- Cisco is putting more stringent security requirements on its suppliers as part of an attempt to restore customer confidence in its products, CSO reported.
- The effort comes two years after Cisco was loosely tied to disclosures of spying by the National Security Agency.
- There is significant sensitivity to the security of networking equipment because “broad visibility can be gained into large amounts of Internet traffic passing through routers and switches.”
Cisco was unintentionally tied to secret documents leaked by former NSA contractor Edward Snowden by a photo that showed NSA employees around a box labeled “Cisco” during an "interdiction" operation, which involves secretly modifying high tech equipment before delivery to the customer.
In response, China encouraged buyers to source equipment from local suppliers, and Cisco's revenue in China declined 21%.
Cisco stringently denied collaborating with the NSA, and is now working to ensure its suppliers aren’t either.
"I worry about manipulation, espionage and disruption," said Edna Conway, chief security officer of Cisco's global value chain. "We worry about tainted solutions, counterfeit solutions and the misuse of intellectual property."
Cisco products are totally outsourced, and it has over 25,000 suppliers. The company has developed a master security specification for those suppliers with nearly 200 requirements, Conway said. Cisco is also allowing customers to test and inspect source code in a secure environment prior to purchasing.