> Three months later, the company refused to renew its licenses.
Does the equipment stop working?
I don’t understand how any country in the world is using equipment that can be turned off by the manufacturer. Infrastructure, communications, farming, etc. should all be run with non-revocable licenses. Make it the law.
Cisco IOS/IOS-XE routers and switches will complain that you haven't licensed them correctly, but it doesn't impact functionality.
Cisco shot both it's feet years ago with an unpopular "SMART Licensing" scheme. One of my proudest moments as a net tech was the shocked silence when I told a room of Cisco employees that we weren't upgrading our 3850s past 16.6 (or something) because we refused to deal with their SMART licensing. They came up with a solution and we ended up upgrading (there was a feature in a later version that we wanted).
In the past, there were different software images for different feature sets. If you could get ahold of an image you didn't pay for, it would just work and you'd have functionality that wasn't licensed.
In the really distant past, this worked but not well because you'd need specialized hardware for things like fast encryption for VPN. So, if you didn't pay for the securityk9 license and used the 2811 without a VPN module, it would work but not well.
Anyways, I'm not aware of Cisco having any ability to brick customer equipment. I read this article as saying they destroyed their own property in branches and warehouses within the Russian Federation.
You're right, but you might be disappointed in how seldom network operators actually install updates. It isn't uncommon to find switches with a year of uptime still running the factory software that came preinstalled. (I'm obviously not trying to defend this malpractice!)
You can easily find firmwares for older EOL systems. Cisco isn't even gonna fight that. Readily available on the Bay of Yarrrrrrr
Newer firmwares for Cisco, Juniper, Brocade, et al, are a little harder but still easy to find.
In both cases caveat emptor, since you have no way of knowing if they're trustworthy or not. I messed around with some older yarrrrrr firmware when I was studying for my CCNP and built a lap from craigslist hardware, but that was behind a pfsense firewall I built myself and kept totally away from anything that mattered. No malicious behavior AFAIK, but I'd never trust those IOS/IOS-NX images in Prod.
Well, Cisco publishes both MD5 and SHA-512 hashes for all their updates. It would be pretty impressive for a bad guy to build an evil file that has both an MD5 and also SHA-512 collision. You might need an active CCO account to view http://software.cisco.com, though.
But that's like saying if you don't pay your mortgage the bank isn't allowed to repossess your house. You think banks are going to keep providing mortgages?
The ability to remotely disable equipment is essential in order to allow for cheaper financing plans, to make sure customers don't steal stuff they haven't finished paying for, or that they've only been leasing.
Sure, you could pass a law prohibiting that. But then customers have to pay a whole lot more in financing/leasing because there's much more incentive to stop payment but keep the equipment, and repossessing the equipment gets messy. (You can move/hide a tractor or a router much more easily than you can move a house.)
Several times in my 20 year career I’ve seen startups get financing for equipment then turn around and not pay the bill. Makes perfect sense to add this kind of DRM for financing but we all know nation states will abuse it.
I don't think that answers the question. OP asked (probably) about hardware deployed on client premises, but running proprietary software requiring license (or perhaps subscription as the "renew" suggests?).
Not your production -- not your coins^W hardware. In peacetime, it doesn't matter too much, because nearly nothing can outweigh the reputation loss if there is a case of remote equipment sabotage. In wartime, however, all bets are off.
Not that I have any pity towards Russia, but, say, China can also do this in the case of war.
Payments to and from Russia are sanctioned, some banking/government services apps removed from the stores, but everything else works as before. And since Android allows 3rd party app stores, Russia has now its own app store where you can get everything what was banned due to sanctions.
Also as a software company you anyway don't want people massively using old versions of your product with publicly known security flaws.
"New large YourProduct botnet noticed by security researchers" is never a good publicity in media even if botnet consists of sanctioned users' devices.
This is very bizarre. All sanctions have carve-outs for exactly the Cisco products (so that customers can always safely get online!) Now it will all get replaced with Huawei products. How is this better?
Part of the point of sanctions is to reduce Russia's options, it's understood that some products will just get replaced by ones from outside the geopolitical "West".
Presumably they weren't already using those other options before because they were worse for some reason or another, and so it still hurts to have to switch. Plus, having fewer options may mean it's harder to negotiate a good deal.
Breaking the inertia on a whole bunch of geopolitical norms has been the largest result of all this mess.
Freezing foreign reserves and restricting access to international financial messaging systems etc is probably the biggest change to the status quo and the reverberations of that have set in motion huge changes.
The unilateral sanctions have been levied before, but usually only against "backwater" places that have no chance to fight back and thus most countries with a functional military and economy were never too scared of it.
Applying the same sort of doctrine against a functional (even if barely so) nation like Russia has set off alarm bells in every nation that doesn't identify as "Western". This is why you are seeing actual progress towards international trade being settled in non-USD currencies. The breaking of petrodollar and the shifting allegiance of OPEC away from the West after ~40 years of tenuous "cooperation" is also a big consequence of this.
