Manufacturers Need To Improve Product Security

Business Insider posted an article on May 19th, reporting that Cisco CEO and Chairman, John Chambers, had written a letter to President Obama, asking him to stop the NSA from inserting  monitoring devices into Cisco equipment.  :


john chambers


The article included a copy of the letter, which is dated May 15th.   The timing of the letter is curious.  It says it is in response to photos which went viral last month after being published in Glenn Greenwald’s new book, “No Place to Hide”.  The photos show NSA operatives in 2010  opening packages of Cisco equipment and inserting devices into the equipment.

Last week Cisco also released  a quarterly earnings report, which showed orders were down in their developing nations region—Down 7% in the BRIC  Region  (Brazil, Russia,  India, China) , and down 13% in Mexico.  While  the publication of the photos certainly can’t be helping Cisco’ sales in the developing nations, Chambers’ letter stops short of making any specific link between the photos and the quarterly results. Chambers does point out the negative impact of the agency’s actions:

We simply cannot operate this way, our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security.”

He’s right—customers trust Cisco to produce and deliver products that are safe to use; but that’s Cisco’s job, not the government’s. By now it’s clear that the pursuit of national security has led the NSA to engage in practices that  most people deem to be excessive and intrusive.  The leaders of most of the largest technology companies have written similar letters  on the subject. (  See:   And as computer technology becomes even more ubiquitous with the coming IoT  (Internet of Things), security of the equipment is becoming increasingly important.

Also this week, five Chinese military officials were charged with hacking into the computer systems in U. S. firms, to give competing Chinese companies an advantage. Catching the five people involved was a great example of how the government can help secure our information technology resources, but equipment manufacturers such as Cisco need to design and deliver stronger, safer, more secure products.  Cisco needs to design routers that are smart enough to detect when an unauthorized part has been installed . All products need to have extensive self-monitoring capabilities, to detect intrusions or tampering, and to alert when the   unit is being used outside of expected ranges of processing ( for example, PCs that have been taken over by viruses and are being used for spam campaigns. or Denial-of-Service attacks.

*     *     *

We don’t have to accept a technology infrastructure that includes pervasive hacking as a given.  We need to expect–and demand –that hardware and software  providers make products that protect themselves—and us.   It should have been impossible for anyone—even the NSA– to open  and tamper with a product without being detected by the product itself.

Bill Patch    05/20/14     














2 Responses to “Manufacturers Need To Improve Product Security”

  1. Hi there, just became alert to your blog through Google, and
    found that it is really informative. I’m going to
    watch out for brussels. I’ll appreciate if you continue this
    in future. Numerous people will be benefited from your writing.

    Here is my weeblogthere domain registry

Leave a Reply

Your email address will not be published. Required fields are marked *