Analytics // Security Monitoring
11/27/2013
01:10 PM
100%
0%

NSA Surveillance Fallout Costs IT Industry Billions

Analysts predict US tech companies may lose $180 billion by 2016 due to international concerns about intelligence agencies' spying.

10 Cool DARPA Projects In Development
10 Cool DARPA Projects In Development
(click image for larger view)

Creating a massive digital dragnet designed to help U.S. intelligence agencies spot terrorists before they can strike might sound great in the abstract. But what are the real-world implications?

For US technology firms that sell hardware, software, and services, that would be a collective loss of $22 billion to $35 billion through 2016 due to foreign businesses and governments worrying if the National Security Agency (NSA) can spy on those products or services. That figure comes via the Information Technology & Innovation Foundation (ITIF), a Washington-based policy research group backed by many leading technology firms, including Cisco, Google, IBM, and Intel.

"The potential fallout is pretty huge given how much our economy depends on the information economy for its growth," Rebecca MacKinnon, a senior fellow at Washington-based policy group New America Foundation, told Bloomberg. "It's increasingly where the U.S. advantage lies."

[ Government data mining is here to stay, and it puts your confidential business data at risk. See NSA Surveillance: First Prism, Now Muscled Out Of Cloud .]

But by other analysts' reckoning, however, the ITIF's estimate is too low. Forrester, for example, recently estimated that losses for cloud businesses -- that market is lead by HP, Cisco Systems, and Microsoft -- and managed service providers (MSPs) would total $180 billion through 2016. For comparison's sake, that would be equivalent to about 25% of the annual US defense budget, including spending on the Iraq and Afghanistan wars. Furthermore, Forrester estimated that cloud providers and MSPs might see their revenues decline by 20% over the next three years.

"If a foreign enemy was doing this much damage to the economy, people would be in the streets with pitchforks," Sen. Ron Wyden (D-Ore.) said last month at a Cato Institute conference, The Washington Times reported. Likewise, Rep. James Sensenbrenner (R-Wis.), who authored the Patriot Act, which the White House said authorizes the NSA's digital dragnet, has accused the intelligence agency of overreaching. Some critics, however, have asked why Congressional oversight mechanisms failed to rein in the NSA's surveillance programs.

Still, don't blame just Congress, the White House, or the NSA for the expected business fallout, Forrester analyst James Staten said earlier this year in a blog post. "It's naive and dangerous to think that the NSA's actions are unique. Nearly every developed nation on the planet has a similar intelligence arm which isn't as forthcoming about its procedures for requesting and gaining access to service provider -- and ultimately corporate -- data," he said. For example, Germany's G10 act empowers that country's intelligence agencies to "monitor telecommunications traffic without a court order," he said.

Many technology firms say they've already seen the NSA surveillance scandal start to hit their bottom line. For example, Cisco, which is the world's largest networking equipment manufacturer, recently blamed the NSA revelations for causing buying hesitation in some emerging markets. While Cisco said it had seen only "nominal" concern over the NSA in many countries, it did see a 12% decline in sales in emerging markets, with Chinese buyers, especially, becoming more wary. "It's not having a material impact, but it's certainly causing people to stop and then rethink decisions, and that is reflected in our results," said Robert Lloyd, Cisco's president of development and sales, during a Nov. 13 conference call that reported good earnings, but a bad outlook.

That same day, Richard Salgado, Google's director of law enforcement and information security, warned the Senate Judiciary Subcommittee on Privacy, Technology, and the Law that the NSA's spying activities had caused governments in some countries -- including Brazil and Norway -- to rethink how they'll procure cloud services or work with US firms. Brazil, for example, has introduced a bill that would require service providers such as Google to store all Brazilian data in the country or risk massive fines.

Salgado, in his testimony, said those types of efforts could undermine today's Internet. "If data localization and other efforts are successful, then what we will face is the effective Balkanization of the Internet and the creation of a 'splinternet' broken up into smaller national and regional pieces with barriers around each of the splintered Internets to replace the global Internet we know today," he said.

