As we wrap up National Cybersecurity Awareness Month in the U.S., cybersecurity continues to be a top-of-mind issue for business, government and consumers alike. In February 2016, President Obama announced a Cybersecurity National Action Plan to improve the United States' cybersecurity posture. The non-partisan Commission on Enhancing National Cybersecurity was created and charged with making recommendations for actions that can be taken over the next decade to strengthen cybersecurity in both the U.S. public and private sectors.
The Commission has conducted a series of public forums in which they invited business, academic and government leaders to address cybersecurity issues. I was honored to be invited to provide testimony at a recent public meeting of the Commission. I focused my testimony on cybersecurity not as a standalone issue, but as an element of an intertwined platform of collaboration, function and security-a comprehensive security strategy.
A comprehensive security strategy demands an architecture that designs, deploys and monitors the right security in the right place at the right time. The key to doing so lies in addressing security across the value chain: the end-to-end lifecycle for hardware, software or services that deliver value.
I offered the Commission three foundational elements we apply at Cisco to build our value chain security strategy:
These foundational elements allow an enterprise (public or private) to build a flexible security architecture for the value chain. Layering physical and operational security with security technology and development can allow value chain members to effectively collaborate and drive comprehensive security. Inclusion of value chain security across the third-party ecosystem can serve to increase assurances of cybersecurity within the context of the broader security strategy programs of business and government alike.
In a connected world that demands a comprehensive approach to security, a public-private partnership is an essential element for our collective success. The Commission has completed its public hearings and is anticipated to make its recommendations to the President on December 1, 2016. Full statements of those invited to testify are available on the NIST site.
To learn more about Cisco's Value Chain Security Program, visit http://www.cisco.com/c/en/us/about/trust-transparency-center/built-in-security/value-chain-security.html.
Join the National Cyber Security Month conversation on Twitter @CiscoSecurity#CyberAware.