It's very unclear waters ahead now. I'm not really sure breaking all these norms was worth it vs just sending traditional support and utilising traditional sanctions. If Russia was expelled from Ukraine within months of enacting it then I might have had a different view but now I'm sceptical this was a good idea.
A mistake to...sanction a country for invading their democratic neighbor for no other reason than imperial ambitions? A country that's kidnapping children en masse and flinging missiles at civilian targets while speedrunning their way to maximum war crimes?
No, it would've been wrong not to sanction Russia. The West's only mistake has been not sending arms to Ukraine even faster.
The problem is, is that it is just not Russia. Other countries are starting to learn that they could be sanctioned or cut off. Not only that the assets of private citizens can be seized easily. Wars happen, conflicts happen after all something similar could have been said about the Middle East.
Until they are replaced they will not get updates, leaving them open for possible intrusions. Let them have Chinese equipment, starving them of western technology to reverse engineer, steal or sell to competitors isn’t a bad thing either.
Probably, but will they be able to reverse engineer and produce successfully?
Everything I've read about Russia indicates that, while they have plenty of smart engineers*, the business culture and civic society are so messed up that they have lots of problems actually making things in practice. Too much corruption and people trying to take advantage of each other.
* Well, maybe less now, since so many IT workers fled
Because you're not getting that hardware out of Russia through normal channels.
In the best of times, in the best of places, you'd be able to do that. Decommission the hardware in use, pack it all up, ship it wherever.
It is not the best of times in Russia and it was never the best of places.
In the best of times while operating in an adversarial market (to put it diplomatically), you have to know you're doing this well in advance and slowly phase out the equipment. Some of it is likely physically installed in the locations. And you have to do this while essentially receiving no new equipment. Which you could do by just faking shipments and manifests. But you're effectively smuggling at this point.
Now, with everything going on. You have to worry about Russia just sort of claiming your hardware/business/people and daring you to come get it. You get your people out and torch everything you can on your way out.
It'd be really impressive if the NSA could intercept shipment a router manufactured in Russia or China, and then re-insert the shipment into the supply chain.
Now I know why Cisco gear always takes forever to ship.
Tons of networking components contain microprocessors, microcontrollers and programmable logic with excess capacity for their role and could hide implants in software, firmware or even bitstreams without changing a single part of the hardware e.g. leaking encryption keys as jitter observable to a passive attacker, just waiting for backdoor command to e.g. drop or massively delay 90% of all traffic or even fry the hardware by overvolting or intentionally violating bus arbitration rules having multiple push-pull drivers active at the same time on a bus. You're only limited by the available time, physical access, hardware and the creativity of your paranoia. Should such implants exist it could be installed in a few minutes either through the whatever update process is supposed to patch the involved components or through, exposed test pads or even clipping suitable packages on the boards e.g. a serial flash chip. It's a scary paranoid idea.
There is no need to add imaginary Chinese spy chips to Supermicro mainboards the common AST2x000 BMC chips are already ideal spy chips by design and given the observed quality of the firmware e.g. there used to be an undocumented command available via the SSH management shell to drop into a root shell on the BMC and you could just download the plaintext password file required to log in via HTTP. While disclosing the password file via SSH is bad you can't even blame Supermicro for storing the plaintext passwords in the first place since IPMI BMCs have to store the plaintext passwords because they're required for the terrible challenge-response handshake mandated in the protocol which doesn't allow storing only a precomputed salted hash over the password. How many companies dispose of old servers without wiping the BMC passwords? How many of them reuse a single password over large parts of the server fleet? Some days I find it hard to attribute this to incompetence instead of malice. Now where have I left my tinfoil hat? sigh
1- That involves added costs that you may or may not recoup (read sibling comment about Russia "not allowing it" which doesn't seem out of hand). So if you don't want it in the current State's hands, and you can't reliably export them, destruction might be the right choice.
2- Part of the goal may be the headline. Either good press for Cisco or bad press for Russia, but visibility can be a goal as well.
I like the idea of scorched earth when you are forced to leave because of outside circumstances (war, politics, etc.). Burn it down!
But for serious, likely too risky to have the potential for anything that can fall into a sanctioned country’s hands. Just destroy it and write it off.
Cuirously, Putin has been photographed with Video Conferencing gear similar to what Cisco sells, but from competitor Polycom ( now known as Poly, but made when it was Polycom )
I can't imagine this is anything more than a good opportunity to cut bait and get a good pres release on the write-off
If you start believing only bad news about an adversary, they'll publish it themselves in order to mislead you and downplay their capabilities.
Just assume everything coming from them is propaganda and draw your own conclusions from sources that can't be puppeted by an enemy regime playing hardball psyops with social media for the last two decades.
I guess we will wait until Cisco says the same thing ..... But Cisco is an American company . America is in NATO .I'm American too this website is also based on the US . We are all paid shills and you are the only real person here
Does the equipment stop working?
I don’t understand how any country in the world is using equipment that can be turned off by the manufacturer. Infrastructure, communications, farming, etc. should all be run with non-revocable licenses. Make it the law.