Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Nuclear Lab Removes Chinese Tech

Posted by samzenpus on from the get-it-out-of-here dept.

Rambo Tribble writes "Reuters reports that Los Almos National Laboratory has removed switches produced by Chinese firm H3C, which once had ties to Huawei. This appears to be a step taken to placate a nervous Congress, rather in response to any detected security issues. From the article: 'Switches are used to manage data traffic on computer networks. The exact number of Chinese-made switches installed at Los Alamos, how or when they were acquired, and whether they were placed in sensitive systems or pose any security risks, remains unclear. The laboratory - where the first atomic bomb was designed - is responsible for maintaining America's arsenal of nuclear weapons. A spokesman for the Los Alamos lab referred inquiries to the Department of Energy's National Nuclear Security Administration, or NNSA, which declined to comment.'"

125 comments

  1. What's the replacement going to be? by wvmarle · · Score: 5, Insightful

    If they don't want made-in-China equipment, what are the alternatives? I don't think that doing without is much of an option.

    1. Re:What's the replacement going to be? by AndyKron · · Score: 4, Insightful

      The option would be to have a US company build them for 10X the cost plus the usual 1000% kickback. /s

    2. Re:What's the replacement going to be? by us7892 · · Score: 1

      Hardened Cisco switches.

      Just make sure they aren't the counterfeit Cisco switches circa 2008...which were from...China.

      http://www.homelandsecuritynewswire.com/china-may-have-back-door-us-military-computer-networks

    3. Re:What's the replacement going to be? by boulat · · Score: 4, Insightful

      And the 10x the cost is worth every penny. Cisco and Juniper routers and switches are the backbone of many serious enterprises. Serious about security and performance. I don't know of any Chinese product that is worth spending money on.

    4. Re:What's the replacement going to be? by sjames · · Score: 5, Insightful

      Cisco is made in China. They just charge Made in America prices and pocket the difference.

    5. Re:What's the replacement going to be? by vlm · · Score: 4, Interesting

      I know of a couple alternatives from gossip with industrial controls type people. Please don't secure your nations nuclear secrets based on my /. post.

      Google for "Garrett" they make industrial switches. Industrial as in weird DC voltages (for railroad, telco, etc) and supposedly good rep WRT interference protection. Like if you're running on the factory floor and the network goes bonkers when someone arc welds, rewire the run to a garrett and supposedly that'll fix it most of the time. The reputation of the prices is high, but when you need ethernet connectivity to the PLCs on a railroad engine or whatever, well...

      Google for a place called "wideband" if you want a local. Low to mid end office gear. Really not that expensive, like a couple billable consultant hours for a switch or about three 3rd party wiring calls. My point is complaining about something from wideband costing $800 vs noname for $600 or Cisco for probably about $1000 is kind of pointless for a $100K/yr network admin and $50/hr electrician and all that, but for home its going to be hard to slip a $800 purchase by for a 24 port managed switch. I have no rep info on this although I've heard they work.

      You need like ten centuries of switch*years before reports about reliability and such change from "anecdote" to "information" so onesie-twosie stories about "I heard of one that worked" isn't terribly useful.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    6. Re:What's the replacement going to be? by zlives · · Score: 2

      +1

    7. Re:What's the replacement going to be? by AmiMoJo · · Score: 0

      It would be more accurate to say they don't want switches made by $enemy_of_the_us. Once that was the Soviet bloc, then when that collapsed it became Iraq, then al-Qaeda. The latter has been decimated by drone strikes and a long grinding war, so now the Neo Cons need a new bad guy and China fits the bill.

      The Chinese are in many ways the perfect Enemy of the US(TM). Funny looking and speaking an incomprehensible/angry sounding language, over a billion of them and happy to do all the necessary posturing and military build-up required for a successful and perpetually unwinnable cold war.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re:What's the replacement going to be? by Anonymous Coward · · Score: 5, Informative

      Good thought, but check out the GarrettCom backdoor that was discovered by a curious researcher in 2012:

      http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf

      Looks like in some cases the 'american company' is worse! And why did it take this researcher named in the advisory to dicsover it? Why didn't any of the major corporations or government agencies who rely on this equipment discover it?

    9. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      Bring back manufacturing of those components by employing low cost labor through the indentured labor conditions in US prisons, I'd wager.

    10. Re:What's the replacement going to be? by khallow · · Score: 4, Insightful

      for a successful and perpetually unwinnable cold war.

      The last cold war was winnable. We know because the US-side won it (and squandered that victory in a way that probably will be talked about for centuries). But while I pointed that out, it's not the point of a cold war. The point of a cold war is to slowly resolve conflicts without sinking into a hot, nuclear war.

