Ironically, Cisco’s blog announced today that the company won two prestigious awards at the 2nd Annual CSO40 in Atlanta:
The awards program recognizes projects and initiatives demonstrating innovative use of security in delivering outstanding business value.
The awards were given in April. Things may have changed. On May 15, John T. Chambers, the CEO and Chairman of Cisco Systems, wrote a letter to President Barack Obama asking him to stop the NSA’s criminal damage. His words are quite gracious but it points out that our government has committed crimes against businesses that could have severe consequences for the economy.
This week a number of media outlets reported allegations that the National Security Agency has intercepted IT equipment while they were in transit from manufacturers to customers. While the reports include a photograph purportedly showing a Cisco product being modified, this issue affects an entire industry that depends on a global supply chain and global shipments. We ship our products from locations inside, as well as outside the United States, and if these allegations are true, these actions will undermine confidence in our industry and in the ability of technology companies to deliver products globally.
Confidence in the open, global internet has brought enormous economic benefits to the United States and to billions of people around the world. This confidence is eroded by revelations of governments’ surveillance, government demands that make it difficult for companies to meet the privacy expectations of citizens and the laws of other countries, and allegations that governments exploit rather than report security vulnerabilities.
We simply cannot operate this way; our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security. That is why we need standards of conduct, or a new set of ‘rules of the road,’ to ensure that appropriate safeguards and limits exist that serve national security objectives, while at the same time meet the needs of global commerce. We understand the real and significant threats that exist in the world, but we must also respect the industry’s relationship of trust with our customers.
Chambers’ request for “rules of the road” brings up another irony. Today, news headlines are proclaiming: “U.S. accuses China of cyber spying on American companies.”
A U.S. grand jury has indicted five Chinese military officers on charges of hacking American companies and stealing trade secrets, the toughest action taken by Washington so far to address cyber spying by China.
China denied the charges, saying they were “made up” and would damage trust between the two nations. The Chinese foreign ministry said it would suspend the activities of the Sino-U.S. Internet working group.
The indictments mark the first time the United States has filed charges against specific officials of foreign governments, accusing them of corporate cyber spying.
So when China does it, it is a prosecutable crime. But when the NSA does it to Angela Merkel, it must be OK because, by definition, nothing the U.S. Government does is ever criminal. Does anyone think that China spying on companies will damage those companies as much as the news that Cisco’s products are shipping to customers with NSA-made alterations to turn them into spying devices?
I doubt it.