In 2014, Cisco joined the Coordinated Malware Eradication (CME) coalition, where multiple companies cooperate to stop the growing malware threat that all customers are experiencing. In one case, Cisco researched and published malware and activity that was using a remote access tool (RAT) called ZxShell (also known as Sensocode).
Our public blog posts may be found here:
• Threat Spotlight: Group 72
• Threat Spotlight: Group 72, Opening the ZxShell
The Cisco team did the ZxShell technical analysis because Novetta, Inc., who is also part of the CME, began researching a new threat in September 2014, and reached out to other member companies to help. Novetta asked Cisco to analyze the ZxShell malware only, understand its technical nature and capability only, and publish our results – our technical results are published in the second blog post above. This was Novetta’s only request. Novetta referenced our technical results, but they did not ask, nor did we participate, cooperate, or contribute in the researching, identifying, or naming of who developed the malware or deployed the malware.
We are disappointed that the appearance of Cisco’s logo on the cover of the Novetta report may suggest that Cisco endorses all of the report conclusions, including conclusions that China was behind the activity described in the report. We only endorse our findings about the technical attributes of ZxShell; the rest of Novetta’s report is unrelated to Cisco and the conclusions are their own.
We focus on protecting our customers through technical analysis of the attacks, and creating protections against them.
Cyber-attacks are global and the attacks must be stopped. Our fundamental security objective is to protect all customers, be transparent, and be their trusted partner. We hope this clears up any misconceptions.
Last week marked the first steps forward for a broad-based coalition of businesses who are working together to fight wanton abuse of the patent litigation system by patent assertion entities (PAEs).
The coalition – United for Patent Reform – is comprised of grocery, hotel, retail, restaurant and technology associations and companies including Cisco. Our mission: to fight for patent reform legislation in Congress that will stop litigation factories that take advantages of anomalies in the patent system to extort financial settlements out of businesses large and small.
Simply put, patent assertion entities – companies who neither invent nor produce products, but simply buy patents for litigation value – file lawsuits or send intimidating demand letters, knowing that many defendants will pay to avoid litigation costs alone, or will pay to avoid the risk of losing a large sum in a lottery-like litigation system plagued by high costs and uncertain outcomes.
Opponents of reform claim that recent court decisions – particularly by the US Supreme Court, which in recent years has reversed a number of lower court decisions by unanimous or near unanimous votes –have solved the problem. They point especially to the decision last spring in Alice v CLS Bank, which in fact affects only a very narrow segment of the patent world.
The overall numbers, in fact, show just that the problem continues to persist.
- The PAEs themselves, which exist solely for litigation, continue to invest and buy based on the reality of continued business as usual. In fact, according to Allied Security Trust, a leading analyst of the market, patent assertion entities bought just as many patents in the first 6 months of 2014 as they did in all of 2013.
- The total number of defendants in cases brought by patent assertion entities remain within ten percent of recent years and still many multiples larger than a decade ago. The total number of defendants sued is comparable to 2012 and 2010. (2011 and 2013 were marked by significant action toward patent reform, which drove up the numbers.) The numbers of cases in 2014 were triple those of 2006.
- This is not just a problem for a few large companies. Nearly half of the NPE defendants of 2014 were companies with less than $100 million of revenue.
As our coalition’s membership illustrates, this is a problem that includes businesses of all shapes and sizes. In both 2013 and 2014, half of the defendants were not tech companies.
This cries out for Congressional action.
United for Patent Reform released a letter last Thursday outlining our seven core principles:
- Demand letter transparency
- More specificity in making patent allegations
- Protections against suits against innocent end users rather than against the company that built the supposedly infringing product
- Litigation procedures efficiency
- Putting burden of litigation costs on those who bring suits that prove to be for extortion value only or where parties demand inefficient, costly litigation procedures
- Encouragement of litigation alternatives
Over the next weeks and months, Cisco, in conjunction with United for Patent Reform and its member companies, will make the case for patent reform in the hope that Congress will approve meaningful reforms soon.
This is imperative if we’re to break the outlandish and exploitive business model that has encouraged patent assertion entities to thrive.