    11. Re:What's the replacement going to be? by ShanghaiBill · · Score: 3, Insightful

      Hardened Cisco switches.

      Most Cisco switches are made by Foxconn in China and Mexico. They are also opening a factory in Russia.

    12. Re:What's the replacement going to be? by nschubach · · Score: 2

      Why not just have a "home grown" firewall that doesn't allow communication to anything but specific controlled sites? I mean, the data has to go out of the building somewhere and they can control which destinations are acceptable. Even if the someone happened to slip in some code to "spy" on specific data it would have no way outside the network besides that firewall. Unless of course they embed some wireless communication chips in the switches, but that would require that someone in the building have a listening device.

      --
      Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
    13. Re:What's the replacement going to be? by Anonymous Coward · · Score: 1

      I guess they mean designed in China vs designed in the US. Huawei chips designed in China could have all sorts of backdoor functions built in. At least the CIA knows about the Cisco backdoors.

    14. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      The only winners were the arms companies. That was GP's (subtle) point.

    15. Re:What's the replacement going to be? by kelemvor4 · · Score: 3, Insightful

      If they don't want made-in-China equipment, what are the alternatives? I don't think that doing without is much of an option.

      I think the concern was specifically with Huawei and the recent hubub surrounding that outfit. Probably only for the reason you are alluding to. If there are any switches manufactured in the US, then I think it would be prudent to use those for high value operations like this one. Actually, if there weren't any - I think the needs of this particular operation would warrant the government manufacturing their own. Control of our nuclear arsenal is somewhat important ;).

    16. Re:What's the replacement going to be? by kelemvor4 · · Score: 5, Informative

      Cisco switches are manufactured in China since 2011 per this press release: http://newsroom.cisco.com/press-release-content?articleId=442243

    17. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      "It would be more accurate to say they don't want switches made by $enemy_of_the_us. Once that was the Soviet bloc, then when that collapsed it became Iraq, then al-Qaeda."

      But Arab numbers are still used, that's a security risk.
      Also all the enemies are using the metric system, so never go near that.

    18. Re:What's the replacement going to be? by Jawnn · · Score: 4, Informative

      The option would be to have a US company build them for 10X the cost plus the usual 1000% kickback. /s

      [citation needed]
      ...crickets...

      The reality, of course, is nowhere near the numbers you suggest, but hey, who's counting. This is /. and hyperbole is the order of the day. Rational discussions? Supported by actual facts? Pffffff....

    19. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      I''d like to subscribe to your twitter feed. Please advice.

    20. Re:What's the replacement going to be? by AdamHaun · · Score: 4, Interesting

      The option would be to have a US company build them for 10X the cost plus the usual 1000% kickback.

      I've heard the cost difference between Chinese vs. American manufacturing is about 15% for an iPhone (or presumably something like it). Don't have a good source for that, though.

      --
      Visit the
    21. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      Shame, those Al-Qaeda switches were awesome! Came with built in AK-47 physical intrusion deterrence, and if a script kiddie got into it, they would send down a couple of people to bomb their house. The logs it sent with random quotes from Osama bin Laden calling for death to imperialist western UTP packets got a bit annoying at times though.

    22. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      On chip LTE egress FTW...you mean you thought the LTE backbone wasn't Huwei?

    23. Re:What's the replacement going to be? by GrumpySteen · · Score: 1

      The same reason why you don't discover all the flaws with your software and hardware rather than hearing about security researchers finding them; neither they nor you have the time or budget to hire full time security people to thoroughly go through every piece of hardware, firmware and software in use.

    24. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      And his point is wrong.

    25. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      OK Mr jawnn, list a US company that could build them next week for, say, just twice the price.

    26. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      Neoconservatives exist; you clearly don't understand your own ideological history.

    27. Re:What's the replacement going to be? by GodfatherofSoul · · Score: 4, Insightful

      I've heard similar figures as well. The overhead for building in the US isn't as huge as you'd think. Actually, the overhead for many alternatives to cost-saving measures (like illegal immigrant workers in lieu of Americans) isn't as high as we've all been lead to believe.

      --
      I swear to God...I swear to God! That is NOT how you treat your human!
    28. Re:What's the replacement going to be? by AmiMoJo · · Score: 2

      If you mean "won by default because the Soviet Union collapsed" then yeah, we won.

      The point of a cold was is to scare the shit out of your citizens and spend lots of money on the military. Come on, everyone knows that.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    29. Re:What's the replacement going to be? by AmiMoJo · · Score: 2

      The downstream routers are also Chinese. It wouldn't be hard to tag a packet in some way to be copied quietly back to a listening post once it is well past the firewall. Dedicated lines all the way are the only way to be sure.

      Not that this isn't anything but paranoia...

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    30. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      My point is complaining about something from wideband costing $800 vs noname for $600 or Cisco for probably about $1000 is kind of pointless...

