 3PM MST. Click on this link to register.
8/23/2020– Network Traffic Analysis and the ATT&CK Framework webinar recording available with Stephen H. Campbell.
8/20/2020 – Enroll now for the upcoming c-Watch Elections2020 training – It starts October 5th, 2020.
6/19/2020– Exciting news as the Cyber Resilience Institute partners with the National Cybersecurity Center on c-Watch Training.
5/26/2020– New posts in our blog section. Go and check it out!!
4/26/2020– Check out our research page for the latest in research concerning COVID-19 and cybersecurity.
Contact us to learn about our educational programs, research and potential partnerships.
Training is interdisciplinary across the domains of cyber intelligence, social media, and international cyberspace conflict. This enables students to develop cross-disciplinary knowledge and skills. The training is structured so that students with diverse backgrounds can participate in an interdisciplinary team. The course culminates in the Capstone where students concentrate on attaining knowledge along the intelligence continuum: Collection – Analysis – Sharing & Reporting.
This course is open to college age students, mid-career professionals or anyone who wants to learn Cyber Threat Intelligence. Bring your willingness to learn. You will get more out of it if you have some background in information technology, computer science, international affairs, geography, political science, history, journalism or a related field of study.
3 Week Intensive – Plus an Event-Driven Capstone.
Online with individual research; Team collaboration and threat hunting occurs on a distributed basis, coached by mentors.
Each Learner receives a user license and access to a repository of open source tools and is trained on tool usage, tradecraft, and cross-domain hunting using tools like: threat intelligence platform (TIP), social media tools, analytic frameworks, and collection management resources.
The program includes lectures on foundational knowledge, user training, tool orientation, hands-on scenarios and labs, and a live, experiential collection and analysis operation during the Capstone. There are three separate areas of focus: Social Media Threat Hunting, Cyber Observable Threat Hunting, and Cyber Policy.
Watch for the next c-Watch training by contacting us.
This online program allows you to learn at your own pace. You can join a working cohort of professionals building a world-class cyber defense force.
“Such an amazing program, I can’t describe how excited I became every day during the month of training on Cyber Threat Hunting….. I ended up loving it; the new tools and techniques we spent days and weeks learning and practicing were fantastic.”
During the summers of 2016 through 2022 the Cyber Resilience Institute ran Internship programs for graduate and undergraduate students in computer science, information technology, law, and international affairs. In 2020 we expanded to a mixed cohort of mid-career professionals and college students. Our ongoing operations aim to support skills upgrades in cyber threat intelligence.
The Internship is comprised of an intensive training program followed by a live-fire pop-up Security Operations Center (SOC) experience. Training is delivered on a virtual platform and students get hands-on practice with cyber threat hunting best practices on a threat intelligence platform. The pop-up SOC is scheduled around a global sports event like the Olympics or the FIFA World Cup.
Program Features in Summary
The c-Watch training
Has been organized by the Sports-ISAO program since 2016, and is administered by Cyber Resilience Institute, a 501(c)(3) not-for-profit entity.
Is comprised of accomplished undergraduate and graduate students and mid-career selected from leading universities and mid-career professionals to participate in this intensive three-week program.
Provides real world, real time, interdisciplinary cyber threat training across the domains of cyber intelligence, social media, and international cyberspace conflict using a wide spectrum of tools and techniques.
Enables students to develop cross-disciplinary knowledge and important critical thinking skills vital to threat hunting, cyber security and information sharing professionals.
Graduates of the c-Watch program are eligible to enter CrowdWatch, a national network of cyber c-Watch interns, whom we make available for a wide range of project work including staff augmentation and outsourced analytics. CrowdWatch provides participants compensation opportunities while they gain valuable real world-work experience. Our ultimate goal is to place CrowdWatch participants into full time paid internships and jobs.
2016 Summer Olympics
Monitored and reported Anonymous and Fancy Bear attacks
A Pop-up SOC hosted at a Colorado National Guard facility
Demonstration of public/private partnership operations and coordination with the FBI Field Office
Analysis and visualization of Mirai data sets
2017 IAAF World Championships
Over 20 Corporate Sponsors
College students from over 30 Universities
Collaboration via reporting to DHS
Fusion of Social Media and cyber attack data
Analysis of Grizzly Steppe data
2018 Winter Olympics
Discovery and tracking of the Olympic Destroyer Malware
Tracking of multiple influence operations
Identification of disinformation campaigns
2018 FIFA Men’s World Cup
Discovery of significant St. Petersburg-based Internet Research Agency (IRA) activity that has now been made public through indictments of Russian citizens and the recent reports to the US Senate Select Committee on Intelligence on social media influence operations by 28 countries and the IRA’s extensive and well-funded operation.
