I'm thinking to be really secure, each installation will have to have multiple rivals watching each other.
A Cisco to watch all of the packets produced by the Huawei and a Huawei to watch all of the packets produced by the Cisco. Any packet they don't agree on, gets dropped. Welcome the geopolitical AND gate.
Given all the bad things parts of the government were involved in, maybe it wouldn't actually be that bad of an idea to be shizophrenically suspicious of itself.. checks and balances, right?
A novel thought.
But history and current events suggests it doesn't often play out that way.
You just wind up with multiple groups seeking influence, with infighting limited to squabbling for control over that influence rather than attempts to erode it.
e.g. You get several branches of government [1] violating the fourth amendment, all for their own purposes, with occasional questions raised about who should be doing the violating, but little 'serious' talk about whether it should be done.
[1] FBI, CIA, DHS, NSA -- who isn't invading the privacy of US citizens these days?
If fairness is a fundamental or key part of a nation's identity or principles, then removing that fairness is an attack on the nation and is a national security matter. Securing a nation isn't just ensuring that foreign people don't steal it.
You are seriously mistaken if you believe that a violation of your privacy is better from party A than party B. Both groups of people will fuck you over, it's only a matter of time.
Less bothered about the spying than about what happens with the information obtained - which of those 2 countries has kidnapped people recently then tortured them and sometimes killed them in the process? Or alternatively, just fired off missiles, dismissing the collateral deaths. I'd far sooner be spied on by either country than have them suspect me of anything. There are no good guys to be seen in this story.
Welcome to the intelligence trade - where everyone, regardless of country, would gladly trample their own grandmothers for a peek at someone else's secrets.
As a Chinese, I don't find this story very farfetched. If a company is deep in bed with the Chinese government, I wouldn't trust them any further than I can throw them - the level of governmental influence over private industry is far more substantial than what happens in the US.
What is your experience of business/government dealings? If you have spent time working within Chinese companies or have an understanding through some other means your thoughts would be very interesting to hear.
In the past we (mostly I) have complained of the Gov't lack of undermining of cyber security, and all things tech. Online attacks over the last decade have been plentiful, so it seems they're being really cautious to an extreme, even hurting consumer's options. But I can't blame them because: (A) In China large corporations and gov't are always extra friendly. (B) Cyber espionage and cyber attacks from China are not uncommon. (C) The US is not ready to protect their 'cyber' infrastructure.
Hopefully other HN's can see the following problem too: Huawei placing billions of dollars of communications infrastructure yet hoping they won't be able to monitor them, AND that whatever can be monitored is in no way available to the Huawei Chinese offices, which may or may not grant access the Chinese gov't to take a peek. This is over speculation and unlikely, but if I'm in charge of a security committee you have to assume this is possible and look into it.
I fail to see how Huawei can be any more of a security threat than companies such as Broadcom or Cisco.
If Huawei has indeed acted in bad faith, then make their actions public so other nations/institutions avoid them. Otherwise, this will (and does) seem like a political/financial play.
I think that the news article is a result of the Sixty Minutes Episode that aired yesterday on Huawei. The points I got from their report were:
1. Huawei (like many Chinese companies) works in close partnership with the Chinese government, which has subsidized many of its processes.
2. Huawei may be stealing IP from U.S. based companies
3. The U.S. is totally reliant on foreign companies for swaths of our communications infrastructure (which would be unsettling to a Congressional committee)
4. Then again, just because U.S. companies and the government were asleep at the wheel when it came to these technologies, does that mean we get to be choosy beggars? Is Huawei a threat to security or just a threat to the economy?
Someone at one router company told me that at one point, Huawei used to copy their routers down to the English silk screening assembly instructions on the PCB's.
> "If Huawei has indeed acted in bad faith, then make their actions public so other nations/institutions avoid them"
What if laying out the evidence implicitly compromises the only window into Huawei's alleged operations? Is it more important to try and win the public over, or to keep your advantage?
And would/could the public even be convinced? How many times has the US government warned about the security risks of partnerships with Chinese firms? How many cautionary tales do we have/need? After Boeing, Google, et al were very publicly compromised and all leaked data pointed to Beijing ... the evidence was all but dismissed by those with a direct financial incentive to ignore it.
I don't see anyone asking the obvious question: how much of this is just posturing in an election year?
Huawei's been around in the States forever, and I'm certain they have countless government contracts in place of varying sensitivity. Call me a paranoid, but a month before the elections, I tend to question every newsbit I see and hear as being politically motivated for personal gain.
Do they really think they can test for subversive code? Just look at the origin of "trojan". Its designed to look harmless from the outside but contains something deadly on the inside.
I saw this on 60 minutes last night. While there could be some truth to elements of it, the whole story just goes against so many things that the US should actually value, such as a free market. I think the best part of the whole story was the example of a man who was visited by federal agents due to his Huawei installation, and he saying something along the lines of "i had no other option, Cisco doesnt make everything i need, there are no other US companies that provide all the parts". He made a decision to buy the right level of cost & quality he required, and because of it gets visited by the government? Sounds a little insane to me, so much for the state staying out of other peoples business...
> things that the US should actually value, such as a free market
The problem is that countries like China disrupt the free market in ways that are hard to combat -- currency games and subsidies for its own industries, for example.
But the main problem is simple and obvious: As long as we have things like a high minimum wage, environmental regulations, safety regulations, etc., we will be at a disadvantage against countries that don't.
