TelecomTV TelecomTV
  • News
  • Videos
  • Channels
  • Events
  • Directory
  • Smart Studio
  • Surveys
  • Debates
  • Perspectives
  • DSP Leaders World Forum
  • DSP Summits
  • Great Telco Debate
    • |
    • Follow
    • |
    • Subscribe
  • |
  • More
  • Webcasts
  • Surveys
  • Debates
  • Perspectives
  • Great Telco Debate
  • |
  • Follow TelecomTV
  • |
    • Subscribe
    • |
  • About
  • Privacy
  • Help
  • Contact
  • Follow TelecomTV
  • About
  • Privacy
  • Help
  • Contact
  • Sign In Register Subscribe
    • Subscribe
    • Sign In
    • Register
  • Search

Security

Security

Cisco suit proves dodgy software cover-ups are a bigger risk than evil back doors

Nick Wood
By Nick Wood

Aug 1, 2019

via Flickr © zigazou76  (CC BY 2.0)

via Flickr © zigazou76 (CC BY 2.0)

  • Vendor sold vulnerable surveillance kit to several US federal agencies
  • Whistleblower who found and tried to fix the problem was fired
  • Cisco to pay $8.6m settlement, issues grudging non-apology

Donald Trump needn't worry about Huawei posing threats to US national security, not when he has good ol' homegrown Cisco to do it for him.

The networking giant has just agreed to pay $8.6 million to settle a lawsuit brought by the government and whistleblower James Glenn, relating to historic security flaws in Cisco's Video Surveillance Manager (VSM) software.

Glenn is a US citizen who worked for Cisco partner NetDesign in Denmark. According to the lawsuit, filed in 2011 but only unsealed this week, Glenn made NetDesign and Cisco aware of the vulnerabilities in 2008, only to be fired months later.

The Department of Homeland Security, the Secret Service Procurement Division, the Department of Defense Biometrics Task Force Headquarters, the Federal Emergency Management Agency, NASA, the Army, the Navy, the Air Force, the Marine Corps, and the Patent and Trademark Office are just some of the Cisco customers that purchased this software.

Despite being aware of the security flaws, the lawsuit alleged that Cisco failed to notify the government about them, and instead continued to sell its vulnerable VSM.

Not sounding very sorry

In a blog post, Cisco general counsel Mark Chandler gave a masterclass in deflecting blame and not explicitly apologising.

He wrote that the vulnerability was inherited from Broadware, a company Cisco acquired in 2007. He said that a Cisco best practices guide published in 2009 – after Glenn blew the whistle – urged customers to "pay special attention" to implementing security features on top of the VSM. Cisco didn't release updated software until 2013, after it had been taken to court. It didn't withdraw the older, vulnerable software from sale until September 2014.

"While this is a legacy issue which no longer exists, it matters to us to recognise that times and expectations have changed," Chandler said.

I'm no expert, but I'm fairly confident that even a decade ago, government agencies didn't expect their video surveillance software to be, according to the lawsuit, "riddled with serious security defects."

It also doesn't take an expert to conclude that a decade ago, best practice would have been to inform customers about any known security defects as and when they emerged.

Once more, I'm also fairly confident that a decade ago, it would still have been frowned upon to fire whoever used official internal channels to highlight the problem in a bid to resolve it.

On a broader level though, what this case highlights is just how ridiculous it is to single out individual companies like Huawei as posing a threat to national security purely for political reasons.

The reality is, even so-called 'friendly' suppliers, either by accident or design, could leave networks vulnerable to attack.

Related Topics
  • Analysis & Opinion,
  • Announcement,
  • Cisco,
  • Europe,
  • Huawei,
  • News,
  • North America,
  • Policy & Regulation,
  • Security,
  • Telecoms Vendors & OEMs

More Like This

6G R&I

US and Japan team on Open RAN, 6G R&D

Apr 19, 2021

Access Evolution

IoT specialists are finding network security hard

Apr 19, 2021

Security

KPN shaken to the core by Huawei espionage allegations

Apr 19, 2021

AI, Analytics & Automation

The EU wields a big stick to prevent AI being used for ‘indiscriminate surveillance’

Apr 16, 2021

Security

SK Telecom to launch QRNG-powered 5G smartphone Galaxy Quantum2

Apr 15, 2021

Email Newsletters

Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.

Subscribe

Top Picks

Highlights of our content from across TelecomTV today

DSP Leaders World Forum 2021 Delegate Report

0:50

DSP Leaders Open Telco Summit

23:25

Extra Shot: Next Steps for DSPs

11:17

How cloud dynamics are reshaping the telecoms sector

  • TelecomTV
  • Decisive Media

TelecomTV is produced by the team at Decisive Media

Menu
  • News
  • Videos
  • Channels
  • Directory
  • Smart Studio
 
  • Surveys
  • Debates
  • Perspectives
  • Events
  • About Us
Our Brands
  • TelecomTV Tracker
  • TelecomTV Perspectives
  • DSP Summits
  • DSP Leaders World Forum
  • The Great Telco Debate
Get In Touch
info@telecomtv.com
+44 (0) 207 448 1070

Request a Media Pack

Follow
  • © Decisive Media Limited 2021. All rights reserved. All brands and products are the trademarks of their respective holder(s).
  • Privacy
  • Terms
  • Legal Notices