I had the pleasure of attending the inaugural signing of National Cybersecurity Excellence Partnership agreements yesterday. Key stakeholders in attendance included National Security Agency Director, General Keith Alexander, Senator Barbara Mikulski, Dr. Pat Gallagher of the National Institute of Standards and Technology (NIST), Maryland Governor Martin O’Malley, and several members of the Cisco team.
Established in 2012 through a partnership between NIST, the State of Maryland, and Montgomery County, the National Cybersecurity Center of Excellence (NCCoE) was conceived to advance innovation through the rapid identification, integration, and adoption of practical cybersecurity solutions. NCCoE collaborates with industry leaders through its National Cybersecurity Excellence Partnership (NCEP) initiative to develop real-world cybersecurity capabilities.
As a NCEP member and key collaborator, Cisco is dedicated to furthering the mission of securing cyberspace for all. As part of this ongoing commitment, Cisco has launched the Threat Response, Intelligence and Development organization, focusing key resources around cyber security, threat mitigation and network defense for our customers. Read a blog from our CSO John Stewart about this new organization and its charter here. Read More »
Tags: Cisco Security, cybersecurity, National Cybersecurity Center of Excellence, NCEP, NIST
Security is a tough nut that can’t be cracked by one alone—neither technology nor research, neither corporations nor start-ups, and neither products nor processes. None of these alone can crack the security nut. The most important part of the problem and solution is people! Nothing beats the efforts of few passionate people collaborating for a cause.
Never doubt that a small group of thoughtful, committed, citizens can change the world. Indeed, it is the only thing that ever has.”― Margaret Mead
Users groups began appearing in the mainframe days as a way to share hard earned knowledge and began to proliferate with the microcomputer revolution of the 1970’s and 1980’s. During this time, hobbyists sought to help each other with their homespun wisdom on programming-, configuration-, hardware- and software-related issues. Prior to the penetration of the Internet, these groups gladly provided free technical support and helped users discover the personal computer and aided in the adoption of the PC in a major way.
The emergence and participation of the general public in the use of the Internet and coincidental rise of operating systems like GNU/Linux as well as the open source movement was further intensified by user groups. Such groups found a new place online to discuss these tools via mailing lists, bulletin boards and more. Once run only by researchers and computer geeks, hardware and software was being made popular among the general public through user groups. Read More »
Tags: security, security advocacy
Wow! We just published our tenth bundle of Cisco IOS Software Security Advisories and what a ride it’s been!! Way back when in the fall of 2008 when we produced our first Cisco IOS Software Security Advisory bundle, we had no idea of the impact that this delivery format would have on us internally and, more importantly, on you – our customers!! The decision to deliver the biannual (on the fourth Wednesday of every March and September) Cisco IOS Software Security Advisory Bundled Publication brought with it many challenges, process changes, and—in the end—a format for Cisco Vulnerability Disclosure that we hope addresses at least some of your concerns. This format was modeled after the scheduled monthly release used by Microsoft for years, known affectionately as “Microsoft Tuesday” and based on requests we heard through discussions with many of our customers.
Read More »
Tags: Cisco Security Advisory, ios bundle, patch management, psirt, security
When we talk about using the network to gather threat intelligence on a global basis, the question arises: how does someone apply that intelligence to protecting their local IT infrastructure? The key lies in maintaining a high degree of situational awareness. This begins with understanding what you are trying protect and what might interfere with it. From there, you can distinguish between relevant and irrelevant intelligence, and then act to protect the things that matter from the threats that could harm them. Read More »
Tags: security, threat intelligence, threats, TRIAD
A couple of weeks ago, I announced a new name and a new mission for the group I lead at Cisco. I’ll do my best to minimize reader exposure to boring administrative details, but the long and the short of it is that the former Cisco Global Government Solutions Group (GGSG) has become the Cisco Threat Response, Intelligence, and Development (TRIAD) organization.
Any organizational name change is only a label placed on more fundamental transformations in missions, strategies, and desired outcomes. While the new organization will continue to serve government customers, the time has come to mobilize the expertise we have built up over the years to help critical infrastructure and enterprise customers strengthen their abilities to deliver IT-based services and value with minimal disturbance from unauthorized sources.
Vectoring the organization’s mission to threat is the key to understanding what TRIAD is all about. Through our work with Cisco customers, observation and analysis of phenomena visible in Cisco and customer networks, and application of innovative thinking about security practices and processes, we see enormous potential for developing and delivering threat-focused approaches to cyber security into products, services, and solutions. Read More »
Tags: Cisco CSO, Cisco Security, Cisco Threat Response-Intelligence-Development, cyber security, emerging threats, GGSG, security, TRIAD