Analytics // Security Monitoring
11/27/2013
01:10 PM
Connect Directly
RSS
E-Mail
100%
0%

NSA Surveillance Fallout Costs IT Industry Billions

Analysts predict US tech companies may lose $180 billion by 2016 due to international concerns about intelligence agencies' spying.

10 Cool DARPA Projects In Development
10 Cool DARPA Projects In Development
(click image for larger view)

Creating a massive digital dragnet designed to help U.S. intelligence agencies spot terrorists before they can strike might sound great in the abstract. But what are the real-world implications?

For US technology firms that sell hardware, software, and services, that would be a collective loss of $22 billion to $35 billion through 2016 due to foreign businesses and governments worrying if the National Security Agency (NSA) can spy on those products or services. That figure comes via the Information Technology & Innovation Foundation (ITIF), a Washington-based policy research group backed by many leading technology firms, including Cisco, Google, IBM, and Intel.

"The potential fallout is pretty huge given how much our economy depends on the information economy for its growth," Rebecca MacKinnon, a senior fellow at Washington-based policy group New America Foundation, told Bloomberg. "It's increasingly where the U.S. advantage lies."

[ Government data mining is here to stay, and it puts your confidential business data at risk. See NSA Surveillance: First Prism, Now Muscled Out Of Cloud .]

But by other analysts' reckoning, however, the ITIF's estimate is too low. Forrester, for example, recently estimated that losses for cloud businesses -- that market is lead by HP, Cisco Systems, and Microsoft -- and managed service providers (MSPs) would total $180 billion through 2016. For comparison's sake, that would be equivalent to about 25% of the annual US defense budget, including spending on the Iraq and Afghanistan wars. Furthermore, Forrester estimated that cloud providers and MSPs might see their revenues decline by 20% over the next three years.

"If a foreign enemy was doing this much damage to the economy, people would be in the streets with pitchforks," Sen. Ron Wyden (D-Ore.) said last month at a Cato Institute conference, The Washington Times reported. Likewise, Rep. James Sensenbrenner (R-Wis.), who authored the Patriot Act, which the White House said authorizes the NSA's digital dragnet, has accused the intelligence agency of overreaching. Some critics, however, have asked why Congressional oversight mechanisms failed to rein in the NSA's surveillance programs.

Still, don't blame just Congress, the White House, or the NSA for the expected business fallout, Forrester analyst James Staten said earlier this year in a blog post. "It's naive and dangerous to think that the NSA's actions are unique. Nearly every developed nation on the planet has a similar intelligence arm which isn't as forthcoming about its procedures for requesting and gaining access to service provider -- and ultimately corporate -- data," he said. For example, Germany's G10 act empowers that country's intelligence agencies to "monitor telecommunications traffic without a court order," he said.

Many technology firms say they've already seen the NSA surveillance scandal start to hit their bottom line. For example, Cisco, which is the world's largest networking equipment manufacturer, recently blamed the NSA revelations for causing buying hesitation in some emerging markets. While Cisco said it had seen only "nominal" concern over the NSA in many countries, it did see a 12% decline in sales in emerging markets, with Chinese buyers, especially, becoming more wary. "It's not having a material impact, but it's certainly causing people to stop and then rethink decisions, and that is reflected in our results," said Robert Lloyd, Cisco's president of development and sales, during a Nov. 13 conference call that reported good earnings, but a bad outlook.

That same day, Richard Salgado, Google's director of law enforcement and information security, warned the Senate Judiciary Subcommittee on Privacy, Technology, and the Law that the NSA's spying activities had caused governments in some countries -- including Brazil and Norway -- to rethink how they'll procure cloud services or work with US firms. Brazil, for example, has introduced a bill that would require service providers such as Google to store all Brazilian data in the country or risk massive fines.

Salgado, in his testimony, said those types of efforts could undermine today's Internet. "If data localization and other efforts are successful, then what we will face is the effective Balkanization of the Internet and the creation of a 'splinternet' broken up into smaller national and regional pieces with barriers around each of the splintered Internets to replace the global Internet we know today," he said.

The use of cloud technology is booming, often offering the only way to meet customers', employees' and partners' rapidly rising requirements. But IT pros are rightly nervous about a lack of visibility into the security of data in the cloud. In this Dark Reading report, Integrating Vulnerability Management Into The Application Development Process, we put the risk in context and offer recommendations for products and practices that can increase insight -- and enterprise security. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
danielcawrey
50%
50%
danielcawrey,
User Rank: Apprentice
11/27/2013 | 3:03:46 PM
Splinternet
Unfortunately, I believe that the Splinternet is coming. Blame it on the NSA, blame it on the FBI's suveillance unit, blame it on the White House. 

