
Trump declares emergency over IT threats - jfk13
https://www.bbc.co.uk/news/world-us-canada-48289550
======
Someone1234
> The president signed an executive order effectively barring US companies
> from using foreign telecoms believed to pose a security risk to the country.

So let's just back up a little: A Chinese equipment manufacturer left a telnet
daemon running on a single version of a single device and a national emergency
is declared, Cisco leaves SSH credentials (public and private keys leaked)
hard coded into multiple generations of routers over several years and not a
peep..?

When is the US going to tell us what these Chinese manufacturers are up to?
Heck when are they going to tell the UK's own security services? Just telling
us why we should be concerned seems far more productive and effective than
their current strategy that is marred by accusations of protectionism.

I'm not even saying the US are wrong. I am saying the lack of specific
technical information undercuts their whole position.

~~~
jplayer01
I've repeatedly seen a lack of interest in geopolitical issues on HN. This
whole thing is akin to "Should the US be reliant on a hardware manufacturer
that can be considered a non-independent subsidiary of the Chinese
government?" Replace Chinese with Russian, Iranian, North Korean, Saudi
Arabian, etc. These are all countries, like China, that would love to have
that kind of potential leverage and power over US infrastructure and political
processes because of the benefits these would bestow.

I've said in a recent comment: It doesn't matter if Huawei is entirely
innocent right now. China is a major competitor to the US as a global power -
militarily. politically, economically. If people think they wouldn't at some
point in the future use Huawei's ties deep into cellular infrastructure to
serve China's needs, they're incredibly naive.

Hell, none of this is unprecedented. The whole debacle with all the ties
between Republican representatives or people in Trump's campaign and Russia
alone should give pause. Or Russia's meddling in the US election. Or Russia's
meddling in Eastern Europe (Ukraine wishes somebody would give a geopolitical
shit right now). And somehow Huawei, and by extension China, are supposed to
be impartial and innocent and not a potential threat? Really?

~~~
wahern
If the U.S. were serious about any of this they'd be funding initiatives for
open, verified hardware and software. Other than INRIA, the French research
group, and CSIRO, from where seL4 comes, where else is this work being done?

I don't just mean theoretical work. I mean production ready stuff that is
useable, like most commercialized solutions are, but also actually _secure_.
Doing both is _difficult_. seL4 is _useable_ and in fact is being tested in
U.S. drones. Why didn't the NSA do something like seL4? Instead we get seLinux
which isn't even secure--anything running on Linux is as a practical matter
exploitable on the first day it ships.

Our communications and control systems are so fundamentally insecure it hardly
matters whether it's sourced from Huawei or not--it's six of one or a half-
dozen of the other, except one of those cartons is at least substantially
cheaper than the other.

The fact of the matter is that the commercial industry will never develop and
deliver secure products on their own. They've never done this well, and are
probably fundamentally incapable of doing so because most of the benefits of a
secure product inure to the public generally. Commercial vendors can't capture
the value provided by secure solutions. It's up to the public--government,
academia, open source community, etc--to invest in and develop the fundamental
building blocks of secure systems.

Importantly, the entire stack doesn't need to be secure. We can write secure
networked systems for the Internet because we presume the network is hostile.
There's no reason that cellular radios should be a trusted component of a
wireless cellular network. They are because (1) it's just cheaper to do it
that way (see above) and (2) the U.S. government spent decades sabotaging
cryptography generally and cellular standards specifically, which means even
5G standards are fundamentally broken from a design perspective.

So the whole Huawei controversy deserves a giant eye roll. All of the
arguments about why Huawei can't be trusted are irrelevant. Huawei shouldn't
be trusted, but neither should Qualcomm or any of these other vendors. Rather,
we should set transparency standards and verify that they're being met. But
doing so requires a ridiculous amount of work up and down the software and
hardware stack, starting from the design stage; work that the U.S. government
isn't actually doing but, in fact, still sabotaging!

------
koube
The title (written by the BBC) seems to be ambiguous. This is not about
hardening US computer systems, this is about banning US companies from using
Huawei 5G technology. The United States has been lobbying other countries to
not use Chinese 5G technology for a while now, while it doesn't seem like
there are currently any viable alternatives. This makes it a nation-wide ban.

------
marsrover
This is great news. The lack of the government seeming to care about national
IT security has been bothering me for years now.

~~~
jfk13
Are you sure it's about national IT security, and not just about sticking it
to China because we're in a trade war with them?

~~~
shdh
Huawei has set a historical precedent of being a bad actor in regards to
corporate espionage. How outlandish is it to think that they would also be
participating in national espionage for the Chinese government?

~~~
lostmsu
Can you point to a specific example? Why was banning not done via the standard
arbitrage?

------
rst
Text of the EO, from whitehouse.gov: [https://www.whitehouse.gov/presidential-
actions/executive-or...](https://www.whitehouse.gov/presidential-
actions/executive-order-securing-information-communications-technology-
services-supply-chain/)

------
Leary
Who's gonna build real 5G in the US?

~~~
kingosticks
I'd like to know this too. Presumably both Ericsson and Nokia are also foreign
telecoms companies, so who does that leave?

~~~
sdinsn
Just to be clear, since the article isn't: the EO does not ban products from
all foreign companies, only foreign companies who "poses an undue risk of
sabotage to or subversion of the design, integrity, manufacturing, production,
distribution, installation, operation, or maintenance of information and
communications technology or services in the United States" (Direct quote from
EO).

So Ericsson, Nokia, Samsung, etc. will not be affected.

~~~
kingosticks
Ahh OK thanks for clarifying that. So by 'foreign' they really mean 'Chinese',
and it becomes a little less crazy.

------
Zenst
"The president signed an executive order effectively barring US companies from
using foreign telecoms believed to pose a security risk to the country."

"Mr Trump does not name any company specifically in the order."

I'm guessing they are called emergencies as they await for the threat to
emerge. Which kinda seems at odds with my definition of emergencies - which
would be a defined clear-cut issue that needs addressing.

All this effectively does is hurt and curtail legit business with fair and
good foreign telecom providers who have now been bundeled via red-tape into
the same collection as those unnamed less fair and good foreign telecom
providers.

Expect a fall-out of how this will hurt and impact legit businesses over the
coming days and weeks. Let alone touch upon the possible impact upon Americans
using their provider SIM and roaming abroad.

------
basicplus2
Every country should design and manufacture its own internet infrastructure
(and be owned and controlled by its gov) as a free, level, secure playing
field for the benefit of all of its citizens.

------
supergirl
is he banning every electronic that is made in china? pretty sure even if
huawei is banned, chinese made equipment is still used in 5G.

~~~
Leary
I'm throwing out my PC now.

------
drivingmenuts
A whole bunch a sound and fury, signifying nothing.

------
CryoLogic
Does this include russian vote hacking?

~~~
Eleopteryx
It doesn't really seem like it

------
tempsolution
Sounds good. In reality this likely means Trump will abuse this power for some
absurd changes and surveillance.

