America has long depended on its critical infrastructures for the delivery of services vital to its defense, prosperity, safety and well-being. The need for the owners and operators of these infrastructures to plan against and respond to service disruptions, caused by either technical failures or natural disasters, has existed for as long as there have been electric power plants, gas and oil pipelines, telecommunications networks, railroads, banks and financial institutions.
As these infrastructure providers migrate their control systems onto information networks and the internet, our nation's infrastructures are being wired together into an ever-expanding digital nervous system. The benefits of all this have been enormous in terms of competitiveness, efficiency, and quality of service. But these benefits do not come without risks. Increasing technology has expanded the number of ways system failures can occur. More importantly, cyber tools are readily available to individuals or groups to attack and disrupt our infrastructures, whether for fun, profit, revenge, or for political/strategic gain.
It is important to note that critical infrastructure assurance is not just about security or privacy. Nor is it either cyber or physical. Its overriding purpose is to assure the delivery of critical services to citizens and customers. However, the effort is further complicated by the fact that incidents that immediately affect services from one sector can have an amplifying, cascading impact upon other dependant infrastructures. The effort to secure these critical services is daunting and complex, but crucial to protecting the infrastructures upon which our society depends for its safety and well-being.
The government recognizes this important need to secure and protect the nation's critical infrastructures, but since the private sector owns and operates about 85 percent of them, the government cannot defend them alone. Furthermore, since industry depends on these infrastructures for their economic interests, there is a compelling business case for participation in the effort to secure these infrastructures. Therefore public-private partnerships between government, industry, and academia are necessary to ensure the reliable provision of the critical services upon which we all depend.
In 1998 Presidential Decision Directive 63 (http://www.ciao.gov/resource/paper598.html) originally presented a call to action to assure the continuity and viability of the critical infrastructure sectors. The National Strategy for Homeland Security, (http://www.whitehouse.gov/homeland/book/index.html) released in July 2002, reiterated the need for public-private partnership. Rather than impose new regulations, the federal government acknowledged the need for collaboration in the areas of research and development, workforce development, incident response coordination, awareness and education, and policy development.
In response to the original call for partnership, Cisco created the Critical Infrastructure Assurance Group, or CIAG, (http://www.cisco.com/security_services/ciag/index.htm) to do our part to help both government and the industry sectors in assuring the delivery of critical services. Over the last four years, we have developed five program areas we believe are key to success in this area.
- CIP Awareness
- Education
- Incident Response
- Research
- Training
In the short term, we're raising awareness of critical infrastructure assurance and helping to coordinate responses to incidents, to spread the word and assist where we can with countermeasures, best practices, and solutions. In the long term, we are helping close the network security “skills gap” by working with colleges and universities, Cisco's Networking Academies, our commercial learning partners, and conducting internal and collaborative research in key infrastructure security technology areas.
Cisco is committed to working with governments, industry, and academia to raise the bar of security worldwide to ensure that the infrastructures on which we all depend remain available, relatively impervious to attack, and useful for everyone.
About the CIAG Communications and Awareness Program
As the worldwide leader in networking equipment, it is Cisco's responsibility to our customers and public and private sector partners to provide leadership in critical infrastructure assurance awareness education. By working with other businesses to actively support the Partnership for Critical Infrastructure Security , a nonprofit and private organization that provides a single forum for the government to interface with industry on critical infrastructure assurance issues, and through other singular efforts, we provide consistent messaging that builds public confidence in internetworking. This takes several forms, including the following:- Testifying before committees of Congress
- Speaking at conferences and symposia
- One-on-one and small group executive mentoring, patterned after the risk management community's Critical Infrastructure Assurance Series
- White letters and articles for specific publications and target audiences
About the CIAG Education Program
Cisco's
CIAG Education Program is committed to building strategic
relationships with the Centers of Academic Excellence in
Information Assurance Education (CAE/IAE) designated by the
National Security Agency (NSA) (http://www.nsa.gov/isso/programs/nietp/newspg1.htm)
as well as other universities contributing in the field of
Information Assurance. Our combined goal is to increase the
supply and quality of a skilled information security workforce.
To help achieve this goal the CIAG has developed the following
programs to support Information Assurance (IA) education:
-
Equipment Donation
This program is designed to further enhance the research and education of undergraduate and graduate students in the field of IA. Each grant will be for Cisco equipment to be used in IA student research and education. -
Scholarships
CIAG will award eight, one time $2500 scholarships on an annual basis to students who are making a significant contribution in the field of InfoSec/IA. These scholarships are available for both undergrad and graduate students. -
Guest lecturers/adjunct professors
Through this program Cisco employees can share their vast knowledge with students and give them a real world perspective on today's InfoSec/IA environment. -
Internships
The CIAG will work with Cisco hiring managers and University Relations to locate and place quality student into IA internship openings within Cisco business units. -
Syllabus coordination
Working with the various departments within Cisco, CIAG can provide academia with relevant courseware and world-class training environments.
