E-mail updates
Follow on Twitter
Subscribe to RSSA leading U.S. nuclear weapons laboratory recently discovered its computer systems contained some Chinese-made network switches and replaced at least two components because of national security concerns, a document shows.
A letter from the Los Alamos National Laboratory in New Mexico, dated November 5, 2012, states that the research facility had installed devices made by H3C Technologies Co, based in Hangzhou, China, according to a copy seen by Reuters. H3C began as a joint venture between China's Huawei Technologies Co and 3Com Corp, a U.S. tech firm, and was once called Huawei-3Com. Hewlett Packard Co acquired the firm in 2010.
The discovery raises questions about procurement practices by U.S. departments responsible for national security. The U.S. government and Congress have raised concerns about Huawei and its alleged ties to the Chinese military and government. The company, the world's second-largest telecommunications equipment maker, denies its products pose any security risk or that the Chinese military influences its business.
Switches are used to manage data traffic on computer networks. The exact number of Chinese-made switches installed at Los Alamos, how or when they were acquired, and whether they were placed in sensitive systems or pose any security risks, remains unclear. The laboratory - where the first atomic bomb was designed - is responsible for maintaining America's arsenal of nuclear weapons.
A spokesman for the Los Alamos lab referred enquiries to the Department of Energy's National Nuclear Security Administration, or NNSA, which declined to comment.
The November 5 letter seen by Reuters was written by the acting chief information officer at the Los Alamos lab and addressed to the NNSA's assistant manager for safeguards and security. It states that in October a network engineer at the lab - who the letter does not identify - alerted officials that H3C devices "were beginning to be installed in" its networks.
The letter says a working group of specialists, some from the lab's counter intelligence unit, began investigating, "focusing on sensitive networks." The lab "determined that a small number of the devices installed in one network were H3C devices. Two devices used in isolated cases were promptly replaced," the letter states.
Stay informed with the latest headlines; sign up for our newsletter
The letter suggests other H3C devices may still be installed. It states that the lab was investigating "replacing any remaining H3C network switch devices as quickly as possible," including "older switches" in "both sensitive and unclassified networks as part of the normal life-cycle maintenance effort." The letter adds that the lab was conducting a formal assessment to determine "any potential risk associated with any H3C devices that may remain in service until replacements can be obtained."
"We would like to emphasize that (Los Alamos) has taken this issue seriously, and implemented expeditious and proactive steps to address it," the letter states.
Corporate filings show Huawei sold its stake in H3C to 3Com in 2007. Nevertheless, H3C's website still describes Huawei as one of its "global strategic partners" and states it is working with it "to deliver advanced, cost-efficient and environmental-friendly products."
The Los Alamos letter appears to have been written in response to a request last year by the House Armed Services Committee for the Department of Energy (DoE) to report on any "supply chain risks."
In its request, the committee said it was concerned by a Government Accountability Office report last year that found a number of national security-related departments had not taken appropriate measures to guard against risks posed by their computer-equipment suppliers. The report said federal agencies are not required to track whether any of their telecoms networks contain foreign-developed products.
The Armed Services committee specifically asked the DoE to evaluate whether it, or any of its major contractors, were using technology produced by Huawei or ZTE Corp, another Chinese telecoms equipment maker. ZTE Corp denies its products pose any security risk.
In 2008, Huawei and private equity firm Bain Capital were forced to give up their bid for 3Com after a U.S. panel rejected the deal because of national security concerns. Three years later, Huawei abandoned its acquisition of some assets from U.S. server technology firm 3Leaf, bowing to pressure from the Committee on Foreign Investment in the United States. The committee evaluates whether foreign control of a U.S. business poses national security risks.
In October, the House Intelligence Committee issued an investigative report that recommended U.S. government systems should not include Huawei or ZTE components. The report said that based on classified and unclassified information, Huawei and ZTE "cannot be trusted to be free of foreign state influence" and pose "a security threat to the United States and to our systems."
William Plummer, Huawei's vice president of external affairs in Washington, said in an email to Reuters: "There has never been a shred of substantive proof that Huawei gear is any less secure than that of our competitors, all of which rely on common global standards, supply chains, coding and manufacturing.
"Blackballing legitimate multinationals based on country of origin is reckless, both in terms of fostering a dangerously false sense of cyber-security and in threatening the free and fair global trading system that the U.S. has championed for the last 60-plus years."
