Won't make a difference
When we have a nuclear power station being built by Chinese. What's stopping them putting a backdoor in that. War breaks out, they hobble it remotely. Or worse, turn it into a bomb.
It would be "nothing short of madness" to use Huawei gear in Britain's 5G mobile networks, an American national security adviser has reportedly told UK Prime Minister Boris Johnson. As reported this morning, a US delegation consisting of deputy national security advisor Matt Pottinger, junior foreign minister Chris Ford, …
They apparently were successful in killing off Skynet, but they didn't stop Legion (No idea what happened to Geneisys as the systems were still shown to be running at the end), but a Skynet terminator is in the film and the Legion has Terminators much like the Skynet Terminator *Head Explodes*
When we have a nuclear power station being built by Chinese. What's stopping them putting a backdoor in that
There are a lot of power plants built by western companies and kit with western components that have unpatched networks facing the internet.
It doesn't take the Chinese, Russians, Iranians, North Koreans to go in and do damage. The damage has already been done when unprotected systems and connected to the internet for every-man-and-his-dog to see.
China should do the same and hand a dossier on Cisco, as personally I believe both the US and China are as bad as each other (I would add the UK as well but I don't believe we have have any companies developing such equipment other than underlying processors).
The underlying OS in older Huawei equipment is the same commercial Wind River OS that powers much of older western Industrial and Defence systems.
Yes, older 4G Huawei code and processes are no where near certifiable software standards, but then very little commercial software anywhere is. IMHO, having worked on a lot of the commercial communications code - in general Cisco development systems and code are better than Huawei, Lvl7 are better than Cisco, and Juniper are the best of the generally available ones.
"I would add the UK as well but I don't believe we have have any companies developing such equipment other than underlying processors"
Maybe TalkTalk has for years been doing the same, but they're so incompetent that they keep losing the data.
>but seriously, what do the general populace buy these days that comes from the US?
Buy? surely you have kept up with current affairs? The more accurate question is what does the UK buy and use that doesn't come from a company that can be 'influenced' by the US?
Perhaps the first post-Brexit trade deal will be with Iran...
I don't get this clamouring for a trade deal with the US. All we'd be doing is borrowing a world of hurt when Arsenoise gets it into his tiny mind, waves his tiny hands and opens his tiny mouth orangutanesque that we need to honour their way of doing things, which will immediately "sour the milk" for any other potential trade partners with whom we may wish to do business. This Huawei debacle is a case in point. To borrow a pith headline, "No, no mitigations, it's our way or the Huawei!"
Its clear from recent statements from BoJo about the Iran nuclear deal that he will do anything to appease the orange one in the hope that he will respond with an easy trade deal win.
This is the new world order, where we know kowtow to an unstable personality because we decided to set light to our friends and allies.
We are still picking up the pieces from the last time we did this
He'd be a fool to do a deal with either one, at present.
Only a real idiot signs any kind of "deal" with Donald Trump. America's graveyards and prisons are full of people who learned that lesson the hard way.
As for China, its present government has used the cover of Trump's sheer malevolence to expand its own evil into a shadow that falls on everything it touches. Just ask the American NBA, or the people of Hong Kong or Taiwan, or Prof Anne-Marie Brady,
"Hey Bojo... It would be a real shame if those fancy new F-35's you have bought suddenly stopped flying now wouldn't it?"
"We mean it. Stop buying that Chinese Crap and by our Good Old American V8's"
"Sorry, I mean networking kit."
"Good! Have a nice day!"
I get the feeling that the super-secret document is a finger-painting by President Trump. And that thought reminded me of poor General Knoxx (possibly my favorite Borderlands franchise NPC). I wonder if dealing with our beloved POTUS is not entirely unlike dealing with Admiral Mikey?
"I have received your sit-rep written with magic marker on the back of a cupcake. It reads, 'Cats are kool!' And you misspelled 'cool'."
Because if that's the case then the USG has full access, on demand, to the guts of any commercial networking hardware.
So any complaint about "Huawei has to co-operate with the Chinese government" is exactly the situation a US company has with the USG.
Not exclusive to the US, although you can get CALEA-compliant versions of Cisco & Juniper OS. Pretty much every country has legislation for lawful intercept which operators need to comply with. So the security design challenge is then how to permit lawful access, but deny unlawful.
...or even questioning the accuracy of the report "handed by US to UK
This is an old problem. The dossier is no doubt highly classified, which means CTOs and network designers can't question the accuracy. The dossier will probably be shared with GCHQ/CESG which is the government's trusted party to assess the accuracy and risks contained in the dossier.
Sometimes that's digested and then some parties are briefed. That's easiest inside government/public sector networks that have to be certified against government security standards.. But other network operators are generally left in the dark. For 5G deployment, given the national significance, I suspect the network leads will get briefed on the content, but those briefings will be classified.
