Cisco Blogs

Cisco Blog > Security

“War, what is it good for” as a security metaphor?

I have a thing for metaphors. I wrote my dissertation on them. And they have helped me enormously as a non-engineer working in IT security.

Metaphors are powerful tools (that’s a metaphor, by the way). Literally referring to something as something else enables us to make mental connections between concepts that are not really the same. War and weapons have proven historically useful metaphors. In wartime, everything changes. We look at the situation, our opponents, and even ourselves very differently (I like the image of a noble warrior on the battlefield more than that of a guy who spends most of his day sitting and typing…)

But metaphors also cause trouble, especially when we use them to over-simplify. I am skeptical of “security as war” metaphors, including that of the arms race. The metaphor detracts from the very real threats of cyber- and information warfare. War doesn’t define security any more than war defines firearms. Unless we are specifically talking about threats from nation states (and a few other actors) using information technology as part of armed conflict, we are not talking about war. And this is not what we are usually talking about in information security.

Read More »

Tags: , , , ,

Cyberspace – What is it?

Today, the word “cyberspace” is used in many contexts, but it is not always clear what exactly that term describes and what it means. In this post we will compare the definitions of cyberspace from several sources with the purpose of establishing a range of notions as to what cyberspace is and to derive its ontology. Sources are relevant entities like national or regional government, standardization bodies, and dictionary.

The reason why the term “cyberspace” is chosen is that all other terms (e.g., cyber security, cybercrime, cyberwar, cyberterrorism, etc.) are based on, or derived from, cyberspace itself. Therefore, cyber security is security of cyberspace. Cybercrime is crime committed within cyberspace or where elements from/of cyberspace are used as a vehicle to commit a crime, and so on for other derived terms.

Read More »

Tags: ,

Who are these Cisco Security Intelligence Engineers?

Protecting data, resources, and assets, including audio-video (A/V) content and communications no matter where it resides or travels on Cisco-powered networks can be a daunting undertaking to say the least. People ultimately are responsible for making this happen. With this thought in mind, here are a few questions that frequently challenge someone with this type of responsibility:

  • How can one ensure that the confidentiality, integrity, and availability of the core network keeps pace with the introduction of new technologies, while managing the continuous stream of disclosures on existing product vulnerabilities and emerging threats?
  • What preemptive or corrective actions can one take to mitigate or remediate known or potential weaknesses in your network operations?
  • What trusted informational resources are available that we can apply in the design, operation and optimization of a secure network, and where can this information be found?

This article provides personal insight into a specialized role residing within Cisco’s Applied Intelligence team, a team which was highlighted in the Network World feature article (page 3), “Inside Cisco Security Intelligence Operations.” The role is that of the Security Intelligence Engineer (SIE), a role which focuses on researching and producing actionable intelligence, vulnerability analysis, and threat validation that typically leads to providing answers and solutions to the challenges posed by these questions.

Read More »

Tags: , , , ,

What is it Like to be a Cisco Security Analyst?

Security events, such as vulnerabilities and threats, that are detected globally continue to grow and evolve in scale, impact, diversity, and complexity. Compounded with this is the other side of the coin, the unreported or undetected events waiting in the wings, hovering below the radar in a stealthy state. With all of the security technologies at our disposal, are they sufficient enough to provide effective protection? Well, it is certainly a good start when applied correctly. At a summary level, Cisco’s Security Intelligence Operations (SIO) approach to this challenge was covered in the Network World feature article, “Inside Cisco Security Intelligence Operations.” However, one of the core human elements, which I will introduce, that deserves closer attention is the role of security analyst. In addition, this article provides those of you with career interests some additional insight into working in the IT security field.

Read More »

Tags: , , , , , , , , ,

A Word Of Thanks

I rarely blog, and when I do it’s almost always about an event, rather than a person. This entry is an exception in no small part to draw attention to a seminal moment, and an illustrious career of someone who is finishing one chapter and about to start another.

On March 9, 2012, the United States Federal Bureau of Investigations (FBI) announced its top cybersecurity leader would retire at month’s end. Shawn Henry, the FBI’s Executive Assistant Director (EAD), has been at the forefront of the FBI’s response to cybersecurity crimes and investigations for the past several years, albeit his career at the FBI spans multiple decades and his responsibilities are broader than just cyber.

EAD Henry helped establish the National Cyber Investigative Joint Task Force (NCIJTF) to mitigate and disrupt cyber attacks threatening national security in the US as well as other countries. He was instrumental in restructuring the Bureau’s cyber strategy and investigative programs, and recognized that his work in the United States alone would not be enough. He and his team reached out to national law enforcement agencies in Amsterdam, Romania and Estonia to make the necessary differences in those regions.

I was fortunate to work with EAD Henry during my time as a commissioner on the CSIS Commission on Cybersecurity for the 44th Presidency, at the National Cybersecurity Forensics Training Alliance (NCFTA), as well as on strategies and discussions to determine how we can make the Internet safer for all users.

As a leader, EAD Henry was quick to credit his team and not ever seek credit for himself. He built a bench at the Bureau that will carry the hard work into tomorrow. His influence spanned the public-private and law enforcement communities in the US and abroad, even if the mission was challenging.

The sacrifices he and his family made during his tenure were non-trivial; we all owe him, his family, and the women and men at the Bureau a debt of gratitude for their hard work. His understanding of the threat landscape, his passion and accomplishments, and his commitment to making the world a safer place has made him a hero to me – and one that will be missed at the FBI. That’s ok, though. He leaves a great team in place to take their next step, and he will be in the private sector still fighting the good fight, just from a different angle. And that’s good, because we need him to.

Tags: , ,