He referred questions about H3C products to Hewlett Packard. An HP spokesman said Huawei no longer designs any H3C hardware and that the company "became independent operationally ... from Huawei" several years prior to HP's acquisition of it. He added that HP's networking division "has considerable resources dedicated to compliance with all legal and regulatory requirements involving system security, global trade and customer privacy."
More content from NBCNews.com:
- Rewards planned in possibly linked killings of elderly Calif. women
- Some wounded vets shine on 'Alive Day,' others wear black
- California man says he can drive in carpool lane with corporation papers
- Police: 4 dead, including gunman, in Aurora, Colo., hostage situation
- Tattoo photos lead to woman's arrest in global child porn investigation
- What Supreme Court? Gay marriage battles rage in the states
- Video: Warehouses full of criminal evidence lost to Sandy
Follow US news from NBCNews.com on Twitter and Facebook
Copyright 2013 Thomson Reuters. Click for restrictions.
Leave a Comment:
Chinese parts? WHAT?!?!?!? BUY AMERICAN!!!! It is the ONLY way out of this mess our economy is in.
No, it raises questions about US corporations going to China, regardless of the industry, to make an extra buck!
the right hand not knowing what the left hand is doing; Federal law requires all government purchases for equipment to be Made in America, unless there is no American supplier or manufacture, then a foreign purchase can be authorized; American service battlefield uniforms, come from China partial assembled, a minor sewing is done in American garment factory's, then a Made in U.S.A., label is put on, we are being fooled by our own Government agencies.
We're not being fooled by our own government agencies. We are being fooled by US companies buying partially and cheaply made goods in other countries. As in profit trumps our security. But hey, that's free enterprise. These are the kinds of things we get when we don't want to fund agencies that would make sure this doesn't happen. Because you can't count on the bottom line to police itself.
Mum on Lead content though.... smile :-)
"Blackballing legitimate multinationals based on country of origin is reckless, both in terms of fostering a dangerously false sense of cyber-security and in threatening the free and fair global trading system that the U.S. has championed for the last 60-plus years."
--------------------------------------------------
In case this company hadn't noticed, the US has had strained relations with China for the last decade: and I have to give my head a shake - since WHEN did NOT dealing with countries the US (or the UK)was at odds with constitute "wrecklessness"? And the US (and Euro's) embargo on Iran, etc, etc... China does the same.
Don't even mention a "threat" of the free a fair global trading system when China's gov has purposely lowered its currency and has engaged in UNFAIR trade practices for over a decade. Sure the world markets have a trade agreement: but China never has kept their end of it! How convenient for a Chinese company to point to any other country and claim that other's actions are 'threatening' the free trade agreement. They've more cheek than a woodchuck.
Nickyybn: same stupid advert as yesterday, just under a different name. Report as advertising. GET A LIFE.
Alex: we are talking national security here not buying a piece of furniture on ebay for our living room. By the by, if you own an Lenovo computer, you should try to find out if it also is spilling messages back to China.
Next, it is hard to stop a purchase of anything if you have ever read the Federal Acquisition Regulations. Limited sole source purchases and lowest bidder. What a hole this puts in our national security
Iconoclast: I don't understand your reply to my post.
NUMBER ONE: OBVIOUSLY the article's point is about national security.
TWO: WHERE in hellfire did you find Ebay in my post?
THREE: ASSUMING I have a Levino computer? Where did you get THAT? Did you think that including that here made you sound intelligent or something?
Negative on Levino. I don't appreciate people's posts that put words and inferences in my posts, or ENTIRELY miss the points that I was making about a foreign-held company and their comments about the US decisions to change the components. Lastly, EXCUSE ME FOR YOUR BEING AN IDIOT.
My U.S. based company represents many foreign manufacturers like Mitutoyo, Hexagon, Zeiss...We sell to Los Alamos! America does not make this much of the technology and has ceded it to Japan, Germany and yes China. Many precision machine tools and gauges are no longer "Made in USA." Much of the software that runs these machines is created overseas. In fact Carl Zeiss, the world wide leader in CMM technology has moved some of their operations to China and Los Alamos uses Zeiss (German) CMM techology. One other point. Mitutoyo Corporation (Japan) payed some heavy fines a couple of years ago for selling technology to North Korea. Technology by the way that may have been instrumental in creating their nuclear weapon. The issue cited merely scratches the surface is much more complex than indicated by the article above.
This is not the first time Chinese made computer parts have shown up in high security computers. If my memory is correct. They showed up in on board computers for our latest tactical air craft also . Also as replacement parts for those air craft. Some things should be made at home period.
