Manufacturers Need To Improve Product Security

Business Insider posted an article on May 19th, reporting that Cisco CEO and Chairman, John Chambers, had written a letter to President Obama, asking him to stop the NSA from inserting  monitoring devices into Cisco equipment.  :

 

john chambers

 

The article included a copy of the letter, which is dated May 15th.   The timing of the letter is curious.  It says it is in response to photos which went viral last month after being published in Glenn Greenwald’s new book, “No Place to Hide”.  The photos show NSA operatives in 2010  opening packages of Cisco equipment and inserting devices into the equipment.

Last week Cisco also released  a quarterly earnings report, which showed orders were down in their developing nations region—Down 7% in the BRIC  Region  (Brazil, Russia,  India, China) , and down 13% in Mexico.  While  the publication of the photos certainly can’t be helping Cisco’ sales in the developing nations, Chambers’ letter stops short of making any specific link between the photos and the quarterly results. Chambers does point out the negative impact of the agency’s actions:

We simply cannot operate this way, our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security.”

He’s right—customers trust Cisco to produce and deliver products that are safe to use; but that’s Cisco’s job, not the government’s. By now it’s clear that the pursuit of national security has led the NSA to engage in practices that  most people deem to be excessive and intrusive.  The leaders of most of the largest technology companies have written similar letters  on the subject. (  See:  http://www.washingtonpost.com/business/technology/tech-executives-to-obama-nsa-spying-revelations-are-threatening-business/2013/12/17/6569b226-6734-11e3-a0b9-249bbb34602c_story.html).   And as computer technology becomes even more ubiquitous with the coming IoT  (Internet of Things), security of the equipment is becoming increasingly important.

Also this week, five Chinese military officials were charged with hacking into the computer systems in U. S. firms, to give competing Chinese companies an advantage. Catching the five people involved was a great example of how the government can help secure our information technology resources, but equipment manufacturers such as Cisco need to design and deliver stronger, safer, more secure products.  Cisco needs to design routers that are smart enough to detect when an unauthorized part has been installed . All products need to have extensive self-monitoring capabilities, to detect intrusions or tampering, and to alert when the   unit is being used outside of expected ranges of processing ( for example, PCs that have been taken over by viruses and are being used for spam campaigns. or Denial-of-Service attacks.

*     *     *

We don’t have to accept a technology infrastructure that includes pervasive hacking as a given.  We need to expect–and demand –that hardware and software  providers make products that protect themselves—and us.   It should have been impossible for anyone—even the NSA– to open  and tamper with a product without being detected by the product itself.

Bill Patch    05/20/14     

 

 

 

 

 

 

 

 

 

 

 

 

 


FCC Ends Net Neutrality

Screen shot 2014-05-15 at 3.08.47 PM     On Thursday this week the FCC, led by former Comcast lobbyist, Chairman Tom Wheeler, proposed new rules that permit ISPs to charge content providers a fee  to get faster and more dependable service  than the other content that is being processed.    Netfix has already paid fees to both Comcast and Verizon.  This subject  gets complicated quickly, but what it comes down to is that content providers who have lots of money and lawyers will be able to get preferred service from the ISPs,   who  have a monopoly on the “last mile” connection to our homes and offices .    Comcast’s acquisition of Time Warner, which includes the old ISP AoL, will concentrate even more power in Comcast’s hands to leverage payments out of content providers.  Verizon, which was formerly Bell Atlantic, which was from your friendly old Ma Bell monopoly, is filled with managers and executives who know how to use monopoly power to manipulate markets.    At its simplest level:  If one party–or group of parties –can buy  preferred service from the ISPs, then other parties, who cannot pay the fees, will get degraded service.  On any given evening, your Netflix movie may be streaming quickly and clearly, but your Massively  Multiple Player world game may be stuttering, crashing and buffering.With this kind of power and control, the ISPs will be able to dictate  who can start up a content-proving service.  Facebook and You Tube are just a couple content providers that probably would not have made it if their service from the ISPs was slower and less dependable than the other content providers.    The days of a “free ”  Internet are over, if this FCC ruling stands.

 

 

Bill Patch

 May 15, 2014

SmartWatches Still Forecasted to Be a Huge Market by 2018

 

 

Screen shot 2014-05-01 at 4.18.40 PM

 

In September 2013, when Samsung and others had  first announced their wearable smartphone products (see our posting dated 09/12/13), the price was $300 per unit.      Business Insider Intelligence at that time was predicting the market for smartwatches would be $9 Billion by 2018.  We postulated that $300 per unit was a prohibitively high price, and doubted the unit volume in the BI forecast.   BI has now released a new market forecast, and it is based on an average per-unit price of $100.Nevertheless, the total market forecast remains constant at $9 Billion.    And now they’re beginning to talk about the importance of “attach rates,”  which refers to how many smartwatches can be sold as an extension of  its smartphone. ( Hardware manufacturers used to focus on he attach rates for maintenance agreements, especially on PC products, which had thin margins.)    People seem to dislike the bulky  size of the smartphones, so newer products will have smaller screens.  This puts  pressure on the development of apps that fit the smaller screen, so we may see a trade-off ratio of size and price versus functionality, and  the new cheaper models may not have enough value to justify even the  $100  price.  We’re still skeptical.