The use of cloud technology is booming, often offering the only way to meet customers', employees' and partners' rapidly rising requirements. But IT pros are rightly nervous about a lack of visibility into the security of data in the cloud. In this Dark Reading report, Integrating Vulnerability Management Into The Application Development Process, we put the risk in context and offer recommendations for products and practices that can increase insight -- and enterprise security. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
tsreyb
50%
50%
tsreyb,
User Rank: Apprentice
12/17/2013 | 6:32:39 AM
Gross impact or net impact
The lost revenue is recouped partially, if not completely, by the fact that tech firms need to develop (& sell) the features for enabling surveilance. The customers include not only the NSA but also other govenmental agencies from all over the globe. 
jgherbert
50%
50%
jgherbert,
User Rank: Apprentice
11/30/2013 | 9:12:18 PM
Re: Blackberry Technology
@DanS776: the approved list for DoD appears to go way beyond BB -- https://aplits.disa.mil/processAPList.do?group=Multi%20Function%20Mobile.

 

Pentagon too: http://www.infoworld.com/d/mobile-technology/pentagon-approves-samsung-knox-blackberry-10-ios-approval-imminent-217877

 

And many branches of government have been using NSA-Approved GD Sectera phones for ages (one of which is now the Samsung Knox) - http://www.gdc4s.com/gd-protected?taxonomyCat=504

 

So nothing against BB - they are still the majority phone in use, but they're not the only approved solution.
samicksha
50%
50%
samicksha,
User Rank: Apprentice
11/29/2013 | 4:21:00 AM
Re: Blackberry Technology
Even i am suprised @Dan, how are you so sure about BB security. Although i cannot deny the fact that BB keeps strong security measures. Other than this...

Polls conducted in June 2013 found divided results among Americans regarding NSA's secret data collection.Rasmussen Reports found that 59% of Americans disapprove, Gallup found that 53% disapprove,and Pew found that 56% are in favor of NSA data collection. Source: Wikipedia.
GeorgeH239
50%
50%
GeorgeH239,
User Rank: Apprentice
11/28/2013 | 2:04:43 PM
Isn't this just fine

 

As industry in the U.S. was being snuffed out by our own govt (court decisions favoring unions' overpricing labor, EPA regulations, etc., etc.), the story then became that we would become an information economy: we would supply software and information systems innovation, etc. to the world.

 

 

Now, the "information economy" is out the window, thanks again to our govt and their incessant insistence on snooping into every aspect of everyone's lives.

 

 

RichardV928
50%
50%
RichardV928,
User Rank: Apprentice
11/27/2013 | 11:10:10 PM
Re: Splinternet
We don't get along.

The Chinese have their own space station and are landing on the moon next month and may pollute it in the process.

We don't get along at all.
DanS776
50%
50%
DanS776,
User Rank: Apprentice
11/27/2013 | 8:29:36 PM
Blackberry Security
RIM's Blackberry technology and Playbook devices still are the only mobile devices with "authority to operate" on Department of Defense networks.
DanS776
50%
50%
DanS776,
User Rank: Apprentice
11/27/2013 | 8:23:30 PM
Re: Blackberry Technology
The U.S. military, the Pentagon, and the NSA use Blackberry telephones. Why? Because they are secure.
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
11/27/2013 | 5:41:14 PM
Re: Blackberry Technology
J Brandt/Dan:   Blackberry IS known for its heightened security, but no security is "bullet proof."
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
11/27/2013 | 5:39:47 PM
Re: Reality Checks
anon:  Who are you arguing with? Who argued that the US should do it? Who argued that technology is to blame?  It seems you're shadow-boxing, my friend.
J_Brandt
50%
50%
J_Brandt,
User Rank: Apprentice
11/27/2013 | 5:33:02 PM
Re: Blackberry Technology
@Dan, what makes you think Blackberry is so bullet proof?
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5426
Published: 2014-11-27
MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message.

CVE-2014-2037
Published: 2014-11-26
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-6609
Published: 2014-11-26
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVE-2014-6610
Published: 2014-11-26
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dia...

CVE-2014-7141
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?