Alextheblade:
Our relationship with China stems from unfair trade practices and China's involvement in stealing technology for domestic products and military sensitive products. There are endless examples just check the papers.
I remember a case of Israeli designed software that was set up to enable spying on US security installations by Mossad. The news were quickly buried by the Israel friendly media.
Watch for this story to be buried as well.
With over 15 years of working for an Asian based company, I can tell you all not to trust ANYTHING produced in China. Even if it's produced for an American based company. Especially electronic components
Our illustrious fellow citizen, Mr. William Plummer, the "vice-president of external affairs" for Huawei Technology states: "Blackballing legitimate multinationals based on country of origin is reckless, both in terms of fostering a dangerously false sense of cyber-security and in threatening the free and fair global trading system that the U.S. has championed for the last 60-plus years."
Here's a newsflash for Mr. Plummer: Prostituting yourself by working for a foreign national company that is essentially a front for a hostile foreign government is reckless, and is tantamount to treason. There are a lot of ways of selling oneself out in the U.S. economy, but yours is among the worst - quite a few levels below the world's oldest profession.
Oh common, the electronics industry is highly world oriented. Asia happens to be an electronics hot spot. Everything from components to finished electronics is made in Asia. Many times the same electronics can be manufactured in many different countries. Intel will make chip cores and then send them to Asia for finishing. Components can be made in china ( often are ) and a finished product like a Blue ray player made with those parts can come off the line in the US.
This sort of cross pollination is standard practice in the entire electronics industry. Good luck filtering out all china made products. Even when the end product is made in the states its components and programing comes from other countries.
What are these people thinking? They are smart enough to maintain nukes, but they will fear china made switches?
I am all for a home grown product from component level to finished products, but that should have already been done decades ago.
These buying practices are totally unacceptable for our security. Someone needs to be fired.
Considering that Chinese government hackers are attacking American companies, more American companies need to be more careful
Flash drives made in China were banned from use on the computer system at the USAF Academy about 3 years ago. Of course now I don't want to use those flash drives, either. China has always copied US advancements. God knows who they are working with and selling to. My husband works in the nuclear industry and YES! - many American based utilities now are international meaning they are selling nuclear designs, whatever, all over the world. Is this an issue? It is when they buy their parts from other countrys (because they are no longer made in the US) and they are sub-par. One nuke plant in CA has been offline for MONTHS because the newly replaced hugh imported generator failed from Japan. They are difficult to replace and replaced only after years of use. They are expensive. It amazes me that this enormous generator would be cheaper to ship here than made here. It is all a big sell-out for more profit and it is across MANY industrys. And-who will pay for this loss of power? I hope it is not the US customers the facility served....
It amuses me to no end when an American company offshores it's manufacturing to China and then complains when 3 months later, they find a Chinese firm marketing an identical product. We send them the schematics and in the case of computer equipment, the code that runs it.
I would never install any network equipment made in China. If they haven't implanted their own code to backdoor it, they at least have a copy to hack.
Reckless, reckless, reckless.
Too bad the libtards would rather fund government porkulus, Government Motors bailous, bombs for Libya, and Chinese made "green technology" than national defense.
Hard to believe we use anything from China where performance and security are critical. What is the matter with our procurement requirements to allow this kind of negative infiltration???
Hey Congress, get your ass in gear and investigate - pronto.
********************TYPICAL UNEDUCATED POSTS********************************
http://money.msn.com/investing/11-things-wrong-with-congress
GET OFF YOUR LAZY ARSES AND RESEARCH WHO DIRECTLY MANAGES THE "NATIONAL LABORATORIES".
I told all of you before, you want to Cut the US Defense Budget, get rid of the almost Hundred Million Overpaid Too Expensive "Fair And Living Wage" US Civilians employed by "Defense".
Let the US Military (not paid a "Fair and Living Wage") manage "Defense" once again.
"US Military Must Buy Only US Products, Goods and Services." Exemptions granted by US Congress.
Now let's talk about WHY, most sh!t is Made In China and not the US or Parts Made In China and Assembled in US:
Since 2009 President Obama's Failed (Foreign) Policies resulted in the US and US Allies Loss of Strategic Resources Worldwide, Key Strategic Locations Worldwide, and Vital US Allies Worldwide.
After the US and US Allies Lost the Strategic Resources Worldwide to the Chinese and Russian Federation, 2010 the Chinese placed Restrictions on the exports of these Critical Materials (Mandatory to maintain (manufacturer) the current US High Tech Standard of Living and Future US Alternative Energy) to the US And US Allies.
