Cisco faces new questions this week about the NSA's ability to use the company's ubiquitous networking gear to spy on targets. Glenn Greenwald, the journalist whose work with Edward Snowden ignited controversy over NSA policies, claims in a new book that the security agency routinely intercepts and modifies shipments of networking hardware.
Titled "No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State," Greenwald's book does not explicitly mention Cisco, but it includes a purported photo of NSA agents opening boxes stamped with the company's name.
In an interview, Cisco CEO John Chambers spoke critically of overreaching surveillance tactics and said the company does not enable governments to spy on customers.
Still, security questions cut to the core of Cisco's strategy, which relies heavily on the Internet of Things (IoT). The company argues that connected, sensor-laden devices, from smartphones to wearable devices to city streetlamps, will contribute trillions to the global economy by 2020. Chambers said that as the number of connected devices proliferates, so too do security questions.
[In wake of leadership changes, where does Cisco's IoT strategy stand? Read Cisco IoT Leader Resigns: What's Next?]
"Are the products secure? How do you monitor that they haven't been tampered with when they're in your environment? How do you monitor that there are no backdoors?" he said. "We have never given our code to any government in the world, including our own. Everybody asks. We don't do it.
"If you had the capability to crunch code with the processor power coming out right now, you'll find weaknesses. That's why we don't give it to anyone. We fix issues any time we are aware of it," he continued, adding, "We don't aid in any supply chain issues, etc., nor will we ever."
Chambers said Cisco's IoT security strategy is "more than firewalls and antimalware," with security applied end-to-end. He said Cisco's expertise with system architecture will help it to install "security everywhere," and that all of the key software is open source.
Chambers also said surveillance policies need to improve. "Countries must lead. We need rules of the road that say, 'This is what we will not do.' I think our government has to take a much more proactive approach on that, and that's my strong input into both the House and Senate, and the [Obama] administration."
In a blog post, Cisco senior VP and general counsel Mark Chandler offered similar sentiments. He noted that the company complies with US laws, which limits where and to whom Cisco can export products. Law-abiding businesses, he said, "ought to be able to count on the government not to interfere with the lawful delivery of our products in the form in which we have manufactured them. To do otherwise, and to violate legitimate privacy rights of individuals and institutions around the world, undermines confidence in our industry."
An NSA spokesperson dismissed Greenwald's new allegations, telling The Wall Street Journal that the NSA itself relies on US technology companies, and that the "US government is as concerned as the public is with the security of these products."
The NSA rep said the agency cannot comment on its intelligence-gathering activities but noted that its interest in any given technology is "driven by the use of that technology by foreign intelligence targets."
The newest NSA controversy didn't put a damper on Cisco's week, however. The company's better-than-expected earnings report prompted an upbeat reaction on Wall Street. Cisco's stock was up as much as 7% as of Thursday afternoon.
Trying to meet today's business technology needs with yesterday's IT organizational structure is like driving a Model T at the Indy 500. Time for a reset. Read our Transformative CIOs Organize For Success report today. (Free registration required.)