      In a world where common sense prevailed, you're absolutely right. However, government contracts often require requests for bids, with the lowest bids winning. Without specifying detailed criteria to ensure security or the integrity of the supplier, the $600 noname could win. In retrospect, this would be a great way for a country like China to infiltrate Los Alamos' network.

      The thing about Los Alamos is that their data is of utmost sensitivity, but their grip on computer security is so secondary to their main mission that it seems to be run with the same dismal level of competency as any other non-computer, non-security organization. As of a couple years ago, they were reportedly losing 80 laptops a year due to theft and unsolvable misplacements. When the press publishes stories of laptop losses with unencrypted, top secret data, they announce how they're going to encrypt data from now on, and keep people from walking out with laptops, but the same thing inevitably happens again.

    31. Re:What's the replacement going to be? by Anonymous Coward · · Score: 2

      Don't go ruining corporate propaganda with facts. That would mean the whole race to the bottom this country has been waging on workers since Reagan has all been a scam to take money from the poor and middle class and give it to the rich. That would never happen--not in The Greatest Country on Earth (TM).

    32. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      By Act of Congress, many military electronics projects can't be "outsourced" to most foreign markets. In these instances, I have seen costs on the order of 5x what a Chinese contractors might have returned. As for the kickbacks, they are via a "revolving door" between military procurement offices and military contracting sales departments - "special considerations" on pricing and contract terms by military purchasing agents are rewarded with very well compensated do-nothing jobs when they retire.

    33. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      Do you really think the "last cold war" ended? hmmm..... Seeing Mevedev's and Putin's policies after the 2008 Us-backed Georgia fiasco, and the way diplomacy has run downhill since then and the way the BRIC is consolidating its power, alongside Siria, Iran, North Korea and the like I would say that callin a win on the cold war is outright farfetched!!!

    34. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      cisco and juniper have switches that are produced in the USA. These are for various TLAs. It is amazing and irresponsible that these are NOT being installed into our government labs.

    35. Re:What's the replacement going to be? by wvmarle · · Score: 1

      For a government doing stuff in name of national security, cost shouldn't be an issue. Just look at the cost they spent on "regime change" in Iraq and Afghanistan, just to name some. Hiring a few of the brightest security experts to thoroughly test their equipment is just peanuts compared to that.

      The only reason I can think of why they do not do that is political: wars are much more visible, and electors like to see results.

    36. Re:What's the replacement going to be? by oursland · · Score: 1

      The claim was initially made by AndyKron without supporting evidence. The onus is on him to back up his argument.

    37. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      I thought the only way to be sure was to nuke it from orbit.

    38. Re:What's the replacement going to be? by Anonymous Coward · · Score: 0

      I don't see how Windows can be an alternative as an OS either, since a lot of High Level code is outsourced to the Chinese; and you can't view the code to see what's in there. We already know Microsoft allows the US Government to implement Back Doors, do you really think the Chinese Government doesn't have one also?.

    39. Re:What's the replacement going to be? by metaforest · · Score: 1

      If you mean "won by default because the Soviet Union collapsed" then yeah, we won.

      Oh we gonna redefine 'win' now? For many centuries if your opponent defaults... that is a win. Time honored tradition in chess which is older than most of western civilization.

      No it is not a clear a win as having your boot on the opponent's throat, but hey that must be an intelligent opponent, who recognizes that, 1( victory is not possible. 2(Surrender is not acceptable. 3) Capitulation is the best way out.

      L: Ok so we just stop this nonsense. Yes? :(

      W: Yuuuush!! We Wiii... :D

      L: Unless you desire bloodbath.... We could accom... >:(

      W: No! No... We'll accept your 'cease...' er position! Position! Yes! We good? :}

      L: Is good! No? :|

      W: Yes! (Thank God yes!) :)

      L: Did you say something? >:|

      W: No! No. No. Jus... Just glad it is over... He He... :D 3

      I don't think most kids new how close it could have come to an immolation, if that had not been handled as well as it was.

    40. Re:What's the replacement going to be? by stoatwblr · · Score: 1

      FWIW, (NOT in the USA) the differebce between Huawei 10Gb/s TRILL kit and the equivalently specified Cisco stuff is a factor of 6-8 after discounts are offered (and significantly higher if list prices are looekd at ) Huawei's performance levels are significantly higher. I am a CCNA by necessity but IMO Cisco trade on their name, not on their acual performance. It's a bit like the old "Nobody got fired for buying IBM" mantra.

  2. Closing the barn door after the horses left... by Cornwallis · · Score: 2

    Good thing they took them out before they were connected to anything...