It has been the Longterm Strategic Goal of the Chinese and Russian Federation to get the US and US Allies out of their Backyards (Resources). The Russian Federation and Chinese have been using the Fundamentalist Islamic Shia Republic of Iran as their "Proxy Fighter". The Fundamentalist Islamic Shia Republic of Iran has been using the "Holy Warriors of Islam" as their "Proxy Fighters" Worldwide.
The Chinese, Russian Federation, and the Fundamentalist Islamic Shia Republic of Iran have been playing Chess at least 10 moves ahead; and President Obama thought the game was Checkers.
The network switch has a board in it.
That board is made of rare earth minerals. China, Afghanistan & the US have large deposits of those minerals.
China mines their minerals and has the contract to mine Afghanistan's.
We do not mine our own minerals, hence China makes the board in the switch.
If we only have Chinese boards available, it doesn't matter if the company is American. They can wrap the flag over the box, whistle Yankee doodle while selling it, and it will still be at heart, a Chinese part.
We need to mine our own rare earth minerals to produce US made boards. Which are the actual heart of the part.
I would venture to say the vast majority of PC's on this thread are based on Chinese made motherboards. Along with the video cards & network adapter cards.
Where and how (EPA Restrictions and US Citizens critical of US "Exploitations" of other Nations Resources, like saying we went to Iraq to "Steal" their Oil).
Think of this, where does the material Titanium come from. Hint: During the Manufacturing of the SR-71, there was intense opposition to using Titanium, as most (high enough grade) came from the USSR (our then "Cold War" Era Enemies).
As since 2009 President Obama's Failed (Foreign) Policies resulted in the US and US Allies Loss of Strategic Resources Worldwide, Key Strategic Locations Worldwide, and Vital US Allies Worldwide. Now the Chinese and Russian Federation are building up their 21st Century Militarises* to protect all the World's Resources that they gained from the US And US Allies Losses.
*Fact, the Chinese and Russian Federation Militarises can buy a high grade nut and bolt for $0.10; that is shipped and relabelled at the US as "Made In the US" and sold for $4.00 (most of that $4.00 cost goes to pay US Citizens a "Fair and Living Wage", Benefits, etc..). Also it is common, the norm, for US Contractors (Manufacturers) condoned by US Congress to have Contract Delays, etc. so that the US Citizens of those States to have "Fair and Living" Too Expensive Overpaid Jobs for a longer amount of time, with the result being that the US Military gets long obsolete US Military Equipment (go research the Design Dates till the US Military actually gets the US Military Equipment (Final Product, without tons of costly Manufacturer "Upgrades", "Modifications", "Retrofits", "Rebuilds", etc. just to make the final product work as initially designed.).
While the Chinese and Russian Federation still take people out and execute them for Contract Fraud, Contract Delays, Contract Disputes, etc. pertaining to their "National Defense" (their Military Equipment), contrast to the norm at the US of very long Contract Disputes, Court Cases, Lawsuits, etc. to prevent the US Military/US Government from awarding ("letting") the Contract(s) to another US Contractor (Manufacturer).
Actually my home state, FL, produces Titanium pigment from sand.
If you did a little research , you would find US rare earth deposits throughout the west.
Flatiron-remember Sarah Palin's Bridge to Nowhere? It never got built, and she never returned the money. Wonder what happened to it.............
Well Alex the Blad> I guess you missed my point also. I was agreeing with you and adding the point that sales to the US go beyond intelligence organizations down to the things we buy as persons (hence, the Lenovo comment.). I also added the point about the FAR stacking the cards against buying what is secure. Sorry you missed my point but i guess since you had to resort to name calling, you have nothing else to offer.
Isn't everything in the military supposed to be top grade US made stuff? Unless something's changed, should we see stuff like CISCO in there?
opin
What makes you think they don't get their equipment from china? Or at least the parts to make their equipment.
good luck trying to find routers or other such gear that is 100% American (or W. European or Japanese - US allies). Almost all contain some component(s) made in China. The U.S. Govt must ensure that all suppliers use products MADE in the USA (not just from a US-based company) followed by European, Japanese (i.e., allies)
Erick,
It is getting that way with almost everything these days. China's manufacturing industry has hit us like a virus, to the point where it is in the vast majority of things we use every day. As you say too, things with a "made in USA" label can very well have Chinese made components. There is no piece of anything too small or too insignificant to keep China from attempting to make it and capture the market for it.
