As the Prism scandal, the secret U.S. National Security Agency (NSA) Internet surveillance program leaked by whistleblower Edward Snowden, continues to unfold, it has thus far provoked wide discussion regarding the purchase of networking equipment by the Chinese government and enterprises, as well as their security holes – as uncovered by the recent controversy.

According to Snowden, the NSA has monitored China's networks and computers through Cisco routers. Although Cisco Systems Inc., the giant networking equipment supplier, issued a statement denying any involvement in the surveillance program on June 19 for the first time after the exposure of the Prism project, it indeed plays a part in building almost all major network projects in China, covering key sectors such as the government, customs, postal services, finance, railways, civil aviation, medical treatment and military security. Additionally, Cisco also has a hand in the construction of the networking infrastructure of both China Telecom and China Unicom, two of China's tycoon telecommunication providers.

Meanwhile, Cisco is also the major supplier of the U.S. government and military communications and networking equipment. Security experts are hence concerned that once a war breaks out, the U.S. government may use globally-covered Cisco products in order to launch a fatal cyber attack on its enemies.

Government and enterprise procurement security

The U.S. House of Representatives Intelligence Committee issued a report in 2012, claiming that the U.S. telecommunications operators should avoid working with China's Huawei and ZTE, two leading network equipment manufacturers, since they may pose a threat to U.S. national security. In the same vein, the Indian government, out of concerns for its national security, banned its telecommunications operators from purchasing Chinese equipment as early as May 2010. Both cases show that nations all over the world, out of concerns for their national security, not only take security issues seriously when purchasing equipment, but also demonstrate a strong precautionary consciousness in terms of mandatory requirements.

As for China, although its government and enterprises do pay attention to security issues when purchasing equipment, their main concern still centers on the overall security such as the firewall, intrusion prevention and setting up a DMZ (Demilitarized Zone). Few of them have ever kept a watchful eye on switchboards and other equipment that may access confidential information, according to an unnamed source with Huawei.

Cisco, which now finds itself involved in the Prism controversy, is indeed being accused of acquiring information through routers.

According to the Huawei source, there is a network operating system present in routers and switchboards, which can be used by both users as well as developers. Nevertheless, developers have access to information in the back end that is not available to ordinary users, which the industry refers to as the "back door." The "back door," in other words, is created by developers to access the system without being known to users. As a matter of fact, as long as one taps into the routers on the backbone network, one will have access to thousands of computers instead of having to hack computers one by one. In doing so, the hacker can obtain information from practically any computer.

How to fix security holes?

When networks security holes are detected, both the Chinese government and enterprises usually remediate through software, hardware and security systems, for instance, purchasing firewalls, managing Internet behavior and adopting various kinds of attack-prevention measures. Few have paid sufficient attention to the information security incurred by router invasion though, according to the industry source.

In fact, the Prism program is not the only case in which an invasion was enabled by means of routers. In 2011, 4,500,000 households in Brazil fell victim to so-called "modem invasion," directing them to fraudulent sites that subsequently copied their online banking credentials -- which resulted in huge financial losses.

The Cisco router issue revealed by the scandal should draw the attention of the Chinese government, enterprises and general public to the issue of information security -- including those systems involving routers.

"The arm cannot beat the thigh"

As revealed by Snowden, not only Cisco, but Google, Yahoo, Microsoft, Apple, Facebook, AOL, PalTalk, Skype, and YouTube have all been involved in the Prism project.

Although Google and Facebook have denied being part of the NSA surveillance program and Microsoft and Yahoo have issued similar statements, the industry source argued, by quoting an old Chinese saying that "the arm cannot beat the thigh," that enterprises are unable to say no to the government if the latter makes any demands. "As to what the government will have access to, that all depends on what they want to have access to."

The issue has also sparked a debate on how enterprises should balance the responsibility for their customers'privacy and the governmental demands of access to information.