Are we heading to a day of reckoning, where the forces of cyber crime overwhelm and erase the good things that information technology delivers? If we head down our current path of incremental, individualized approaches to cyber security, the answer is “Yes.” But I’m enough of an optimist to think that if the IT and security geeks and wonks of the world can unite, share information, work hard, and not worry about who gets the credit, we stand a fighting chance. Read More »
We’ve invested considerable time, effort, and money in the effort to make Cisco products robust enough for deployment as Trustworthy Systems, either in their own right or integrated into a complete solution. At its essence, attaining trustworthiness is a matter of discipline—a series of conscious actions to build products in the right way, certify their conformity to prevailing industry and customer-required standards, and keep a careful watch on the integrity of the product supply chain, from initial product concept through their integration and operation over a solution lifecycle. But the most important attribute of a trustworthy system is vendor transparency. I define this as a customer’s ability to ask a vendor any question and to receive a complete, honest answer in return.
Today, we are more interconnected than ever before. Not only do we use the Internet to stay connected, informed and engaged, but also we rely on it for all of our day-to-day needs. We rely heavily on the Internet for everything from submitting taxes, to applying for student loans, to following traffic signals, to even powering our homes.
Acknowledging the importance of cyber security, President Obama designated October as National Cyber Security Awareness Month to engage and educate public and private sector partners to raise awareness about cyber security and improve the resiliency of the nation in the event of a cyber incident.
Government and corporate leaders overwhelmingly identify cyber security and associated trust issues as one of their top IT concerns. Use of network-based technologies such as mobility, collaboration and virtualization are increasing, as are related threats. Securing business infrastructure and data relies on solutions and secure systems from “trusted” vendors, a relationship founded on the reputation of the vendor, its people, its processes and its technology.
Cisco is dedicated to protecting organizations from threats including malicious modification or substitution of technology, misuse of intellectual property, supply chain disruption and counterfeit products. As the most trustworthy vendor in the world, Cisco delivers architectures built on secure software and hardware that is backed by a highly secure supply chain. By providing trustworthy and assured network platforms, Cisco enables government organizations and enterprises to confidently secure their business infrastructure, data and information from attacks.
More and more, we ask technology to play critical roles in our businesses, and our lives. Pondering that for a moment, that dependance (versus use), requires careful thought on how much we trust that the technology is working as we want it, only as we want it, and nothing more. For many businesses or governments, testing via FIPS or Common Criteria increases that confidence level, combined with detailed operational plans to ensure running the services after they are installed is going correctly. For many technology vendors, innovation and commitment, can help here.
Our commitment at Cisco, and our innovation, for trustworthiness have never been stronger than they are today. Nearly 5 years ago, we started down a road which ultimately led to Cisco’s Secure Development Lifecycle (CSDL), and in our most recent FY12 SEC 10-K, acknowledged that work, our secure supply chain work, and our innovation efforts for Secure Boot and Anti-Tamper. For reference, that 10K, or 2012 Annual Report, is posted here: http://investor.cisco.com/
We foresaw the need for trustworthiness by listening to our customers, and we started early. Early results are in, and we’ve both reduced externally found security flaws, as well as increased the resiliency for multiple products anti-tamper. Have we done it on every product? Not yet, although rest assured, that’s exactly where we are going. I’ll keep you posted.
What a week! From October 31-November 3, Cisco hosted its annual internal security event—SecCon 2011. Co-hosted by Greg Akers, SVP of Cisco’s Global Government Solutions Group and Ed Paradise, Vice President of Engineering, this marked the fourth year in which we shared the latest in product security practices, policies, processes, and thought leadership with employees who participated in live and virtual sessions around the world.