And every year, more and more items get added to the list of things we no longer even make here. And in many cases we have sold out the capability to even produce the items.
1NewDay: One of the reasons I had to wait so long for a distributor for my GM make? > They were produced in MEXICO for my "American-made" car.
Many parts of American made 'everything' come from dozens of different nations: Japan, Germany, Austria, Canada, etc - not just China. Its just that.... right now, the biggest problem is China due to their fabricated (gov manipulated) currency and their protectionist policies for trade.
Alexthe blade:
Don't forget stealing technology.
Alex,
You are correct, it isnt just China and we have imported some parts and materials from other countries for years. China, however, has had the biggest impact in the shortest amount of time. Their growth over the last decade before the crash, was almost unbelievable. What bothers me the most is we helped them do it simply for the sake of higher profits. Greed on our part and China's desire to charge into the 21st century virtually overnight, has produced one of the highest economic growth examples in all of history.
I am an engineer and a very technically oriented guy who sees a lot of this that many people miss. I don't doubt that some high tech parts may indeed have some nefarious features built in, however I almost see the bigger security threat coming from the fact that so much of this stuff is becoming something we can not even domestically supply if we wanted to. Even the machinery that makes things is another technology we have all but abandoned producing. This puts us at a huge disadvantage very quickly if our relationship with them changes at some point in the future. It isn't all that likely in the near future because they want our marketplace, but at the same time, China's big rise as a manufacturing economy is very quickly resulting is a fast growing domestic market, as the workers are becoming consumers.
We can blame the Chinese for stealing technology, but often it is because we handed it to them so they could produce it there. It isn't surprising that they would reverse engineer these things and even improve upon them. Not all stuff from China is cheap junk. A lot of it is very high quality and innovative, when you get into some of the high tech stuff. We would be fooling ourselves to think that they lack the technical skills. We may have given them a jump start, but they don't just copy stuff either. They have people working on improving it while we sit on our hands. They already lead us in many of the important technologies of the future.
I don't hold some hatred for China in what they have accomplished, I just see the reality of the situation and realize that we will soon be left behind unless our political leaders and corporate leaders realize it and try to do something about it.
GET OFF YOUR LAZY ARSES AND RESEARCH WHO DIRECTLY MANAGES THE "NATIONAL LABORATORIES".
Good, you explain to these Newsvine Posters, about US Acceptable Fault Tolerances (From Original Design) Versus International Acceptable Fault Tolerances (From Original Design). Acceptable Fault Tolerances as the Physical Measure of "Quality".
Also Automation (like China) Versus US Labor Intensive (Handmade or Assembled) as required by US Labor Unions (Union Work Rules).
example: A CNC Machine with continuous laser measurements at China mass producing a product versus the same product handmade at the US.
This is why when GM and Chrysler were Bailed Out part of the GM and Chrysler Indicative Summary of Terms for Secured Term Loan Facility (Final Terms and Appendix) was to close down US Labor Intensive Plants and Factories, layoffs of US Workers (stop incurring more "Legacy Costs") to become "Economically Viable"; then open Fully Automated Plants and Factories at China (Machau, Shanghai), and expand their Fully Automated Mexican Plants and Factories (Toluca).
This is how the Chinese got the US Technology of Fully Automated Plants and Factories.
With the RESULT:
As the Chinese do manufacturer High Quality Products; however, to make a larger profit most of the US Companies at China purchase the Lowest Grade of the same products instead of the Highest Grade.
I already told all of you to go to a "US", "Domestic" Automaker's (GM, Ford, Chrysler) Dealership Parts Department and Read the "Made In" Labels. As many of the parts are Made In China and shipped to Mexico for Initial Assembly from Chinese Parts, then shipped to the US for Final Assembly (windshield or minor component installed) to get the "Assembled in the US" Label. Then go to a "Foreign" Automaker's (Toyota, Honda, etc.) Dealership Parts Department and Read the "Made In" Labels.
As unproven, the computers at the GM, Ford, Chrysler Fully Automated Plants and Factories can be reprogramed to manufacturer almost anything (including millions of Chinese copies of Russian Federation AKs (AK-47s, AKMs, SVDs, etc.) per week. As to what the Chinese are exchanging for Iranian Oil.).
Alextheblade- I do believe all GM cars and trucks Made in the USA states "Made in the USA with globally sourced parts". Which basically means assembled in the USA with parts made cheaper elsewhere.
David: We have CNC machines here as well. I just worked/repaired two of them.
So this:
"lso Automation (like China) Versus US Labor Intensive (Handmade or Assembled) as required by US Labor Unions (Union Work Rules).
example: A CNC Machine with continuous laser measurements at China mass producing a product versus the same product handmade at the US."
Is absolute BS.
"Nevertheless, H3C's website still describes Huawei as one of its "global strategic partners" and states it is working with it "to deliver advanced, cost-efficient and environmental-friendly products."
oh, yeah!
Meanwhile at the US Nuke Lab......
"LOL, whoops...."
Considering we don't do any criticality experiments...
Why not just out source our army to China too. Everything else is.
Too bad we can't out source the Republican party,
Oh that's right, we have.
Dirp - yes we have indeed. The Democrats have indebted even our unborn children to China.
Truth_Hurts-3416308,
And the Republicans are completely innocent... LOL
I never said that....But the DNC does have a substantial lead over the GOP when it comes to our debt with the Chinese. nothing to LOL about that....
Truth_Hurts,
It's not a party problem. It's an American problem. There's plenty of blame to go around what with two wars plus two tax cuts and two stimulus packages.
GET OFF YOUR LAZY ARSES AND RESEARCH WHO DIRECTLY MANAGES THE "NATIONAL LABORATORIES".
Nothing like selling to the cheapest company..... Way to go, Nuke people...
Why isn't John McPain up in arms about this?
Typical double standard. Do as America says not as it does.
In America we have SEVERAL intel agencies that tap and monitor ALL communications in America, including our military.
Nothing but pure Xenophobia, China is our largest trading partner and thus ally.
Any infrastructure In the U.S. should be U.S. made, no matter what it is. Switches, cable lines, concrete sewers, bridges, tunnels, any and all of it should be made here.
The items you list don't necessarily pose a threat to national security.
These are remote controlled switches. The worry is that there is a back-door that lets the Chinese flip our switches comfortably from China.
Since 2009 President Obama's Failed (Foreign) Policies resulted in the US and US Allies Loss of Strategic Resources Worldwide, Key Strategic Locations Worldwide, and Vital US Allies Worldwide.
And exactly what materials are you going to manufacturer all that from and where (EPA Restrictions); what Your Idealistic Academic Wishful Thinking.
Also go right ahead and repeat the President Clinton mistakes and expect a different Result:
Federal Spending:
60% Entitlements
20% Defense
13% Discretionary Spending
7% Interest (Interest on Loans, like Loans from China)
Go ahead chop the US Defense Budget, as the US Army Corps of Engineer Funding for US Infrastructure Projects within the US, like Bridges, Levees, Beach Erosion, Dams, Water Reserviors, Dredging Steams and Rivers, etc.. Just like President Clinton did resulting in the US Army Corps of Engineers not having the Funding to do what they planned, as the Upgrades, Retrofits, Building New, Modifications of the Levees at New Orleans before Hurricane Katrina.
Of course their network equipment contains backdoors and espionage "features". In the same way that printers and devices produced in the US have had tracking, spying and sabotage "features" added to them for decades
http://en.wikipedia.org/wiki/Printer_steganography
Exactly how is that useful spying or sabotage? All it does is identify the printer and time a document was made, on the PHYSICAL document. It's only useful in the case that a printer is used in creating a document used in illegal activities and the information was pertinent to the prosecution of said crime. You have to get possession of the document to even read the stegonagraphy. Sorry, but absolutely no correlation.
This is what happens when our government continues to buy from the lowest bidder. They are like the Yugos of the IT industry. Buying Huawei is like throwing away good tax dollars and should be banned from any US government agency IT infrastructure. I have sold IT gear for 20 years and have learned that Huawei all but gives their junk away during the bidding process. They only win bids only because they have the lowest price. Otherwise, their build quality and reputation for reliability are too weak to sell on. I have seen customers buy their gear then come back less than a year later to replace it with another, better brand.
Yet, as citizens, we are constantly complaining that our government spends exorbitant amounts of money on unnecessary things. Like $25 muffins.
Clever!
Wonder what's in all of the consumer gear in this country - imagine if they shut every laptop down.
I cracked open my H3C router and a fortune cookie jumped out and ran away. Called the CIA and they asked me what the fortune cookie said. I said "the fortune you seek is in another cookie" and then it rambled six numbers off.
This is just insane! It's not an economic issue, it's a security issue! Why the h*ll are we putting Chinese made goods of any kind in US Military or research institutions?
