Critical Infrastructure Assurance Group (CIAG)

The critical infrastructure protection effort, shared across a diverse range of private and public entities worldwide, relies on information sharing and close cooperation among government, industry, and academia.

To address these needs, CIAG fosters collaboration among appropriate organizations to resolve issues and promote awareness of practices, policies, and standards for assuring the security of the world's critical infrastructures. The CIAG team of subject-matter experts serves as information-assurance and security advocates for a wide range of organizations throughout critical infrastructure sectors.

In collaboration with private industry, government organizations, industry associations, and standards bodies, CIAG helps develop and support effective practices, policies, and standards that guide critical infrastructure and homeland security initiatives.

Incident Response Support

Cisco supports incident response teams by proactively providing programs and services that:

• Facilitate reactive incident response
• Improve information sharing
• Increase awareness
• Participate in incident response forums or critical infrastructure protection organizations
• Help develop best practices, policies, and procedures.

Vulnerability Handling

• Read the 2004 National Infrastructure Advisory Council (NIAC) report and recommendations for Vulnerability Disclosure Framework (PDF - 300 KB)
• The Common Vulnerability Scoring System (CVSS) provides open and universally standard severity ratings of software vulnerabilities. View the Common Vulnerability Scoring System

Information Exchange

The Department of Homeland Security encouraged Information Sharing and Analysis Centers (ISACs) to allow critical sectors to share information and work together to help better protect the economy.

• Visit the DHS Information Sharing and Analysis Centers (ISAC) Website
• Visit the ISAC Council website
• Visit the Information Technology ISAC
• Visit the Communications ISAC

Communication methods

• Visit the Government Emergency Telecommunications Service and Wireless Priority Services website (GETS & WPS)
• Visit INOC DBA
• Visit Network Security Providers - NSP-Security

Partnership Efforts

CIAG supports a wide variety of industry associations and public private partnerships to address the issues facing critical infrastructure sectors. Cisco provides these working organizations with resources, leadership, and expertise in networking, security, and critical infrastructure protection. These associations and partnerships include:

• Forum of Incident Response and Security Teams (FIRST)
• National Cyber Security Alliance (NCSA)
• National Institute of Urban Search and Rescue
• American Gas Association
• National Emergency Number Association
• National Rural Electric Cooperative Association
• NC Infragard
• Partnership for Critical Infrastructure Security (PCIS)
• IT Sector Coordinating Council (ITSCC)
• International Center for Enterprise Preparedness (InterCEP)

Standards Activities

• The American National Standards Institute's Homeland Security Standards Panel (ANSI-HSSP) identifies existing consensus standards, or assist the Department of Homeland Security (DHS) to accelerate development and adoption of consensus standards critical to homeland security. Visit the ANSI HSSP - ANSI Homeland Security Standards Panel (ANSI HSSP)
• The Chemical Information Technology Council (ChemITC) of the American Chemistry Council (ACC) is a forum for companies in and associated with the ACC to address common IT issues and support the industry's ability to safely and efficiently deliver products essential to society.
• DHS Software Assurance initiative - "Build Security In" includes working groups that involve industry and academia, looking at best practices, education/awareness, standards, as well as formal assurance mechanisms to improve the quality and security of commercial software.
• DHS's 'Essential Body of Knowledge' (EBK) initiative intends to define workforce needs for IT security skills for both industry and government.
• ISO/IEC/ANSI 17024 is intended as a framework for certification bodies operating a certification program for persons and as the standard against which an accreditation body can accredit the certification body.

Additional Standards activity and research can be found here.