Cisco CEO warns Obama NSA 'load stations' threaten the entire tech industry

Cisco CEO warns Obama NSA 'load stations' threaten the entire tech industry

Summary: Cisco's John Chambers has told Obama why the NSA's national security efforts may do more harm than good.

SHARE:

Cisco's CEO John Chambers has asked US president Barack Obama to consider new rules preventing agencies hijacking networking equipment at it moves through the supply chain — or risk undermining confidence in the multi-billion dollar US technology sector.

In a letter dated 15 May and published by Re/code on Sunday, Chambers responded to claims in a new book by journalist Glenn Greenwald that the National Security Agency (NSA) used "load stations" to implant spy beacons on servers and networking gear shipping from the US to particular customers. News reports included an image purportedly of staff from the NSA's Tailored Access Operations unwrapping a Cisco box.

Chambers, who said Cisco doesn't work with the government to weaken its own products, believes the intercepts pose a threat to trade and jobs across the US tech sector, and may leave its position in the industry "impaired".

"We ship out products from locations inside, as well as outside the United States, and if these allegations are true, these actions will undermine confidence in our industry and the ability of technology companies to deliver products globally," Chambers warned.

The letter comes as Cisco and other US tech companies face difficulties growing their businesses in developing economies. Ahead of its third quarter report, Cisco noted that its business in emerging markets declined overall by seven percent, with Brazil, Russia, India, and China collectively down 13 per cent.

As noted by ZDNet's Larry Dignan last week, the NSA's attacks on the supply chain threatens to harm international sales, push manufacturing outside the US, cost jobs, kill trust in US technology and the supply chain; and may ultimately cost the US its technology leadership.

To restore trust in US tech companies, Chambers wants the president to write a new code of conduct that strike a better balance between national security and companies’ abilities to meet customers' expectations of privacy.

"We simply cannot operate this way, our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security. That is why we need standards of conduct," Chambers wrote.


Chambers' letter followed a list of suggestions for surveillance reform aired last week by Cisco's general counsel Mark Chandler, which included that government agencies require a court order to withhold newly-discovered flaws from vendors. Governments should also not interfere with companies lawfully trying to deliver internet infrastructure to customers, he said.

Read more on this story

Topics: Security, Cisco, Government US, Networking

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

24 comments
Log in or register to join the discussion
  • What goes around...

    ...comes around. Yes, what NSA's doing is shortsighted and most likely illegal, but - Cisco helped China to build their ‘Great Firewall’ of China as a chance to sell more routers and now they're gonna sell big fat zero...
    Not only that - Huawei is gonna kill them in other countries as well.
    Sold you soul for nothing, Cisco...
    vgrig
  • He's right

    All legitimate commerce depends on trust. No trust means nobody buys from you except as a last resort.
    John L. Ries
  • Not quite feasible for NSA to have done what is alleged

    Anyone who has done any real software will know that in order for NSA to pull this off, it would require a software department bigger than what Cisco has. First NSA would have to fully understand what each original product is supposed to do PRECISELY under ALL scenarios. And that is assuming that Cisco has every little detail documented and UPDATED, with nothing held only in some engineer's head, and NSA are able to get those documents. Just imagine the mind-boggling regression testing effort that is required in order to ensure that no unexpected behavior will give the game away.

    There is no evidence to suggest that NSA has more and better talent than the industry.
    kingkong881
    • NSA doc says...

      ..."installation of beacon implants directly into out targets' electronic devices" - could be any kind of surveillance beacon - audio listening devices with small short (not to short) range radio, whatever - doesn't even need to work at all: just the fact that NSA tries this is enough to cost Cisco billions in sales...
      vgrig
      • Packet Sniffer

        A packet sniffer could be likely as well. Something that just sits "in-line" that would simply log packets and occasionally send out a burst of info to somewhere. This also may not require any re-coding of the base hardware device.

        There is a good reason why physical access is a *HUGE* security concern for data centers.
        QuimaxW
    • What does this have to do with Cisco software?

      drop a custom embedded board into the chassis and start snooping on a WAN port. Device is completely independent of the Cisco fabric. You just need to tie to four wires on said RJ45 jack + power & gnd. Think Rasberry Pi or Netduino. (Actually I've heard that Pi's can be fitted into surge supressors and snoop on the RJ45 in/out) You do have to be clever about C&C so the target doesn't see a rogue device, but if you can snoop you can inject into the packet.
      Charles Bundy
    • Lost in context - fear mongering and wild speculation abounds.

      Yep, I agree with you kingkong88. There's no way the NSA stopped millions of devices in transit and installed chips in them. This was a TARGETED operation, meaning items destined for a SELECT FEW places.

      Was it 10? or 100? or 1000? Who knows for sure but it was several orders of magnitude less than the total units shipped from all manufacturers. Some stuff sold to Syria? Iran? China? Russia? I can only say I hope so because as we saw evidence in the news again today (re: organized, state-sponsored corporate hacking) those guys are all out to screw us royally.

      You allude to the impact of modifying this hardware, and I agree based on my 25+ years in IT with a degree in electronics. It's not easy to "jam something in there" without breaking it or causing unforeseen issues, having nobody notice later, etc. It's difficult, but I wouldn't put it past a group of MIT-type geniuses (NSA has those on the design side at least) to do something both clever and useful (in a technical sense).

