When you don't control your own manufacturing, it's only a matter of time before you run the risk of having someone mess with your products without your knowledge or control. However, since they are far more concerned with shortterm numbers than keeping control of their business over the long haul, that lesson is going to remain lost on Cisco: 

Counterfeit products are a routine threat for the electronics industry. However, the more sinister specter of an electronic Trojan horse, lurking in the circuitry of a computer or a network router and allowing attackers clandestine access or control, was raised again recently by the FBI and the Pentagon.

The new law enforcement and national security concerns were prompted by Operation Cisco Raider, which has led to 15 criminal cases involving counterfeit products bought in part by military agencies, military contractors and electric power companies in the United States. Over the two-year operation, 36 search warrants have been executed, resulting in the discovery of 3,500 counterfeit Cisco network components with an estimated retail value of more than $3.5 million, the FBI said in a statement.

The FBI is still not certain whether the ring's actions were for profit or part of a state-sponsored intelligence effort. The potential threat, according to the FBI agents who gave a briefing at the Office of Management and Budget on January 11, includes the remote jamming of supposedly secure computer networks and gaining access to supposedly highly secure systems. Contents of the briefing were contained in a PowerPoint presentation leaked to a Web site, Above Top Secret.

The military maintains a large list of IT products that are approved for use by its employees and contractors, and almost all of the products on the approved products list are "American-made." However, one of the areas where this falls short is that very few products are entirely American-made today, and a lot of the products are made by companies that routinely use immigrants heavily such as Oracle and Microsoft. While that shouldn't necessarily be a cause for alarm, it is food for thought when considering the fact that there are employees of these companies who have no clear-cut reason to be loyal to our country when writing code that will go into the products the military uses.

Things only get a lot worse when products like routers, which are small embedded devices that cannot be easily examined for tampering, get made overseas in countries like China. Those who automatically dismiss any suggestion of danger as conspiracy theory mongering may blissfully ignore this issue, but it is one that has potentially devastating security implications because it is so much harder to effectively update compromised embedded systems. While a company with a competent IT staff may be able to quickly roll out updated firmwire from Cisco, that's not the case with small businesses, homes and an enterprise as large and diverse as the military. People tend to forget that the Department of Defense is by a wide margin the largest employer in the United States if you count up active duty servicemen, reservists, national guard, civilian employees and contractors. Its infrastructure is massive on a scale that few can come close to matching, and throwing in compromised, counterfeit routers has a high probability of them not getting discovered.