2019 FIFA Women’s World Cup
Ongoing monitoring of APT activities throughout the games; topics that generated attack traffic included gender pay inequality and LGBT rights.
During this operation it became much more clear to us how criminal gangs were using “free” video-streaming sites to lure victims to sites infected with malware. Once at the infected sites users were subjected to various ad click fraud schemes, botnet recruitment and other maliciousness.
Ad fraud is a multi-billion dollar criminal enterprise; our threat hunting documented the mechanics of several of the criminal gangs involved in this activity.
2020 COVID-19 Hack & Hype
The global novel coronavirus pandemic has caused public health and economic upheaval all around the world. Our Summer 2020 cohort focused on the hack and hype from threat actors and fraudsters.
Our findings were shared with the Global Health Crisis Coordination Center and other stakeholders.
2021 Tokyo Summer Olympics
Observed large-scale botnets deploying various types of malicious traffic targeting fans and spectators of the Olympics
Lures are aimed at people that want to watch “free” video streaming of the games
Windows and Android OSs targeted
2022 Beijing Winter Olympics
The hallmark of the Beijing Winter Olympics was the tight control of the athletes and participants due to the strict COVID-19 controls of the Chinese government. Mandatory testing, strict controls on physical movement and other measures made this a set of games like no other. Nonetheless, the athletes from around the world participated, as did the CrowdWatch defenders. Threat hunters identified multiple wide-scale fraudulent live streaming schemes with multiple access brokers recruiting vulnerable fans and online viewers directing them to infected websites. Crowdwatch defenders again reported on these observations to the various stakeholders of the Olympics and sports.
2022 Men’s World Cup
The first Men’s World Cup to be held in a middle eastern country was held in November and December of 2022. The Sports-ISAO worked with the Lithuanian-based think tank Debunk.org on this operation. This was groundbreaking in several ways. First, Debunk.org is one of the most accomplished and respected think tanks in the European Union that focuses on foreign information manipulation and influence (FIMI). Second, the two teams were testing the potential for using the DISARM Framework during the operation. Each operation brings the team more experience on deep source checking.
During each of our previous programs a wide range of speakers from many global corporations participated in the lecture series. This included representatives from Reprivata, Facebook, Target, Chevron, Symantec, TruSTAR, Dunami, InfoCyte and the Cyber Threat Intelligence Network, among others. Students were trained on the methods and models of cyber threat hunting with the intent of establishing a crowd-sourced cadre of cyber threat hunters skilled in understanding the trade craft and nomenclature.
Sucessful graduates from our programs are eligible to be nominated to our CrowdWatch cadre.
CrowdWatch participants possess superior critical thinking skills vital to threat hunting, cyber security, information sharing, and SOC professionals. Direct access to this highly qualified group offers cost savings to organizations requiring full time cyber professionals with real world work experience, or access to talent for contract-based, or project work. Our ultimate goal is to place CrowdWatch participants into full time paid internships and jobs.
This Toolkit, assembled for information sharing and analysis organizations (ISAOs) when building out their communities and used as a resource for our c-Watch training programs, provides resources for getting started organizing ISAOs.
ISAOs are for improving communications among and between key stakeholders and owners of critical infrastructure resources.
The Sports-ISAO is a program of the CRI. It is a member organization aimed at providing a secure, vetted forum for members of the sports community to discuss matters of cybersecurity. We welcome inquires from leagues, conferences, individual teams, sports team owners, athletes, and others affiliated with the sports community.
CRI builds strong cyber communities to protect members from cyber attackers. Like a neighborhood watch, it takes a sharing community and vigilance to thwart attackers.
Within the Sports-ISAO CRI engages communities in collective cyber defense.
Americans love their sports. By using sport, CRI is rallying communities to protect their athletes, facilities and event sponsors from cyber-attack.
The Sports ISAO is a cutting edge Public-Private Partnership that alerts members’ security teams of threats.
The Sports ISAO is changing the approach to cybersecurity. We improve cyber resilience one community at a time.
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
You must be logged in to post a comment.