If you've ever played any complex-economy strategy games (Dwarf Fortress, Settlers of Catan, Colonization, Imperialism, and Victoria come to mind), the common theme I've found is that being self-sufficient makes you very powerful.
My conclusion: There's nothing wrong with protectionism, and our pro-globalization economic policies since the 1970's have simply been wrongheaded.
The US doesn't value a free market unless its in its own interest. As a New Zealander I am very familiar with the way the US blocks New Zealand meat and diary products whist subsidizing its own, inefficient industries. Free trade may be preached, but it isn't practiced.
The only thing that banning Huawei is sure to accomplish is choking innovation.
It's reasonable to worry about security in telecommunications, but you'd be hard-pressed to find any telecom that doesn't manufacture equipment in China including Ericsson, Huawei's biggest competitor. Huawei has too much to lose from spying, and I'd personally be more worried about these non-Chinese companies which rely so heavily on Chinese subsidies and subcontracting.
One legitimate concern about Huawei though is transparency. Because it is privately held and not listed on any stock market, it is not subject to reporting requirements and it's ownership structure is allowed to remain secretive. However, these aren't grounds for an outright ban.
I think there are some legitimate concerns. The other competitors aren't known to have the level of corporate espionage as Huawei has shown, the level of direct government influence, and telecom is gaining importance in national security.
Manufacturing equipment in China and producing Telecom equipment and software are different concepts for security. For example, all telecom equipment in the US has to allow "lawful intercept"[1], and part of LI is it cannot be detected whether it is enabled or not. I think if an issue was to escalate to the level of national security, both the US and China would be willing to make use of these features. I'm more willing to believe that China would build in their own form of LI without publicizing it, since the government is more directly involved in the decisions of ZTE/Huawei. If the next front of war is on the internet, this is a considerable risk.
From what I understand - the Chinese government has the ability to say "If you don't drop the suit against [Chinese Company] we will block your product sales in China". I can't find a source, but I remember hearing a similar incident.
and part of LI is it cannot be detected whether it is enabled or not.
Interestingly, I've heard that although the LI is supposed to be transparent, it's typically very apparent to network operators when their kit is actively involved in LI, as the CPU utilization shows telltale signs.
That is true if the CPU is responsible for data plane operations. For a lot of modern equipment, most traffic never hits the CPU (it's handled by a special asic or other packet processor) and so you wouldn't know if if LI is active.
I figured powerful businessmen in China had more to lose than money if they refused to let the government do what it wants. The U.S. government compelled AT&T and Verizon to perform illegal spying, in the name of protection from terrorism, it's the same thing for China and Huawei.
The U.S. government could be a threat to China; it's obvious China will do what it takes to counter that threat. Of course China won't sabotage U.S. infrastructure without provocation, but I think the U.S. won't accept that they have the potential.
It may be bad for business but that doesn't mean they will have a choice in the matter. And unlike in the US they may not even have the option of being transparent about how much they have to hand over. It's a very different world legally over there.
If you've thought so little about the subject that you don't even understand why there is a fundamental difference between who designs gear and who manufactures it perhaps it's not an ideal topic to make sweeping statements about.
Huawei is owned in part by the Chinese government. Network virtualization (e.g. software defined networking) may decrease the risks posed by foreign manufactures since the software can be developed in the US, but still, a backdoor is possible. The backdoor itself could be at the compiler level, thus not detectable even with source code review (except of the compiler).
I don't know if I would call it a trade war. But the US has never had regular trade with China. China reciprocates by blocking Facebook, YouTube, many Google services, and many other services in the name of 'security'.
At least so far, this one's weaker because it's just a nonbinding advisory opinion about Huawei and ZTE, while the windfarm case was an actual block of a private-sector transaction.
The report here warns federal government procurement offices to avoid purchasing Huawei and ZTE equipment, and also recommends that private-sector companies avoid doing so. But the second recommendation has no teeth at all, and even the first part isn't strictly binding on the executive branch's procurement policies (it's not an actual passed bill, just a report issued by a committee).
I agree it's disconcerting. With the presidential election coming up, both Obama and Romney are eager to showcase their economic illiteracy by "getting tough on China". I certainly hope this is serious, and not just another instance of pandering to the ignorant.
What is the difference between this and equipment designed by a US firm with manufacturing outsourced to China. It would seem that the same alleged opportunities for subversion would exist.
It's a thorny issue. In the latter case, there is a US firm responsible for the integrity of the hardware they sell here. When malware was discovered in the firmware of PowerEdge servers Dell was shipping, Dell stood to lose a lot of customer loyalty if they didn't handle the issue correctly. What is the incentive structure like in a similar situation for Huawei?
Your example is fitting as Dell was selling (and I wouldn't be surprised if still is) Dell-branded networking gear designed and made by Chinese ODM which contained pretty obvious and well-known backdoor and it does not seem to matter much.
Unlike the security threat posed to everyone, including US citizens, by using AT&T's (and most likely other large providers) US network which the government illegally monitors? [1] Chinese communications companies may pose a security threat to other countries (and companies) but perhaps we should be looking at our own ridiculous problems first.
A Cisco to watch all of the packets produced by the Huawei and a Huawei to watch all of the packets produced by the Cisco. Any packet they don't agree on, gets dropped. Welcome the geopolitical AND gate.