Business Insider posted an article on May 19th, reporting that Cisco CEO and Chairman, John Chambers, had written a letter to President Obama, asking him to stop the NSA from inserting monitoring devices into Cisco equipment. :
The article included a copy of the letter, which is dated May 15th. The timing of the letter is curious. It says it is in response to photos which went viral last month after being published in Glenn Greenwald’s new book, “No Place to Hide”. The photos show NSA operatives in 2010 opening packages of Cisco equipment and inserting devices into the equipment.
Last week Cisco also released a quarterly earnings report, which showed orders were down in their developing nations region—Down 7% in the BRIC Region (Brazil, Russia, India, China) , and down 13% in Mexico. While the publication of the photos certainly can’t be helping Cisco’ sales in the developing nations, Chambers’ letter stops short of making any specific link between the photos and the quarterly results. Chambers does point out the negative impact of the agency’s actions:
“We simply cannot operate this way, our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security.”
He’s right—customers trust Cisco to produce and deliver products that are safe to use; but that’s Cisco’s job, not the government’s. By now it’s clear that the pursuit of national security has led the NSA to engage in practices that most people deem to be excessive and intrusive. The leaders of most of the largest technology companies have written similar letters on the subject. ( See: http://www.washingtonpost.com/business/technology/tech-executives-to-obama-nsa-spying-revelations-are-threatening-business/2013/12/17/6569b226-6734-11e3-a0b9-249bbb34602c_story.html). And as computer technology becomes even more ubiquitous with the coming IoT (Internet of Things), security of the equipment is becoming increasingly important.
Also this week, five Chinese military officials were charged with hacking into the computer systems in U. S. firms, to give competing Chinese companies an advantage. Catching the five people involved was a great example of how the government can help secure our information technology resources, but equipment manufacturers such as Cisco need to design and deliver stronger, safer, more secure products. Cisco needs to design routers that are smart enough to detect when an unauthorized part has been installed . All products need to have extensive self-monitoring capabilities, to detect intrusions or tampering, and to alert when the unit is being used outside of expected ranges of processing ( for example, PCs that have been taken over by viruses and are being used for spam campaigns. or Denial-of-Service attacks.
* * *
We don’t have to accept a technology infrastructure that includes pervasive hacking as a given. We need to expect–and demand –that hardware and software providers make products that protect themselves—and us. It should have been impossible for anyone—even the NSA– to open and tamper with a product without being detected by the product itself.
Bill Patch 05/20/14