recommended reading

Cisco takes on rogue suppliers with device to ID counterfeit parts

Paul Sakuma/AP File Photo

Computer equipment maker Cisco soon will release a tool that automatically detects imitations of its branded products on federal customer systems, a Cisco executive told Nextgov.

For years, many U.S. agencies unwittingly have bought and installed counterfeit Cisco goods from  retailers, jeopardizing the security of government networks, according to the company and federal authorities. Procurements of fake hardware and software are a growing problem governmentwide, notably within the Pentagon. After ordering military-grade electronics between August 2011 and February 2012, undercover agents with the Government Accountability Office received 40 price quotes for bogus parts from online retailers based in China. 

“There are rogue partners out there that represent themselves as Cisco partners and they are not,” Patrick Finn, Cisco senior vice president for the public sector, said during an interview. “We are working with the customer to ensure that when they buy a piece of Cisco equipment it is a piece of Cisco equipment.”

Weeding out forged routers and switches “has been something that’s been a focus for us” on the supply chain side of the business, he said. Some of the fraudulent branding comes from China, Finn added.

Cisco reports that one government department bought apparent Cisco routers from a reseller that, upon investigation of serial numbers, turned out to be lower quality products with expired warranties modified to look highly secure. The department believed the items were authentic because they arrived in sealed boxes and seemed new. In a separate 2008 case, the Justice Department alleged that the Marine Corps, Air Force, Federal Aviation Administration and FBI were sold faux Cisco goods originating in China.

The number of suppliers trafficking in risky electronics headed for the government, including counterfeit products, has surged 63 percent during the past decade, according to an Oct. 29 analysis by supply chain research group IHS. In 2002, 5,849 vendors were reported distributing suspect items and in 2011, the population of fraudsters had grown to 9,539 suppliers.

Do you want to know more about the outlook for federal IT in 2013? Attend Nextgov Prime on Monday, Dec. 3, where key lawmakers will outline their plans for reforming the way agencies buy technology. Our expert panels will discuss the future of cloud computing, cybersecurity, data analytics and more. 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.