This week, Cisco provided comments on the Department of Commerce’s Bureau of Industry and Security (BIS) proposed cybersecurity regulations. These comments reflect the realities of how Cisco looks to protect both our customers and our products. They also emphasize the critical role that security researches, access to tools, and qualified talent have in cybersecurity.
Cisco has hundreds of dedicated security engineers and researchers throughout the company and around the globe, who use the latest and greatest tools and techniques to test our technology. We proactively attempt to break into our own products, our own services, and our own networks, in order to close identified weaknesses and vulnerabilities as soon as possible and to develop better protections against attack. Many of these same people are responsible for investigating reported vulnerabilities or compromises of our products and running these reports to ground with absolute certainty. In doing this, we have resolved countless bugs and vulnerabilities and continue to improve the security of our products with what we learn. Along the way we have discovered many interesting and creative adversaries and certainly learned that there are some very resourceful people out there.
This security function is critical to ensuring that we offer Trustworthy products and services to our customers and the downstream impact of this activity is huge. By working to identify as many vulnerabilities as possible internally, our products are more robust when they are deployed in our customer’s networks where in many cases they are a part of the lifeblood of a business, or even the Internet. We also use what we learn to inform improvements to the Cisco Secure Development Lifecycle that we use to manage risks associated with our technologies from inception through the end of life. We must remain vigilant and having access to research, technology, and qualified talent is paramount to our success.
We look forward to working with BIS to help revise the proposed rules in a way that balances the need we have to protect our products and our customers with the desire to regulate the export of weaponized software.
Cisco innovates in the industry’s largest product line
Cisco Unified Access is about converging wired and wireless networks to improve scale and quickly launch new services with new levels of security and compliance.
When Cisco launched the Catalyst 3850 and WLC 5760 Controller in January 2013, it stood alone in the market for truly converging Wired and Wireless networks. Over the course of the last 2.5 years, Cisco has progressively extended its lead with more platforms and features based on the revolutionary ASIC which makes this rich convergence possible. And just this month, Cisco delivered Multi-gigabit Ethernet (or mGig), which enables the move to higher Wireless speeds based on the IEEE 802.11ac Wave 2 standard. Let’s start by clearly articulating why the home-grown ASIC is so fundamental to successfully integrating Wired and Wireless networks in a seamless way.
The foundational ASIC which Cisco developed is called Unified Access Dataplane (UADP). It cost well over $150M, and took several years to develop and refine. It delivers Hardware performance with Software flexibility and comes with many unique innovations. The defining characteristic of this ASIC is the true full-featured convergence of Wired and Wireless traffic together with its flexible forwarding engine.
In an era of constant technological evolution, our utilization of different technologies, including mobile devices, has had massive impact on the financial services industry. As a result, the industry is facing major disruption as new technology translates into new ways of exchanging value (money). In fact, digital payment concepts are constantly developing, with technology advances changing the payment universe as we know it. Disruptive innovations, such as Apple Pay, continue to gain scaled acceptance globally. Contactless payment solutions could take us a step further towards getting rid of the security and convenience shortfalls of traditional credit and debit cards, but it’s important that a capable, secure network is put in place before digital payments can truly flourish.
The Changing Payments Landscape
The first official currency was introduced in Turkey in 600vBC and, around 1661 AD, coins evolved into bank notes. In 1946, the first credit card was introduced and since the start of this century technology advances have disrupted the world of money more than once. In 1999, European banks started offering mobile banking while in 2008, contactless payment cards were issued in the UK for the first time. Now, driven by mobile and Internet technologies, we are in the early stages of fundamentally changing how we perceive the concept of money. Financial control is no longer only in the hands of the financial industry. Today, entrepreneurial minds are connecting us to our (and others) money in new and innovative ways.
Smartphones and tablets have recently become common devices with 79.4 million U.S. consumers who shop online. According to (source) 51% of U.S. digital buyers are expected to make purchases using a mobile device. New services like Apple Pay and mobile payments (M-payments) are becoming increasingly common in financial services. The questions we must begin to consider are, who will be the key providers in the financial services market in the future and what sort of payment ecosystem will emerge? Read More »
In this environment of advanced threats along every point of the value chain, I’d like to talk about what it means for you, our customers and partners, to have supply chain security throughout the product lifecycle.
I’ve just finished a short video on this topic. I’d love to hear your feedback, insights and suggestions on securing the product supply chain.
Not long ago I was asked to attend a quarterly Board meeting of one of my healthcare clients and to present the recommendations of a Strategic Security Roadmap (SSR) exercise that my team and I had conducted for the organization. The meeting commenced sharply at 6am one weekday morning and I was allocated the last ten minutes to explain our recommendations and proposed structure for a revised Cybersecurity Management Program (CMP).
The client Director of Security and I waited patiently outside the Board Room while other board business was conducted inside. As is the case with many organizations, information security was not really taken seriously there, and the security team reported into IT way down the food chain, with no direct representation in the C Suite. The organization’s CMP had evolved over the years from anti-virus, patching and firewall management into other domains of the ISO27002 framework but was not complete or taken seriously by those at the top. Attempts at building out a holistic security program over the years had met with funding and staff resource constraints and Directors of Security had come and gone with nothing really changing. Read More »