As the IT world knows, a huge change just took place at Cisco: John Chambers stepped down as CEO on July 26. After 20 years in the top job, he’s easing into his self-described semi-retirement by taking on the chairman’s role instead.
What hasn’t changed at Cisco, though, is the term Internet of Everything. While many have adopted Internet of Things as part of their vocabulary, Cisco is firmly devoted to Team IOE.
In a video interview recorded just days before he officially departed the CEO’s chair, Chambers sizes up what might be called the Threat of Everything. Discussing Cisco’s Midyear Security Report, he argues that the greatest threats to IT security – and our greatest hopes for fighting them – all revolve around connectedness.
“The Internet of Everything is tying everything together,” says Chambers. “And it must have a secure umbrella around it.”
As he logically suggests, if we insist on connecting Everything – our devices, clouds, networks, data centres, FitBits, that smart coffeemaker you’re saving up for – to the Internet, then all of those parts of the daisy chain are obviously vulnerable to threats.
He also suggests that to plug the weak spots within this connected chain, you’ve got to bake connectedness into every single part of it.
“The only way you can defend is (with) the whole architecture defending. (Everything) has to be tied together with a pervasive security,” Chambers says.
Which means Everyone must do their part. According to Chambers, that includes vendors.
“The average company has 45 security vendors and each of us knows we’re only as strong as the weakest security within our environment,” he says.
In case we’re unclear about what he means, the press release for the report suggests “organizations should demand that their technology vendors are transparent about, and able to demonstrate, the security they build into their products … They must ask vendors to contractually back up their claims and demand (there’s that word again) better security.”
Besides banding together to hold vendors accountable, Chambers says another form of connectedness will help protect IT: sharing information and resources to fight the cyber attackers together as a cohesive, worldwide cyber army of sorts.
In its midyear report, Cisco security researchers call for a “global cyber governance framework” that is “collaborative (and) multi-stakeholder” to tackle “geopolitical challenges.” This is where some of my own skepticism creeps in.
First, Chambers himself penned (okay, likely had an assistant type) a letter to President Obama last year, complaining that secret data collection by the National Security Agency (NSA) erodes the trust of Cisco clients who don’t want their Ps and Qs monitored without their consent. Chambers also told analysts in 2013 that NSA monitoring was hampering Cisco’s sales in China, where clients fear the U.S. will spy on them while secretly tapping into Cisco networks.
If Cisco can’t persuade the U.S. government to back off on hacking its own corporate citizens, how easy will it be to create an agency where various world governments join up to fight hacking overall?
Second, it seems unlikely that nations like North Korea, China and Russia will suddenly join hands with western nations to fight the exact type of cyber attacks that they’ve been accused of perpetrating against them. Even if a cyber version of the United Nations is ever formed to battle IT bad guys, it may end up like the original UN: same old us vs. them in-fighting along political lines.
Don’t get me wrong; I agree with Chambers that cooperation is absolutely the key to securing what he still calls the Internet of Everything. I just wonder if customers are really willing to band together (in a formal, coordinated way) to hold vendors more accountable for security exploits of their products. Or if governments that hack their own citizens are willing to risk appearing hypocritical – and befriend their political enemies in the process – to fight the Threat of Everything.