[ISN] Cisco Saves The World -- On TV

InfoSec News isn at c4i.org
Wed May 18 03:11:24 EDT 2005


[After you read this article, fans of "24" might get a kick out of 
this: http://www.salon.com/ent/feature/2005/05/16/24/index_np.html - WK]

By Fredric Paul
May 17, 2005

Did anyone happen to see the TV show "24" last week? You know, it's 
the Monday-night Fox series where counter-terrorist Jack Bauer, played 
by Kiefer Sutherland, spends a desperate day trying to save America 
from various forms of annihilation. Well, I've been Tivo-ing the 
series since it started four years ago, and it's had its share of 
jump-the-shark [1] moments. 

But I fell out of my Lay-Z-Boy last Monday night when a nuclear 
terrorist's attempt to penetrate the show's Counter Terrorist Unit's 
computer network was foiled by a new security system said to have been 
just installed the previous night. 

It wasn't just any security system, you see, it was a CISCO security
system. You can see the clip on Cisco's Web site [2], (QuickTime
required) and here's a rough transcript of the conversation between
Chloe, the show's cranky computer expert, and Buchanan, the suit in
charge of CTU:

Chloe: How did this happen? Mr. Buchanan, the network security monitor 
lit up. Someone on the outside is trying to jam our satellite servers. 

Buchanan: Could this just be high network load? 

Chloe: No, it's definitely a denial of service attempt. What do you 
want me to do? 

Buchanan: Did it do any damage yet? 

Chloe: No, the Cisco system is self defending. 

Buchanan: Alright, have one of your people use the security auditor 
tool. Maybe it'll give us Marwan's network. [Note: Marwan is a 
terrorist attempting to blow up a stolen nuclear bomb.] 

Chloe: That was my point from the start. 

Buchanan: Chloe, we're in active code. We don't have time for your 
personality disorder. [Note: Lines like this are why I still love the 
show despite its numerous missteps.] You understand me? Chloe! Yes or 

Chloe: Yes, sir. 

During this conversation the words "Cisco Security Response System" 
appear on Chloe's computer screen, and the Cisco logo looms on large 
wall monitors in CTU's headquarters. After the exchange demonstrates 
the impregnability of the system, as far as I could tell the whole 
computer attack plot line is dropped as quickly as it was mentioned, 
mattering not a whit to the overall plot of the show. 

Discussion of this remarkably blatant incident is rife on the 
blogosphere [3], and I can see why. 

I was so stunned I contacted Cisco about it. A Cisco representative 
acknowledged it as "a cool placement," but said the VP of corporate 
marketing chose "not to disclose lots of details around our product 
placements for competitive reasons." He also declined to mention that 
Cisco posted the clip on its site; I found that URL via the 

He did add, though, that "Cisco has provided network technology 
solutions to the 24 production team for the past four years, since its 
inception. We believe this is an innovative way to generate awareness 
of our product solutions while enhancing content of the show." 

Well, most people don't seem to see it as enhancement of the show, but
my annoyance with product placements is not the point. (For instance,
a Cisco IP communications placement [4] on "24" didn't bother me
hardly at all, nor did the Alienware laptops used by the bad guys.)

Instead, I saw this placement as a reason to start worrying about the 
real state of homeland computer security, and about the false 
confidence we have concerning the issue. 

Do we really trust our homeland security to Cisco--or to any company 
for that matter? I mean, while the "Cisco Security Response System" 
works perfectly on TV, in real life Cisco--like most other 
companies--has had numerous security lapses. The company recently 
acknowledged that its routers, switches, and other products are 
vulnerable to denial-of-service attacks and that its IOS (Internetwork 
Operating System) may contain vulnerabilities that could permit an 
unauthorized user to complete authentication and access network 
resources and have other issues. 

Furthermore, Cisco's own source code was stolen last year, and the 
alleged perps have only recently been arrested. 

Now, I know Cisco takes security seriously. It's a big money-maker for 
the company, among other things. But the face it presents on "24" is 
that this is a problem already solved. The terrorists slink away, 
their hacking plans swiftly foiled--though it doesn't stop their 
overall operation. 

Is that really an accurate refection of the threat we face? And is it 
responsible of Cisco to present it that way? 

I'm curious to find out what you think of the product placement, and 
the message it sends. Feel free to drop me a line [5]. 

Fredric Paul is editor-in-chief of TechWeb. 


[1] http://www.jumptheshark.com/t/24.htm
[2] http://www.cisco.com/now/24/indexSecurity.html
[3] http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2004-43,GGLD:en&q=%2224%22+chloe+cisco
[4] http://www.cisco.com/now/24/
[5] fpaul at cmp.com

More information about the ISN mailing list