Then the answer is not to send the hardware to empty buildings, but to install a GPS tracking device in the shipping container, and see where it goes off-course. Bonus points if you can track it all the way to the NSA modification warehouse, but at least if you know where it got diverted, you can figure out *how* it gets diverted. I suspect the truck drivers are in on it, but without tracking data, that is just a theory.
Why on earth wouldn't you just presume that they are sitting in the CBP cargo control office waiting for anything marked Cisco? Secret warehouse? What is this, a Bond movie? It's a guy with a laptop and a cubicle at the port of Los Angeles who sifts through manifests and then saunters out for a few hours when he spots a ripe container, does his flashy flashy, puts some pretty tape back on the box, and no one is the wiser. The guy who works in Memphis at the border control office for the Fedex hub has it even easier, he just waits for the box to come down the conveyor and "inspects" it for a few minutes and sends it on its way.
You make a good point though, Cisco doesn't seem to have any problem with the premise that US intelligence agencies can basically do anything with their products after they leave the warehouse, but is glad to set up an extra layer of work (for a fee!) to help (not really) remedy it. If they wanted to actually stop this from happening they would take a completely different approach, like just doing final assembly over seas, since all the freaking parts come from Asia anyway.