The US has gone too far sanctioning offshoring of manufacturing and now it threatens our national security. There's more at stake than ensuring companies have access to cheap labor and cheap manufacturing. The US needs to look at how deeply we are affected by the strategic loss of US based manufacturing and should reverse that trend.
Speculation that the Chinese have inserted backdoor capabilities in electronic components/devices have been around for years. I recall that Boeing was a prime contractor for a program called Future Combat Systems, and yet used a video conferencing system that used servers based in China.... Also, there were rumors that thumb drives made in China had all manner of nefarious capabilities, such as infecting computers. Fears were fueled by articles like this:
http://www.information-age.com/channels/security-and-continuity/news/2105468/security-backdoor-found-in-chinamade-us-military-chip.thtml
The plain simple fact of the matter is that almost all components/devices have means for debugging/troubleshooting that could theoretically be exploited. And it doesn't matter where they were made.
However the Chinese are in a unique position to exploit their manufacturing should they choose. Systems aren't like they used to be in the 1960's where you could trace wires and components to ascertain the function of a device. A microchip can be something of a black box. The only way to ascertain its function is to plug it in and measure the I/O. And each system has hundreds of these little buggars in it, making it extremely costly and time consuming to test every single I/O on every single chip. And that's not even thinking about software, where it is much more of a black box unless you have the source code and you compiled it yourself on a trusted machine.
Yes, flaws can be introduced by anybody anywhere by accident. But it would be dead-simple for China to exploit their position for a very real gain. There's been a large suspicion going around for a long time now that we're doing the same thing with operating systems.
A stupid decision, totally. But it was a joint venture with 3com, a US company. Besides, we're talking about a network switch. Depending on what type of switch it is, managed or unmanaged, is what really matters. If it's an unmanaged switch, there are virtually no security risks involved. Unmanaged switches are dumb, and have no idea what they are doing, aside from simple MAC routing tables. Managed switches have firmware and are capable of being manipulated. They could be programmed to send data to a remote location if they were aware of an gateway with internet access. But then, in a properly configured secure environment, that switch wouldn't have that type of internet access. Now, that said, Huawei makes crap equipment, so the guy who chose to purchase that stuff deserves to lose his job, his entire IT career, and should probably also be sentenced to death for good measure. How stupid does one have to be to purchase cheap equipment for a nuclear facility? Never mind whether it's Chinese, Korean, Japanese, or American. What a stupid way to save a buck.
wow, Lisa, are you new to IT? I have been working in the IT area since 1982, started by repairing computer pcb's. Its certainly possible to inbed a firmware chip in the circuitry to run in the background on an unmanaged switch. How would you know that it was doing it, no real way to connect to it, you would just have to monitor the traffic over a period of time coming from that switch to find out, and use a packet sniffer to decode the contents. You need more experience before you just spew out basic definitions.
Hope they aren't encrypted, or otherwise obfuscated.
Wow, ArmyVet, so who gives a rip that you've been in IT since 1982. The points Lisa made are valid. A properly configured secure and managed LAN would make it awfully difficult for traffic to leave without being noticed. I don't care how good you a firmware hacker you are - I coulld shut you down in a heartbeat.
ArmyVetMO,
Most of these people don't even know the difference between a Router, Switch, Relay, Router with Switch, etc. and you are going to confuse them even more with the difference between Firmware and Software.
See how uneducated Gumps attempts to defend uneducated LeftLeaningLisa post.
While the line between Routers & switches can get blurred. Don't remember seeing "Relay" as part of the OSI model?? Are you referring to a hub perhaps??? Double checked my old textbook, nothing notes a relay. Something new?? Just a question from one of those uneducated masses......you call Gumps.....
Is it possible your referring to a "Frame Relay", OSI 2.
david - sticks and stones may break my bones, but whips and chains excite me.
Stupid is as stupid does....
Shades of Desert Storm: remember the light show above Baghdad when the antiaircraft gunners went nuts trying to shoot down all the bombers overhead?
A lot of their gear came from France- so the fire direction computers all had a back door built in which allowed them to be remotely disabled; after all, they wouldn't want their own technologies used against them, right?
No doubt, we do the same sort of thing- it just makes sense not to get hurt by stuff you build.
No doubt, the Chinese do this as well.
The concern here isn't the subornation of equipment- that's already been accomplished in a lot of places by the use of thumb drives that fools have bought at ever-so-low prices from a Chinese vendor- who inserted a few lines of code on the boot sector of the drive at the behest of their government- code which installs a virus when said fool plugs it into a corporate desktop.