“Education then, beyond all other devices of human origin, is a great equalizer of the conditions of men – the balance wheel of the social machinery.” – Horace Mann, 1848
Mann, is he right. Education paves the way to opportunity and higher living standards. And today we recognize a technology with a similar power – the Internet. It’s been just twenty years since the spread of the commercial Internet, and evidence of its impact on employment, productivity and social development is all around us. But a major hurdle hinders the extension of the Internet’s benefits to more people: a worldwide shortage of skilled Internet technical (IP) professionals who ensure network connectivity for our homes, businesses, governments and economies.
Today Cisco participated in the launch of the 2014 Global Talent Competitiveness Index report, “Growing Talent Today and Tomorrow,” in Davos, Switzerland. And in Chapter 4 of the report, we specifically detail the shortage in IP networking professionals across 29 countries we most recently analyzed.
The headline: The shortage of skilled IP networking professionals will be at least 1.2 million people in 2015. In some countries, such as Costa Rica, the UAE and Saudi Arabia, there may be over a 45% gap. Even where countries have a relatively low shortage (e.g. Australia and Korea), the gap ranges between 10 to 20%. And in all countries, the networking skills gap is growing – due to increasing connectivity, the Internet of Everything, rising digitization of all business activity, globalization of trade and travel, and economic growth.
So what can be done to close the Networking skills gap and ensure the benefits, and opportunities, brought about by the Internet continue to spread to more people on the planet?
When it comes down to it, specific programs and targeted policies are needed to expand the total pool of qualified people. More effort is needed to expand the total pool of qualified networking talent by: 1) increasing the number of new Networking employees (graduates); 2) encouraging and enabling mid-career professionals to transition to ICT and Networking; and 3) increasing a country’s total talent by encouraging immigration. The policies and programs created to achieve these results should:
Integrate more technology training into educational curriculum. Expand efforts to increase the number of trained ICT professionals from universities, vocational programs and technical training centers, particularly by integrating elements of computer science (CS) and IP networking into general education curricula at the primary and secondary levels. And ensure that when CS and networking courses are offered, they also are eligible to fulfill graduation credit, as opposed to only being peripheral electives.
Increase mentorship opportunities. Mentoring students provides opportunities to experience and learn about careers in technology related fields. Programs like US2020 aim to match one million STEM mentors with students at youth-serving non-profits. Girls Who Code is another shining example. The program involves summer training for girls in high school centered on project-based computer science education with real-world tech industry exposure.
Reduce limits on the number of temporary and immigrant visas for skilled workers. Current immigration policies directly impact the immediate supply of skilled networking employees. Applications for H-1B visas in the U.S., for example, consistently reach their annual prescribed limit within a week of becoming available.
Implement successful technical training program, particularly through public private partnerships. Tailored training programs can accelerate the number of skilled networking employees that enter the global workforce. Cisco’s own Networking Academy Program prepares students for entry-level ICT jobs through the PPP model. To date, globally it has trained over five million students, 92% of whom obtained a new job and/or further educational opportunity following their graduation from the Academy.
While the presence of the IP networking gap highlights a missed opportunity for countries to reach potential economic growth, with dedicated public policy, specific training programs, and public involvement on the part of governments, citizens and private enterprise, we can solve the talent gap.
Tags: GTCI, INSEAD, internet, ip, networking, talent
The FCC, acting on a petition from the hotel industry, has begun an interesting debate: when or whether hotels (or in principle, other enterprises) could ever block Wi-Fi on consumers’ personal devices, like smartphones.
For the record, Cisco’s view is that — absent a security threat, attack, or other compelling interest — enterprises should not block personal Wi-Fi hotspots to promote their commercial interests, or for other purposes.
However, in limited cases where there is a significant security threat, attack or other compelling interest, enterprises should be able to defend their network, data and devices. We should be clear: the mere presence of personal hot spots at a facility does not represent a security threat or interest.
As with any issue involving technology, there’s a lot of confusion over what the issues and facts are.
Let’s take a look at the facts:
1. Under federal law, no one entity “owns” or “controls” access to unlicensed airwaves. Consumers can use unlicensed airwaves (on devices that have been certified for use by the FCC) wherever they want, whenever they want. As Wi-Fi “hot spot” capability is added to our smartphones, this is becoming much more common and is great for consumers.
