Cisco Folds Security Research Group

Cisco's Critical Infrastructure Assurance Group (CIAG) restructured

An internal security research group within Cisco was quietly shuttered over the past few days as part of a restructuring effort.

The group is part of Cisco's Critical Infrastructure Assurance Group (CIAG), which is focused on improving the security of global critical infrastructure with research, training, education, best practices, and standards development. Cisco has not publicly announced the move.

"CIAG as a whole still exists and remains an integral part of the company," a Cisco spokesperson said today. "Cisco continually reviews its operations as a normal course of business to achieve the greatest focus on growth opportunities, customer satisfaction, and productivity gains. As this occurs, we evaluate resources to ensure that they are aligned with the highest priority work that addresses our customers’ needs."

Research projects within the CIAG were on hold as if this posting, according to sources close to Cisco. And it was unclear what ultimately would happen to some of these efforts, which include SCADA security research, a honeynet for SCADA systems, Internet DNS scanning, study of "collateral damage" on network devices from malware attacks, a VOIP threat study, and the Common Vulnerability Scoring System (CVSS).

The CIAG research group had developed some key security tools, such as SMART -- a network flow visualization tool for SCADA systems -- and some BGP and TCP hacking tools to test for network security vulnerabilities, according to its Website.

Speculation was swirling today as to whether Cisco would reassign the displaced CIAG researchers elsewhere in the company. Either way, it doesn't appear that the group will remain intact: Dale Peterson, founder and director of the SCADA Security Practice at Digital Bond, said in a recent blog posting that some of the CIAG researchers are now looking for SCADA security work.

"This is not a huge surprise, because Cisco never cared or did much with the results from this group, likely because the control system market is too small for Cisco," he wrote about the CIAG restructuring.

Cisco would not disclose the number of employees affected by the restructuring, but said they would be given the opportunity "to pursue other available opportunities within or outside of Cisco, and are being provided career resources with which to do so," the Cisco spokesperson said.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights