These fake cisco devices might be less vulnerable than the real devices.
That’s capitalism with a military contractor increasing their profits.
But capitalism good!
Or it’s a surveillance attempt by someone.
That’s… Bad. Like really bad.
Why is this allowed by the DoD?
The DoD will soon be requiring itself and Contractors to start following Rev 5 of the NIST SP 800-53 Risk Management Framework. In this revision are more robust controls for Supply-side security, which the DoD has been trying to incorporate for over 10 years.
Americans should know that the military and DOD and it’s contractors do their best to purchase authentic hardware from reputable vendors, but there are exceptions and alternate procurement allowances if the need is great and the standard more secure lines are unavailable or simply on back order.
It’s usually then that some of the fake hardware makes it into use
800-53 Rev 5 is such a pain in the ass to implement fully but holy shit is it much needed. Bad actors out there everywhere and if followed to the letter, those controls will save you almost every step of the way. “Almost” because there will always be a new method to infiltrate an organization or agency, but the damage control built into these controls should lessen the impact regardless.
It’s not.
I wonder why they can’t just buy straight from Cisco, surely they are big enough and the equipment is sensitive enough for that to make sense.