2. Enterprises, particularly those which are open to the public or where the public is routinely invited, are increasingly installing their own managed Wi-Fi networks for the use of the visiting public, their own operations, or for other customers, such as businesses that lease space on a convention floor. And this development, too, is great for consumers and great for our economy, enabling business to get done at Internet speed.
Now, the wonderful thing about Wi-Fi is that everyone can use it, and, especially with blazing-fast new technologies such as IEEE 802.11ac, there’s plenty of capacity for all to share.
Consequently – as a general rule — enterprises should not block access to personal hot spots as a routine matter. Using security technology to shut down Wi-Fi signals that are not a threat to the co-located network is a bad practice that Cisco does not support.
In our filing at the FCC, Cisco asked the FCC to declare that “the mere presence of a personal hot spot or ad hoc client does not constitute a security threat in any venue or physical location where the public is routinely present or invited. “ This is consistent with our view that everyone should have the expectation of using unlicensed airwaves on FCC-approved devices.
But what if the enterprise’s managed Wi-Fi network comes under cyber attack, such as a denial of service attack by another Wi-Fi transmitter or a “honeypot” where the enterprise’s own client devices are lured away by an unmanaged access point for nefarious purposes?
What if some bad actor uses Wi-Fi technology to attack the enterprise’s Wi-Fi network, its data or devices?
Then of course, network administrators should be able to protect against such attacks. Making sure the enterprise network can operate in the face of an attack is beneficial – to the public as well as to the enterprise.
Additionally, there are other limited cases of enterprise regulation of Wi-Fi that should be allowed to stand. A hospital may not want Wi-Fi in portions of its facilities. An enterprise may have a secured lab or portions of a government facility may be “off limits” to consumer electronics, including Wi-Fi. Those are fair constraints, and the FCC should permit reasonable exceptions when there is a compelling interest, particularly in locations where the general public is not routinely present.
As Wi-Fi continues to become the leading form of Internet access, questions like this one will surely arise.
The FCC and interested parties must take steps to ensure that Wi-Fi continues to thrive for the benefit of consumers, businesses and the economy.
As a company with deep roots in the North Carolina community, Cisco will today present a $463,000 check to the Food Bank of Central & Eastern North Carolina. This contribution is part of the Cisco’s 12th Annual Global Hunger Relief Campaign and reflects donations from more than 600 employees to the Food Bank, as well as matching funds from the Cisco Foundation and John Morgridge’s TOSA Foundation.
The donation will be presented today at a food sort at the Food Bank’s Durham branch, which will be attended by U.S. Congresswoman Renee Ellmers of North Carolina, Food Bank President Peter Werbicki, Food Bank Board Chairman Barry Barber, as well as three dozen Cisco volunteers.
Hunger is a silent tragedy, which affects more than half a million people in North Carolina every month. At Cisco, we’ve made fighting hunger a company-wide priority, and are incredibly proud of our longstanding support for the Food Bank of Central & Eastern North Carolina. The work the Food Bank does is critically important in our community.
Helping Families in Need
Food insecurity remains a serious problem in Central and Eastern North Carolina. More than 651,000 individuals struggle to access nutritious and adequate amounts of food every year. One in 3 of these individuals are children, and 8 percent are elderly, and 30 percent of these households have at least one employed adult.
Established in 1980, the Food bank of Central & Eastern North Carolina is a nonprofit organization that provides food for people at risk of hunger in 34 counties. Last year, the Food Bank distributed more than 53 million meals to a network of more than 800 partner agencies such as soup kitchens, food pantries, shelters and programs for children and adults through 6 branches in Durham, Greenville, New Bern, Raleigh, Sandhills (Southern Pines) and Wilmington.
Cisco’s Global Hunger Relief Campaign
In addition to the direct donations, Cisco employees have volunteered more than 1,500 hours at the Food Bank. Cisco has proudly supported the Food Bank of Central & Eastern North Carolina since 1996, and is the single largest corporate contributor to the organization.
Tuesday’s event is just one part of Cisco’s annual giving campaign to help stop global hunger in Raleigh-Durham and around the world. This is Cisco’s 12th annual Global Hunger Relief Campaign, involving over 160 food agencies worldwide.
Since Cisco began our hunger relief campaign, we have raised more than $40 million dollars for hunger relief, which translates into nearly 160 million meals for those who need it most.