Use of such equipment was (eventually) banned in all federal installations, but using a Chinese router tops that idiocy by an order of magnitude.
Firmware is always proprietary and usually inaccessible by anyone but the manufacturer, so any such device could easily be designed to do any number of compromising things to the network it lives in.
Even if you can scrutinize the firmware, it's still possible for any manufacturer to add a hidden ROM sector to any chipset which only executes on command- or, on a certain date, at a certain time.
You'd have no way of knowing it was even there until far too late.
Not good, not smart- and a natural consequence of having a government run and owned by the corporate citizen instead of the private citizen.
Oh, I see, when it comes to national security we cannot accept something made in China. But all the other crap the general public buys can be made there. And it shows!
Thanks to our corporations for sending our jobs overseas and making China into a larger economic foe
Not only an economic foe but a Military powerhouse as well. China can thank Greedy Businesses here in the U.S. for building up their military and space program. And they can thank the U.S. for hiring Chinese scientists and putting them in sensitive postions and then the chinese steal our secrets and send the information back to China. I read where one chinese was caught stealing information and was either sent back to china or is waiting trial.
Much ado about nothing. That 'Chinese made' part is from 3Com which was bought by HP and both are as American as apple pies. If we are so xenophobic, then we must shut off all our iPhones/iPads because they are made in China too. If you are in the IT field, you would know that organizations periodically upgrade their infrastructure hardware, and this is not news worthy.
I don't know for sure but I bet China was making apple pies long before America did.
Did they buy the switches at Walmart?
They are just switches, nuclear light switches.
When they know the Chinese are the worst hacking pretenders on Defense equipment and software, they must be OK with it.
It is the possibility of NOT having lead that is one potential problem. Look up tin whiskers. Lead prevents it. Tin whiskers was found to be an issue on a 2005 Toyota that had an unintended acceleration problem. So when all of you electronic devices age and suddenly fail it is likely due to tin whiskers since lead has been taken out of solder.
Military equipment is exempt from having to remove solder because they can't risk their electronics failing.
Thats odd. I worked for a manufacturer that made electronic equipment for military (including space programs) and the government forced the company to stop using good solder (with the resulting results you list), degreasing agents that worked and the better adhesives.
Well I'll be G-- damned. Chinese parts in our Nuclear Facilities? How $#@!$%# cheap can our government get? Billions upon Billions in these pet Pork projects yet they scimp on switches for our Nuke labs?? I read a while back that OUR government was going to have computer chips for our latest fighter jets made in China. If that isn't Nuts I don't know what is. What the Hell is going on in our government? Has our government already been taken over by Foreign countries?? Is anybody in government watching out for this country?? Have we so many Foreigners in sensitive positions that we are losing control? Hillarys Aide is a Muslim and I think that is too close to sensitive information.
Part of the U.N.s mandate to end world poverty by the redistribution of wealth from developed world to the 3rd world (paid for by the developed world of course). Like all redistribution of wealth fantasies all it does is spread universal poverty. I would love to know just what duress was used to have clinton buy into the lunacy or if it is just the democratic party agenda that was the reason for a president to betray his own nation.
Two solutions here...
DARPA has to fund a separate manufacturing infrastructure outside all supply chains that make exclusively for government contracted purchases, or ...
Bring back the carrier pigeon.
Seriously, this will always be a problem because there are too many manufacturers all around the world that make it economically impossible to ensure our security.
Why is this a brouhaha? While routers and switches may be sensitive equipment in a place like Los Alamos, how much computer equipment and software is made solely in America, .01%? Nearly every company that makes this stuff is global, and though it would seem to be a good place for espionage, it seems to be a better place for somebody to create a political stink. If security agencies are really concerned about Trojan hardware and software in our systems, they need to test and certify nearly all computer equipment and label it NSA approved for secure systems.
If you know anything about Huawei's IT products, you should know they are crap equipment. It was likely purchased simply because it had the lowest price in the bid and met the basic specs. But to have that class of hardware in a US nuke facility is a unnecessary national risk.
Even a "Cisco" or "HP" switch is actually made in Taiwan----assembled from parts made in a hundred other places. Virtually none of which are in the United States. Even the software that runs on the hardware is written somewhere else----India usually. Thanks to 30 years of GOP anti-Union Jihad for cost-cutting---we no longer make anything. However the top 1% is richer than ever. Just as the GOP wanted....