First, a little perspective: Most intelligent networking equipment, manufactured by almost any vendor anywhere in the past 20 years have been shown to contain some kind of a backdoor. Master passwords for routers and secret technician codes for mobile phones or set top boxes have been published over the year (not to mention those secret key combination in Microsoft products that invoke flight simulator games). This development begs two questions:
What percentage of infrastructure, civilian as well as military, is vulnerable to APT (enemy) shutdown?
The answer really depends on which country, what infrastructure and who is the enemy. In general large modern economies with decentralized infrastructure are less vulnerable. If you have twenty telcos, for example, each using equipment from 2-3 different vendors than the chances for a single blow by an adversary that controls a back door in the equipment of a single vendor are low.
What can companies do about it?
The “text book” mitigation strategy is indeed the use of redundant equipment by multiple vendors. This recommendation conflicts with the attempt to lower the costs of deployed system (as operating two different types of equipment by the same team is of course more costly).
Authors & Topics: