This morning â€“ going through my RSS feeds â€“ I read the following article looking into the latest Juniper backdoors: 4 Juniper Questions Congress Should Be Asking – Did NSA Create a Backdoor in U.S. Networking Giant’s Gear?
The article covers the background of the event a bit and then raises four questions:
- How did the backdoors get added to U.S. networking giant Juniper’s products?
- How many other networking products used by the U.S. government have backdoors, and how are vendors responding?
- To what extent is the NSA responsible for any or all of these backdoors, and what is the projected loss of revenue due to a decline in sales as a result of heightened distrust of U.S. manufacturers from potential overseas customers?
- What can Congress do today to better speed government agencies’ response tomorrow when we next face a similar crisis?
Well, these questions are interesting but do not go far enough, in my opinion. They do not cover the root cause but the symptoms only.
Compromising the supply chain is probably one of the major risks, companies face today â€“ and not “only” with backdoors but who guarantees that governments do not add “kill switches” to devices or software? And to be clear, I am not only talking about NSA â€“ most devices are manufactured in Asia and will cross several countries before hitting their destination. There are a lot of opportunities for compromise and there is a certain chance that the different intelligence groups even meet on the same deviceâ€¦
Coming back to the US. There are a few questions, I do not see answered since the Snowden revelations:
- What are the intelligence services like the NSA really allowed to do?
- How governs them? How has real oversight?
- What does the US government do to restore trust in their economy? Or is it need? Do we just have to learn to live with these challenges?
- In the same context: What does Congress do to make sure that their government agencies are not overstepping their competences?
- What does the US government do to ensure that the backdoors they introduced are not leaking to the black market and therefore to terrorists or criminals?
Dear US government, the last point could backfire heavily even to the US economy â€“ more than you expect, I guess.
From a defending side, there is another question: What can we do to defend ourselves in such an environment? What can our governments or international organizations do to help?
For me: We need to start to exchange information and work together on private initiatives much better. There needs to be a way, where we can collaborate and improve the situation.