For other potential Huawei users, well, use at your own risk. Which I think is a mistake, and the government/GCHQ should be more open with security advisories/best practice information given attacks against private commercial networks often have large economic impacts.
We moved our technical production to China along with the designers, we quit designing and building tech kit ourselves, unless we get back to designing and building our own gear we've got very little choice. Should we get spied on by the Chinese or by the Americans? You really think that No Such Agency is not doing the same thing?
I was reading an article a few weeks ago (I cannot find it any more) from Business Insider about a Malaysian telco's experience with Huawei.
NOTE: Huawei has a strange management structure -- Rotating CEO position.
So it starts with the requirement to do a major upgrade (from 3G to 4G or something).
So with the contenders lined up, the Malaysian telco took a leap and went with Huawei (due to price difference). After the contracts were signed, Huawei pulled all the stops. Everything. Huawei wants everything to go as painless as possible and a lot of things done that was not agreed and not in the contract.
Next, in one particular segment of the migration things hit a major impasse between the telco and the Huawei engineers onsite (yes, Huawei sent their engineers to Malaysia to help instead of doing things remotely) . The Malaysian telco CEO wasn't pleased. So he placed a call to the Huawei's Rotating CEO for an informal phone "chat".
Within a week, all of the Huawei engineers were replaced and the works progressed.
If you buy Huawei kit you can either cherry pick bits and pieces that you want and then combine with kit from other manufacturers, or you can buy a complete turn key system from them.
The UK's mobile operators want to pick the best technology from a variety of suppliers and combine it into a system using their own engineering staff, or to contract companies in the UK (or elsewhere in Europe) to do it. There's already loads of Huawei kit in the UK's existing 4G networks because of this and it isn't going away regardless of 5G.
In many third world countries however the mobile operators simply buy a complete turn key system from a single supplier, and unlike many other companies Huawei is capable of doing this. It's not what UK companies want to do however.
Security comes down to system design, not the individual bits and pieces. When you buy a label there are no guarantees of security coming with it.
And in the end, the alternatives may be headquartered in Europe, but the actual kit is made is made in places like India, who have their own ambitions for being a world power.
Oh, and a lot of Huawei's software is written in India. The world is a much more complicated place than it was in the 19th century, which is where a lot of people who put national labels on multi-national businesses seem to have their minds stuck in.
The NHS is full of Huawei kit, with most CCGs opting for Huawei routers for the new HSCN (up to 1/3rd of the price of the equivalent Cisco model).
BT exchanges similarly full of the kit for FTTC/FTTP etc.
Of course it's all part of a multi-vendor design, and presents no security risks.
Quote - "Huawei's UK veep, Victor Zhang, said in a canned statement: "We are confident that the UK government will make a decision based upon evidence, as opposed to unsubstantiated allegations."
Would this not be setting a precedent by the UK Government and, presumably, the UK Civil Service who do not have a sterling record for going with evidence based decisions ? Just as an example look at the record on the 'War on Drugs'.
Ah, the age old:
<whiny voice>We don't like them over thurrr, so we want yewww to not like them over thurrr either. Plus it means yeww can buy ourrrr tech to use instead! Remember we are your fwiends! We haz a vewy speshul relationships!!</whiny voice>
Move along, nothing to see here except the Yew Ess of Ayy trying to look busy and important.
This is far better done by the US government paying for the price difference between Huawei and non-Huawei gear across the globe.
In the global marketplace the US so wanted, Huawei's offering is now competitive. I'd like operators deploying cost effective solutions so that the mobile marketplace is competitive is a openly competitive market as far as possible. (Again supposedly a value of the American capitalism but erm not this time?)
While Trump wants to pick and choose, (what else do little rich kids know) , in the real world that ain't cheap, so open up that wallet, Mr. Trump if you want your NSA to get first dibs on all the spicy spying.
Maybe that'll get him a Nobel Peace prize too.. NSA spying keeps the world safe innit
Huawei may have made the headlines, but pray tell, how does one source electronics that hasn't had "Made in China" involved in the process at some stage?
There are a few chip fabs outside e.g. Intel in Malaysia, but getting an assembled system of any sort without a Chinese manufacturer involved at some stage is especially difficult.
Our cyber sec ops centre opened added a teleconferencing facility a couple years ago; and within 30 seconds of the cameras being installed we detected the cameras pinging their presence back to China.
Basically, assume your IT is compromised regardless of supply chain and work up from there.
> It's not implausible, even, that American spies are concerned their level of covert access to the world's conversations will also become available to Chinese eavesdroppers
Or possibly their concern is that a growth in Chinese equipment being used means that their own covert access will be reduced, regardless of whether the Chinese equipment is being used in the same way
Biting the hand that feeds IT © 1998–2020