The topic of ICASI arises often when I visit customers or talk with folks from both inside and outside of the computer and telecommunications industries. They typically ask a variety of questions ranging from “What is this ICASI thing?” to “Which big vendors are involved?” to the frank but amusing “Really? Advancing the state of security on the Internet, eh?” Such questions are completely fair, and ones I’m happy to field anytime.
There is, however, a more fundamental question that I often do not get asked: Why is Cisco a member of ICASI?
Collaboration between product security teams across large vendors such as Cisco has taken place for many years. Historically, this collaboration has been built upon personal relationships that developed through interactions within the relatively small security community. These relationships worked, and through them we solved myriad tactical problems and protected many customers over the years. At today’s scale, however, we need more than person-to-person relationships if we are to remain successful, act strategically, and—most importantly—keep our customers protected. This is where the value of ICASI comes in for our company.
That is not to say that personal relationships don’t exist within ICASI—far from it—but rather that the consortium allows those existing relationships continue and yet enable new relationships to be added easily to the foundation of institutional trust. This institutional trust is one of the core principals of ICASI, and it facilitates open communication whether or not “the Cisco guy” has ever met “the Amazon guy” or the “the Microsoft guy.” Stepping beyond the boundaries of personal relationships allows us to move past the “I can ask my friend for a pointer” level and into the realm of “ICASI can help.” This allows Cisco and the other ICASImembers to collect more quickly broader perspectives and assemble rapidly cross-vendor, industry-leading talent to tackle the complex challenges at hand.
This foundation of trust and the associated rapid teambuilding to solve problems can be witnessed by looking at what ICASI has done since its inception. Outputs such at the Common Vulnerability Reporting Framework (CVRF) are prime and public examples. Internal activities, though, are thriving as well, with working groups actively collaborating around Security Automation standards, Incident Response best practices, and other invaluable efforts.
So, taking a step back, that often-unasked and yet fundamental question—“Why is Cisco a member of ICASI?”—can be answered in one, five-letter word: Trust.
Russ Smoak is Director and General Manager of Security Research and Operations for Cisco. He is currently President of the ICASI Board of Directors.