For cybersecurity firm CyberPoint International — headquartered in the Inner Harbor — there’s no time like the present to partner with ZTE to make the Chinese firm’s line of videoconferencing equipment less susceptible to breaches from hackers.
Hackers kicked off 2013 with a wave of cyber attacks, and the world watched as big-name companies had their security breached.
The New York Times. The Wall Street Journal. Twitter. Apple. Evernote. Tumblr. BuzzFeed has called this year the “Year of the Hack,” cautioning that America’s “cybersecurity reckoning is here.”
From where these attacks come is still unresolved, but some evidence suggests the source is China. In a 70-plus-page report, Virginia-based security firm Mandiant singles out a unit within China’s People’s Liberation Army, the “Shanghai Group,” as being responsible for recent hacks. It’s a charge China’s foreign minister denies, even as the Obama administration calls on the Chinese government to corral its cyber-criminals.
“There’s no such thing as absolute security,” said Jerry Caponera, director of CyberPoint’s Prescient Program. “But if you can identify foreign products and beef up their security, then that’s an added selling point.”
Conceptualized in 2010 and officially launched in 2011, Prescient is CyberPoint’s international program through which the Baltimore-based cybersecurity firm seeks out IT products produced in China and elsewhere across the globe, conducts an assessment of the companies producing those products, and then partners with those companies to create security fixes to products they are introducing into the U.S. market.
By late 2012, the program had released its first modified product: a hardware card called the Prescient T700S-FW High Definition VTC, outfitted with CyberPoint’s firewall system, which was inserted into ZTE’s videoconferencing equipment.
“We created a filter, with CyberPoint acting as a proxy,” said Caponera, an electrical engineer by training who lives in Ellicott City. The firewall “secures the TCP and UDP ports allowing for port filtering and blocking,” which “hardens the end-point against [denial-of-service] attacks, SYN flood attacks, and a variety of other hacks and exploits,” according to a ZTE press release.
Often overlooked by companies more keen to protect Gmail or file-sharing accounts, like those on Dropbox, videoconferencing systems can be an alluring point of attack for sophisticated hackers, as Boston-based company Rapid7 demonstrated in January 2012. (Sure, go ahead and discuss company secrets with partners in several different countries, and do it over videoconference. But are you certain no one else is listening?)
The immediate benefit for ZTE was a more secure product, but the added benefit of having a U.S.-based cybersecurity firm’s imprimatur was getting its videoconferencing gear added to the U.S. government’s list of products on the General Services Administration schedule. (ZTE’s Prescient T700S-FW goes for $4,273.40 a unit.)
So far Caponera and his team of six have worked on four different products, not all of which he can name, but Prescient began its tenure with ZTE, which makes mobile handsets and wireless telecommunications equipment in addition to videoconferencing appliances.
“We didn’t intend to start with a large Chinese manufacturer,” Caponera said. “But we started with [videoconferencing] to prove this is the right model: working with foreign products on their security.”