Cisco Investigates NSA Backdoor Security Hole Claims
It must be somewhat disconcerting to wake up one morning and find yourself mentioned in a magazine article stating the National Security Agency (NSA) Tailored Access Operations (TAO) organization has possibly created backdoors into your company's products. That's what happened to Cisco Systems (CSCO) this weekend following the publication of article in Germany's Der Spiegel magazine.
According to the article, the NSA TAO expoited technical weaknesses in the IT products of various vendors. Cisco was specifically mentioned, and the company has jumped into action by putting its Cisco Product Security Incident Response Team (PSIRT) on the case. The team has opened an investigation into the claims, and Cisco is trying to keep its customers and partners up to date on its findings.
John Stewart, senior VP and chief security officer for threat response, intelligence and development at Cisco, wrote in a blog post that Cisco is "deeply concerned with anything that may impact the integrity of our products or our customers’ networks and continue to seek additional information."
Cisco prides itself on its high level of security in its networking products, and an exploit that allowed the NSA into its products through a backdoor could pose several challenges to the company, its partners and its customers. With such claims out there, one has to wonder what the federal security agency exactly has access to and what it is currently able to do. That's an unknown, of course.
For partners, it could open up several questions about Cisco's security that they may not be able to answer sufficiently to put their customers' fears to rest.
Stewart is trying to make assurances to all stakeholders right now.
"As we have stated prior, and communicated to Der Spiegel, we do not work with any government to weaken our products for exploitation, nor to implement any so-called security ‘back doors’ in our products," he wrote.