At this point, the blame game doesn't really do us any good. What needs to be done is something to fix these problems, or at least a step towards fixing them. 
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
11/27/2013 | 3:12:22 PM
Re: Splinternet
Daniel:  While I can't condone the NSA's over-the-top campaign to snoop into everyone's background, I think the leading reason the splinternet is coming stems from old-fashioned economic greed.  Clearly cable companies, phone companies and others want to charge everyone more for accessing the Internet, and that will lead to social divides that violate the very essence and spirit of sharing information globally. 

Can we tame the NSA at the same time?  Yes, we can. Will we? I have my doubts if Congress has the stomach to do so.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
11/27/2013 | 3:32:38 PM
Re: Splinternet
>Can we tame the NSA at the same time?  Yes, we can. Will we? I have my doubts if Congress has the stomach to do so.

 

I suspect you're right and that will only encourage further Internet balkanization. The Russians and the Chinese don't want to use US-controlled GPS. It follows that they'd prefer to avoid a US-dominated Internet. Other countries have long been agitating for greater control of Internet governance. I would not be surprised if we end up with national networks, tenuously linked to each other, in a decade or two. Governments don't like that which they can't control.
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
11/27/2013 | 3:49:53 PM
Re: Splinternet
True, Tom. If I were Russian or Chinese, I'd probably be a tad uncomfortable with the idea of using a global network built by DARPA  -- although we seem to get along pretty well in the International Space Station.

Why can we all just get along?
CLAFOUNTAIN100
100%
0%
CLAFOUNTAIN100,
User Rank: Apprentice
11/27/2013 | 4:13:00 PM
Re: Splinternet
Good point; however, in any particular market, there are "bubbles" created by Government to put people to work.


During the bush administration, there were too many "bubbles" created in my mind.
RichardV928
50%
50%
RichardV928,
User Rank: Apprentice
11/27/2013 | 11:10:10 PM
Re: Splinternet
We don't get along.

The Chinese have their own space station and are landing on the moon next month and may pollute it in the process.

We don't get along at all.
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
11/27/2013 | 3:07:46 PM
Reality Checks
Mr. Staten claims that "Nearly every developed nation on the planet has a similar intelligence arm" to the NSA. No they don't. Aside from possibly China or Russia, there is nothing remotely similar to the NSA, which is using extremely sophisticated method to intercept communications in ways that are far beyond the reach of almost any country.  And judging by the reaction of our major allies, they aren't listening into the phone calls of other allies, either. The NSA can proudly claim "We're no. 1!"

Rep. Wyden adds: "If a foreign enemy was doing this much damage to the economy, people would be in the streets with pitchforks,"  Hmmm. Maybe we better gather in the barnyard boys and girls, because numerous sources have reported China has broken into the systems of almost every major US corporation and government agency in the US (and probably elsewhere). The costs of that have gotta be adding up, though I haven't seen an estimate of the economic damage in total.

 
UberGoober
50%
50%
UberGoober,
User Rank: Apprentice
11/27/2013 | 3:28:13 PM
Re: Reality Checks
The French DSG may not be 'similar,' but the folks on the Rainbow Warrior might think they are even worse in spirit... 

 