      The scale or scope of this is mentioned nowhere, so people are left to jump to their own conclusions. Jumping to Conclusions - the one Olympic sport we can all get a medal in!
      brownj00
      • Speaking of...

        "organized, state-sponsored corporate hacking" - that's why Brazil was so angry about NSA spying against Petrobras: that's industrial espionage and NSA is definitely "state sponsored"
        Let's stop bitching about other and clean our own backyard maybe?
        vgrig
      • Would

        it be possible to have a firmware reflash on that type of equipment? I do know that if you can access ports on many automotive modules they can be reflashed in situ in a few minutes.....a cardboard box would be heaven compared to those, just wondering.
        Tonydid
  • "risk undermining confidence" hahaha

    Yeaaaaah, umm, what "confidence" would that be exactly?
    Google reads your email. M$ put back doors in thier code for the Corpro-Facist Spies who run the Gubmint now. I could go on.

    They are all felons. But since they make the laws and do the enforcement, they get away with stuff that would sent the rest of us to prison.
    Telexer
    • criminals

      I think you meant 'criminals'. if there was any justice, they should be felons (as in gone to jail)...
      :)
      smckenna1
      • Crime has nothing to do with legality

        Murder, kidnapping, robbery and the rest are illegal because they have been judged to be inherently harmful to the public. They'd still be crimes even if they were completely legal and were any government to try to legalize them it would end up undercutting its own legitimacy.
        John L. Ries
    • Trust is always an asset

      Cisco has competitors, so if people don't or can't trust it, they'll go elsewhere (unless one thinks that all corporations are equally crooked, in which case do it yourself starts looking good).
      John L. Ries
  • Not a problem. What government needs revenue sources from its citizens?

    The U.S. government can continue to borrow money from China and other creditors indefinitely. No?
    Rabid Howler Monkey
  • Cisco CEO warns Obama NSA 'load stations' threaten the entire tech industry

    In 1990, the US Government let out a contract to a Tech Company to write a "virus bug" that was put into some hardware that was ultimately shipped to Iraq, which when plugged in, took out much of their "defenses" just before DESERT STORM took place.

    The NSA's involvement in doing what was it doing with new product entering the country also over shadows what might be done to product produced in other countries before it hits the American shores. That was not addressed in this article either and should have been. How can we be certain that your products produced in some other country, particularly in Asia, aren't being hard coded to do the same thing ? After all, isn't Asia the COPY CAT area of the world ?

    I have my suspicions. MADE IN AMERICA used to mean something. Just because you found cheap labor overseas, No or Low Tax rates and other shelters, doesn't make your products safer. And with the NSA screwing with them as they enter Ports doesn't make our government any less than criminal as well.

    Frankly, if you are that concerned for the integrity and security of your products, I would be manufacturing them here in the USA and not abroad. At least you can keep better controls on them here.
    Labrynth
    • April Fools Day story... but maybe an inspirational one.

      I'm pretty familiar with the story that the NSA had embedded hardware/software in "printer components" shipped to Iraq in 1990 in order to "short-circuit" Iraqi radars at the start of Desert Storm. It's often repeated, but a little digging showed it was A JOKE!

      That's right, a US PC magazine ran it as an APRIL FOOL'S DAY story as they were wont to do just to be silly. Foreign press, including the Japanese, saw the story but some didn't realize what April Fools Day was - so they repeated it verbatim as a serious story. THEN some months later other American tech magazines saw the foreign press, took THAT seriously and reported it... etc. This was WELL DOCUMENTED a few years later, but the urban legend was born. This has actually happened several times, often enough that most people have wised up but it still catches the unwary.

      However, I have to wonder if that joke didn't provide a little inspiration. Because, hey, it's a good idea in theory (technically speaking). In reality none of this is really new. What's new is that the clueless public is being spoon-fed information they don't have the knowledge or context to process and make the right conclusions about.

      It's clear that the Chinese and some European nations have been doing the same, etc. for quite some time. The NSA gets a ton of data from their foreign colleagues through a sharing agreement. But hey, I guess that's beside the point. The point of this story is MONEY.
      brownj00
  • Obama owns this

    Just like GW Bush owns the Iraq mess, Obama owns this NSA mess as well. Some will argue that these practices started with Bush and that would be true but what Bush did was incubate the NSA and handed it off to Obama to grow it at exponential rate. Congress funds these things and is suppose to have oversight but the control of this is under the executive branch and at anytime Obama could have pulled back the reins and shorten their leases. He chose to expand.

    Obama is the face of the NSA. He is the head. He could gut it with the stroke of a pen and the only thing congress could do would be to try and impeach him (but who would support that?).
    Rann Xeroxx
  • Huawei

    It's not like other countries don't participate in this kind of behavior. Huawei has a backdoor to just about every device they sell to the U.S. We removed several of our Huawei Provider edge routers around the world because of it. The world of IT is constantly evolving and so is espionage.
    Jdevry
    • Big difference

      Huawei's modifications are collaborative and by design.

      If NSA were to do it, it has to be surreptitiously done. The level of difficulty is way way different.
      kingkong881
    • Now that

      you mention it, I seem to recall an article ( here on ZDnet or CNet ) about how some American people were examining Huawei equipment and the only problem they had with it was "Sloppy Code".
      Tonydid