http://www.darkreading.com/document.asp?doc_id=135924 By Kelly Jackson Higgins Senior Editor Dark Reading October 9, 2007 An internal security research group within Cisco was quietly shuttered over the past few days as part of a restructuring effort. The group is part of Cisco's Critical Infrastructure Assurance Group (CIAG), which is focused on improving the security of global critical infrastructure with research, training, education, best practices, and standards development. Cisco has not publicly announced the move. "CIAG as a whole still exists and remains an integral part of the company," a Cisco spokesman said today. "Cisco continually reviews its operations as a normal course of business to achieve the greatest focus on growth opportunities, customer satisfaction, and productivity gains. As this occurs, we evaluate resources to ensure that they are aligned with the highest priority work that addresses our customers needs." Research projectswithin the CIAG were on hold as if this posting, according to sources close to Cisco. And it was unclear what ultimately would happen to some of these efforts, which include SCADA security research, a honeynet for SCADA systems, Internet DNS scanning, study of "collateral damage" on network devices from malware attacks, a VOIP threat study, and the Common Vulnerability Scoring System (CVSS). The CIAG research group had developed some key security tools, such as SMART -- a network flow visualization tool for SCADA systems -- and some BGP and TCP hacking tools to test for network security vulnerabilities, according to its Website. Speculation was swirling today as to whether Cisco would reassign the displaced CIAG researchers elsewhere in the company. Either way, it doesn't appear that the group will remain intact: Dale Peterson, founder and director of the SCADA Security Practice at Digital Bond, said in a recent blog posting that some of the CIAG researchers are now looking for SCADA security work. "This is not a huge surprise, because Cisco never cared or did much with the results from this group, likely because the control system market is too small for Cisco," he wrote about the CIAG restructuring. The number of employees affected by the restructuring was not available from Cisco at the time of this posting. __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Tue Oct 09 2007 - 22:20:25 PDT