In our weekly review call for the Cisco Cyber Risk Report for March 26-April 1, 2012 we discussed the incident of the JetBlue mid-air emergency incident. The incident has been widely reported, but a short summary is that the pilot was reportedly acting irrationally, which caused the co-pilot to lock him out of the cockpit and led to the crew and passengers having to subdue him until the aircraft could be landed and authorities removed the pilot. While the investigation of this incident continues, there have also been several of these types of incidents. A review of the incident raised several security questions with us over the incident response policies and procedures.
During my 25-year career, I’ve been fortunate to work closely with some of the best and brightest, supporting government and enterprise customers around the world regardless of where I worked. These experiences have enabled me to meet with statesmen and CEOs, into open and closed-door meetings on “the Hill” and abroad, to serve as a member of the CSIS Commission on Cybersecurity, and participate on numerous think tanks, boards of directors, and advisory boards. I’ve worked and learned from leaders in private industry and global governments, the defense and intelligence communities, and I’ve always gotten after it with the goal of making a difference and producing positive results.
When Brad Boston asked for me to succeed him in leading the Cisco Global Government Solutions Group (GGSG) in addition to my role overseeing the Corporate Security Programs Organization (CSPO), I was humbled, honored, and excited. GGSG/CSPO is a great organization. Fortunately for Cisco, our customers, and me, Brad will remain nearby, focusing on our go-forward strategy for Satellite Solutions. This expanded role certainly ups the ante for me, yet it is not an altogether new one. As a member of GGSG senior staff since it was formed, and in my role leading Corporate Security during the past ten years, I’ve watched the organization grow and thrive.
In taking the helm, I will build on this team’s outstanding achievements in meeting the unique requirements of governments around the world. We’ll continue to address the challenges faced by global government agencies, defense and intelligence communities, and work to advise our public sector customers on the leading practices and technology solutions that can achieve and enhance their mission goals. In my ongoing role as Chief Security Officer, I’ll continue to oversee and work with my leadership team to drive initiatives focused on Information Security, Product Security and Government Security, with focus on crypto, advanced government services, and cybersecurity—in support of our customers.
My expanded leadership team and I recognize what a critical role we play for our global government customers. To all of you, rest assured, we will continue to strive to become your most-trustworthy vendor and a true partner—one that works hard to help enable your mission success, delivers on our commitments, and gives only our best.
The proliferation of devices that include computers in some form or another is on the rise. With the advent of the much heralded Internet-of-Things (IoT), the number of computerized devices will only become higher. And all of them will have to be maintained in some fashion. Maintained in a sense that we would like to install new features on them or upgrade them to fix existing problems in the currently running software. All of us using computers are aware of this maintenance and we (more or less) regularly patch our computers. However, extending this patching to other “non-standard” devices, such as appliances in our houses, may not be that easy. My previous post talked about the necessity to patch cars, and in this post we will examine what problems we may encounter along the way. Bear in mind that the previous post that focused on patching cars was just one example of the need for us to upgrade other devices. This discussion is applicable to many other devices we may have in or around our houses (e.g., smart gas meters, heating, air conditioning, etc.).
I rarely blog, and when I do it’s almost always about an event, rather than a person. This entry is an exception in no small part to draw attention to a seminal moment, and an illustrious career of someone who is finishing one chapter and about to start another.
On March 9, 2012, the United States Federal Bureau of Investigations (FBI) announced its top cybersecurity leader would retire at month’s end. Shawn Henry, the FBI’s Executive Assistant Director (EAD), has been at the forefront of the FBI’s response to cybersecurity crimes and investigations for the past several years, albeit his career at the FBI spans multiple decades and his responsibilities are broader than just cyber.
EAD Henry helped establish the National Cyber Investigative Joint Task Force (NCIJTF) to mitigate and disrupt cyber attacks threatening national security in the US as well as other countries. He was instrumental in restructuring the Bureau’s cyber strategy and investigative programs, and recognized that his work in the United States alone would not be enough. He and his team reached out to national law enforcement agencies in Amsterdam, Romania and Estonia to make the necessary differences in those regions.
I was fortunate to work with EAD Henry during my time as a commissioner on the CSIS Commission on Cybersecurity for the 44th Presidency, at the National Cybersecurity Forensics Training Alliance (NCFTA), as well as on strategies and discussions to determine how we can make the Internet safer for all users.
As a leader, EAD Henry was quick to credit his team and not ever seek credit for himself. He built a bench at the Bureau that will carry the hard work into tomorrow. His influence spanned the public-private and law enforcement communities in the US and abroad, even if the mission was challenging.
The sacrifices he and his family made during his tenure were non-trivial; we all owe him, his family, and the women and men at the Bureau a debt of gratitude for their hard work. His understanding of the threat landscape, his passion and accomplishments, and his commitment to making the world a safer place has made him a hero to me – and one that will be missed at the FBI. That’s ok, though. He leaves a great team in place to take their next step, and he will be in the private sector still fighting the good fight, just from a different angle. And that’s good, because we need him to.
This is an update to the original video/blog post Cisco Ironport Web Security Appliance Deployment on the Cisco Security Incident Response Team (CSIRT) deployment of the Web Security Appliance.
We have completed the global deployment at Cisco and wanted to share some experiences and feedback via the following video: