If you’re in the information security biz, almost all your colleagues are probably converging in San Francisco today for the opening day of the RSA Security Conference. Cisco is there too. And today we had exciting news of our own, including the introduction of the Secure Borderless Network, the new Cisco AnyConnect Secure Mobility solution and the expansion of Cisco TrustSec.
We recently released the Cisco 2009 Annual Security Report. This is the most recent edition of our security report series, which was started in December of 2007 and now includes both annual and midyear reports. These documents primarily seek to do two things: to help you understand the threats and security events that existed during the report time frame, and to provide you with appropriate guidance on how we believe threats will evolve in the coming year.
I am not one who admires the pontification often performed by security experts and I assure you that any forward-looking guidance we write is intended solely to help you understand the emerging security threats. I believe in looking into the past with a critical eye and understanding how we could have done better.
With that in mind, the release of our 2009 annual report has reminded me to take a few minutes and review our past guidance, and naturally, evaluate our results.
Computer-based attacks are being leveraged by miscreants to gain a global economic and informational advantage over others. This is the message presented by ScanSafe’s 2009 Annual Global Threat Report, which was released last week. Over the course of 2009, ScanSafe, which was acquired by Cisco in December, 2009, monitored customer web traffic and blocked malicious content through its cloud-based security service. The results of their analysis uncovered some interesting points, the most widely reported being that 80% of exploits in 2009 were based on malicious PDF files. But the subtexts from the report regarding targeted theft and criminal exploitation deserve a deeper look.
On February 2, Dennis Blair, the new Director of National Intelligence, gave testimony alongside the heads of the CIA, FBI and Defense Intelligence Agency, to warn Congress that malicious cyberactivity is occurring on an unprecedented scale with extraordinary sophistication. With the ever-present threat of an attack on telecommunications and other networks, the U.S. government – and nations around the globe – must increase focus on cybersecurity and take certain action to ensure the safety and security of each nation’s infrastructure and its way of life.
The responsibility to protect a nation frequently requires private sector companies to do their part, and we at Cisco know this very well. I’m pleased to announce that Melissa Hathaway will serve as a senior security adviser for Cisco. Melissa is the former acting Senior Director for Cyberspace within the National Security Council for President Barack Obama’s administration. She is currently working in association with Harvard Kennedy School’s Belfer Center for Science and International Affairs as a senior adviser to its cyber security initiative, Project Minerva, a joint effort between the Department of Defense, Massachusetts Institute of Technology, and Harvard University. Melissa brings a wealth of knowledge and expertise to Cisco from her years of work in cybersecurity.
Sometimes there is a perceived need to perfectly fix a problem, and that need can be the enemy of incremental steps that can reduce a problem to an acceptable level. Let me illustrate this by making one of those physical-to-virtual analogies that never really seem to translate very well:
Saving the whales is a difficult task that we will probably never completely finish. We won’t turn the entire planet into a playground for whales, nor do we need to. But if we take steps to regulate the hunting of whales and to protect their food and environment, that may be all that is both possible and needed.
Similarly, we won’t ever completely stop online crime. Consider how that impacts the current view of IPS and signature-based detection methods. These methods often develop a bad reputation because they can be poorly implemented and evaded, and they don’t always detect or prevent all criminal activities.