About the CIAG Incident Response Program
Cisco's CIAG Incident Response Support team performs the role of an information intermediary for the Information Sharing and Analysis Centers (ISACs) and other external organizations. These ISACs distribute information to members about security threats, vulnerabilities, incidents, countermeasures, and best practices. The CIAG supplements the current relationship between the ISACs and Cisco's response groups such as the Product Security Incident Response Team (PSIRT) by collecting, filtering, and disseminating the information delivered by the ISACs to its members. To facilitate timely communication regarding incidents, both internally and with ISACs and other external organizations, the CIAG developed the Cross-ISAC Rapid Communication Architecture (CIRCA).
About the CIAG Research Program
Cisco's CIAG Research Program seeks to identify technologies to research that broadly improve critical infrastructure assurance. Research may be supported in a variety of ways: equipment donation, direct financial support, CIAG research engineer support, or assistance transitioning technology. The CIAG research program is not an extension of Cisco's extensive internal research and development activities. CIAG research determines initiatives to support on the basis of their relevance to critical infrastructure protection not Cisco product requirements.
About the CIAG Training Program
The CIAG training program at Cisco seeks to assist in improving the skills and knowledge level of government and industry information assurance workers to help them better secure critical infrastructures. CIAG training projects include mapping Cisco security curriculum to federal training standards, creating learning products for critical infrastructure operators, and providing industry input to federal training standards bodies.
Cisco is in a unique position to assist in improving information assurance training. The company has developed a very capable infrastructure to support education and training on networking technology and Cisco products in multiple delivery media. CIAG training seeks to offer this expertise to government and industry partners.
Current Cisco, CIAG and CERIAS collaboration efforts
- Research: CIAG
Research Grant for "Lightweight Software-only Anomaly Technique
to Identify Pervasive Network Problems" including security events
(such as intrusions and denial of service attacks) that could be
deployed on general-purpose routing platforms and that require
minimal CPU/memory. Professors Carla Brodley and Catherine
Rosenberg are the principal investigators for this project. CIAG
Research sponsors selected research projects at various academic
institutions with potential critical infrastructure protection
applications.
- Curriculum
Development: CIAG education and training have been actively
working with Melissa Dark of CERIAS on the development of the
“Information Assurance Education Graduate
Certificate Program.” Cisco Systems served as industry
advisors on the development of the curriculum.
-
Scholarships: Recently Cisco has donated $40,000 for 4
scholarships for students at Purdue.
- Training: Cisco's security training curriculum is now mapped to the Committee on National Security Standards (CNSS) 4011 standard. The NSA Information Assurance Courseware Evaluation program has determined that Cisco's security curriculum parallels specific elements of CNSS (NSTISSI) 4011, the National Training Standard for Information Systems Security Professionals. (http://www.nstissc.gov/Assets/pdf/4011.pdf)
About Cisco Systems
Cisco Systems, Inc. is the worldwide leader in networking for the Internet. Cisco's Internet Protocol-based (IP) networking solutions are the foundation of the Internet and most corporate, education, and government networks around the world. Cisco provides the broadest line of solutions for transporting data, voice and video within buildings, across campuses, or around the world.
Today, the Internet and computer networking are an essential part of business, learning and personal communications and entertainment. Virtually all messages or transactions passing over the Internet are carried quickly and securely through Cisco equipment. Cisco solutions ensure that networks both public and private operate with maximum performance, security, and flexibility. In addition, Cisco solutions are the basis for most large, complex networks used by corporations, public institutions, telecommunication companies, and are found in a growing number of medium-sized commercial enterprises.
Cisco was founded in 1984 by a group of computer scientists from Stanford University. Since the company's inception, Cisco engineers have been prominent in advancing the development of IP- the basic language to communicate over the Internet and in private networks. The company's tradition of innovation continues today with Cisco creating leading products and key technologies that will make the Internet more useful and dynamic in the years ahead. These technologies include: advanced routing and switching, voice and video over IP, optical networking, wireless, storage networking, security, broadband, and content networking.
In addition to technology and product leadership, Cisco is recognized as an innovator in how business is conducted. The company has been a pioneer in using the Internet to provide customer support, sell products, offer training, and manage finances. Drawing upon the company's own Internet best practices and core-value of customer focus, Cisco has established the Internet Business Solutions Group (IBSG) dedicated to helping top business leaders transform their own businesses into e-businesses.
As a company, Cisco operates on core values of customer focus and corporate citizenship. The company's philanthropic efforts are committed to helping communities prosper while also encouraging Cisco employees to learn about the needs of the communities where Cisco operates. Also, to help bolster education around the world, the company has founded Cisco Networking Academies in 128 countries dedicated to teaching students to design, build, and maintain computer networks.
Cisco Systems (Nasdaq: CSCO - News) is the worldwide
leader in networking for the Internet. Cisco news and information
are available at http://www.cisco.com.
For more information regarding CIAG please visit our website at www.cisco.com/security_services/ciag