IMHO, the issue should be the topic of a robust debate.  I don't want my info collected, and I certainly don't want the current administration able to paw through it and use it for political gain they way the used the IRS, but I don't want a RIF to pop a nuke in Times Square, either.   Frankly, I suspect the cost/benefit ratio for the NSA data collection may be a lot better than having the TSA pawing grannies and infants, but it would be nice to have some real dialog about the issues without having idealogues from both sides staking out reflexive extreme positions and then talking over each other.
anon3508728476
50%
50%
anon3508728476,
User Rank: Apprentice
11/27/2013 | 4:41:27 PM
Re: Reality Checks
I am so tired of these "naiive" arguments.  Yes the U.S. is special historically, because we stand historically for good principles.  Why cannot be take the high ground here?  Just because others can do it does not mean we should.  Also, all the trash arguments about that this is inevitable becasue of technology are pure hogwash.  If anything the mathematics and hardware which could be devised to protect rather than compromise secure communications could be BETTER not worse than in the era of PAPER MAIL and TELEPHONES.  Its pure nonsense from and engineering and software perspective.  There exist P2P algorithsm which no computer except a quantum computer (which are a long way off) could ever crack in the lifetime of the universe.  It can be done.  These infringements directly contradict our constitutional principles and are blantantly deliberate, and there is plenty of benefits which corporations can get from miniing private data from individuals and corporate competitiors, so this is all definitely complicit.  If we don't stand up for the right thing, who will???
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
11/27/2013 | 5:39:47 PM
Re: Reality Checks
anon:  Who are you arguing with? Who argued that the US should do it? Who argued that technology is to blame?  It seems you're shadow-boxing, my friend.
DanS776
50%
50%
DanS776,
User Rank: Apprentice
11/27/2013 | 4:27:37 PM
Blackberry Technology
Blackberry is not an American Corporation and has bullet proof security. Apple and Google phone systems are easy to trace, hack, and survey by any government agency.
J_Brandt
50%
50%
J_Brandt,
User Rank: Apprentice
11/27/2013 | 5:33:02 PM
Re: Blackberry Technology
@Dan, what makes you think Blackberry is so bullet proof?
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
11/27/2013 | 5:41:14 PM
Re: Blackberry Technology
J Brandt/Dan:   Blackberry IS known for its heightened security, but no security is "bullet proof."
DanS776
50%
50%
DanS776,
User Rank: Apprentice
11/27/2013 | 8:23:30 PM
Re: Blackberry Technology
The U.S. military, the Pentagon, and the NSA use Blackberry telephones. Why? Because they are secure.
jgherbert
50%
50%
jgherbert,
User Rank: Apprentice
11/30/2013 | 9:12:18 PM
Re: Blackberry Technology
@DanS776: the approved list for DoD appears to go way beyond BB -- https://aplits.disa.mil/processAPList.do?group=Multi%20Function%20Mobile.

 

Pentagon too: http://www.infoworld.com/d/mobile-technology/pentagon-approves-samsung-knox-blackberry-10-ios-approval-imminent-217877

 

And many branches of government have been using NSA-Approved GD Sectera phones for ages (one of which is now the Samsung Knox) - http://www.gdc4s.com/gd-protected?taxonomyCat=504

 

So nothing against BB - they are still the majority phone in use, but they're not the only approved solution.
samicksha
50%
50%
samicksha,
User Rank: Apprentice
11/29/2013 | 4:21:00 AM
Re: Blackberry Technology
Even i am suprised @Dan, how are you so sure about BB security. Although i cannot deny the fact that BB keeps strong security measures. Other than this...

Polls conducted in June 2013 found divided results among Americans regarding NSA's secret data collection.Rasmussen Reports found that 59% of Americans disapprove, Gallup found that 53% disapprove,and Pew found that 56% are in favor of NSA data collection. Source: Wikipedia.
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
11/27/2013 | 4:53:05 PM
Embedded authority to spy
Other countries don't invest in surveillance to the degree that the NSA has, but they have the laws on the books enabling them to do so. They are often embedded in an existing law rather than screaming out their existence, as in the U.S. Patriot Act. The Netherlands' is under Article 2 2(b) of the Personal Data Protection Act; likewise, in the UK under Section 5 of the Regulation of Investigatory Powers Act; also, Germany under Section 28(8) of the German Federal Data Protection Act.
DanS776
50%
50%
DanS776,
User Rank: Apprentice
11/27/2013 | 8:29:36 PM
Blackberry Security
RIM's Blackberry technology and Playbook devices still are the only mobile devices with "authority to operate" on Department of Defense networks.
GeorgeH239
50%
50%
GeorgeH239,
User Rank: Apprentice
11/28/2013 | 2:04:43 PM
Isn't this just fine

 

As industry in the U.S. was being snuffed out by our own govt (court decisions favoring unions' overpricing labor, EPA regulations, etc., etc.), the story then became that we would become an information economy: we would supply software and information systems innovation, etc. to the world.

 

 

Now, the "information economy" is out the window, thanks again to our govt and their incessant insistence on snooping into every aspect of everyone's lives.

 

 

tsreyb
50%
50%
tsreyb,
User Rank: Apprentice
12/17/2013 | 6:32:39 AM
Gross impact or net impact
The lost revenue is recouped partially, if not completely, by the fact that tech firms need to develop (& sell) the features for enabling surveilance. The customers include not only the NSA but also other govenmental agencies from all over the globe. 
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2336
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.