Cisco looks to be gearing up to take advantage of the Obama administration’s emphasis on cybersecurity and cooperation between the public and private sectors.
It has appointed former White House cybersecurity adviser Melissa Hathaway as consultant. She will help liaise with the federal government.
“We have the opportunity in Cisco to transform how we do defense, build up critical private and public networks, and improve information sharing among government and private networks,” said John Stewart, the networking giant’s chief security officer.
Working With the Feds
The government and private sectors have different approaches to security and implement security differently, Stewart said. Hathaway will help identify areas in Cisco’s product line that can be improved for presentation to government. “I’ll help translate some of the shortfalls that I saw while I was in the government into the different product lines you offer and the services you present,” she said.
Cisco will leverage its threat operations center and its security intelligence operations (SIO) to help it sell into the government. “With government, we’re in this constant share mode,” Stewart said. “We’re making sure our customers know what’s in their infrastructure that they may not be using, what’s in their capabilities they may not have used, and how they can use it.”
Security vendors and governments have to do more to share information, Stewart said. That’s a theme constantly being echoed by security experts.
“Almost every country is moving towards more technology dependencies,” Stewart said. “We have to figure out what the private sector can offer and what the public sector can do to help.”
It’s All About the Money
With Hathaway’s appointment, Cisco is taking what appears to be a stronger, lobbyist-style approach to getting government business, Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.
Cisco’s focusing on government business because it’s potentially a strong market. “There should be a large pool of money opening up there at some point,” Enderle pointed out. “The nation is poorly protected, and security organizations for some time have anticipated a massive attack that would likely result in a massive increase in spending.”
A possible increase in government spending may have been indicated by Dennis Blair, the U.S. Director of National Intelligence, in a presentation to Congress last week. Cyberattacks are becoming increasingly frequent and sophisticated, Blair said, and the public and private sectors must cooperate in order to protect the national cybersecurity infrastructure.
Cisco focuses on network security, mainly firewalls and network monitoring, and that appears to be tailor-made for selling into the government market. “Many of the attacks that have traditionally hit government sites, like denial of service attacks, can be mitigated by Cisco tools,” Enderle said.
Gotta Have the Skills
The federal government can improve its handling of cybersecurity by defining the skillsets its chief information security officers (CISOs) need to do their job properly. “In the federal government, we don’t have defined skills and abilities for CISOs,” Hathaway said. “There are no levels set, and that needs to be done.”
Government cybersecurity staff need to get more practical experience, she added. “We need to have further on-the-job training and real-life practical exercises where you have to deal with, for example, the Conficker worm in an exercise, or a DDOS attack against your agency,” she explained. “What would you do to deal with that, how would you communicate that to your agency, and how would your agency communicate that to your workforce, Congress, the authorities, and internationally?”
DDOS stands for distributed denial of service. It’s a form of attack wherein the victim’s Web servers are flooded with so many incoming requests that they are, effectively, frozen up. Conficker is a computer worm that can spread itself across computer networks automatically and continues to plague people online.
There is a lack of skilled security practitioners in the workforce, Stewart said. “We don’t have enough people that are skilled and fast,” he explained. Cisco will begin sponsoring some internship programs, and some educational institutions around the world are setting up programs as well. “Where the first generation of security practitioners learned on the fly, now it’s our obligation to get the next generation to learn that,” Stewart said.