  3. Rebadged H3C / 3Com by CodeheadUK · · Score: 1

    Most HP A-Series switches are just rebadged H3C hardware. Some still come direct from HP with the H3C badge on.

    Given that the A-Series firmware is present across even the HP badged hardware, are they going to throw out all HP A-Series switches?

    1. Re:Rebadged H3C / 3Com by Shoten · · Score: 2

      Most HP A-Series switches are just rebadged H3C hardware. Some still come direct from HP with the H3C badge on.

      Given that the A-Series firmware is present across even the HP badged hardware, are they going to throw out all HP A-Series switches?

      They'd have to have HP-made switches in the first place...I recall HP's market penetration, and from what I recall, neither of HP's customers are a National Laboratory...(snicker)

      --

      For your security, this post has been encrypted with ROT-13, twice.
    2. Re:Rebadged H3C / 3Com by Anonymous Coward · · Score: 0

      hehe... penetration...

    3. Re:Rebadged H3C / 3Com by Anonymous Coward · · Score: 0

      The CERN uses HP ... not america national lab but an international one

  4. time to build tech in America by jsepeta · · Score: 3, Informative

    We have the know-how, and a patriotic, knowledgeable, and capable workforce. If congress instituted taxes on foreign made goods to help fund jobs in America, we'd be safer.

    --
    Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
    1. Re:time to build tech in America by vlm · · Score: 0

      It would be cheaper, simpler, and "fairer" to enforce US EPA, FCC, FDA, and OSHA laws on the foreigners and then see who's more productive...

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    2. Re:time to build tech in America by Anonymous Coward · · Score: 1, Funny

      There would also be more pollution in the environment. Keep it in China. That way it's not in the environment.

    3. Re:time to build tech in America by ShanghaiBill · · Score: 2

      If congress instituted taxes on foreign made goods to help fund jobs in America, we'd be safer.

      Like the way Smoot-Hawley kept us out of WWII?

    4. Re:time to build tech in America by Anonymous Coward · · Score: 3, Interesting

      Ok, I'll bite vim. How can we enforce the rules of those agencies on Chinese manufacturers? The bunk beds Foxconn stacked their workers in were an OSHA violation before they even started their work day.

      I would recommend we sythesize your and jsepetas theories. We tax imports based on an estimated cost of the imported product if the company in question were to be OSHA, EPA, FDA, and FCC rule compliant, and as they come into compliance with each we drop that portion of the tax.

      Aside from enormous difficulty of managing the import taxation-register and verifying compliance, what do you think?

    5. Re:time to build tech in America by ColdWetDog · · Score: 3, Funny

      There would also be more pollution in the environment. Keep it in China. That way it's not in the environment.

      Just which planet do you live on anyway?

      --
      Faster! Faster! Faster would be better!
    6. Re:time to build tech in America by Pinky's+Brain · · Score: 2, Insightful

      Sure, break all the WTO agreements and see if SA keeps buying US bonds ... a country with energy and food independence can do whatever the fuck it wants with it's trade policies, the US not so much.

    7. Re:time to build tech in America by nospam007 · · Score: 1

      "If congress instituted taxes on foreign made goods to help fund jobs in America, we'd be safer."

      No, you'd just be naked and gadgetless and the WTO would grant China the right to copy all the movies and music they want and sell it at will.
      The WTO already gave Antigua and Barbuda the go-ahead to punish the US by violating copyrights and trademarks.

    8. Re:time to build tech in America by Pinky's+Brain · · Score: 3, Interesting

      Even if we assume for a moment that Smoot-Hawley caused the great depression (laughable given the size of imports/exports in relation to GDP) the Versailles treaty was going to shit long before it and the great depression ... France had already invaded the Ruhr 7 years earlier, initiating hyperinflation.

    9. Re:time to build tech in America by vlm · · Score: 1

      Aside from enormous difficulty of managing the import taxation-register and verifying compliance, what do you think?

      Only enforce on companies larger than X personnel or Y sales volume or something like that?

      I think people overestimate how common inspection is in our homeland. Unless the boss committed a political offense, its rare to be inspected for anything more than once every couple years for anything, unless someone gets hurt on the job or an anonymous report is made. I'm guessing that the inspection cost will not be very high.

      Another interesting way to save money is to provide an industry standard assumption. If the company thinks they can beat it, fine, get physically inspected, but otherwise the assumption is the cost of EPA compliance would be $X per unit or whatever.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    10. Re:time to build tech in America by Anonymous Coward · · Score: 0

      "America". Weren't you paying attention?

    11. Re:time to build tech in America by stoatwblr · · Score: 1
      "The bunk beds Foxconn stacked their workers in were an OSHA violation before they even started their work day."

      USA employers solve this by requiring workers to find their own damned accomodation.

      Any real incentive to "buy american" went away when the social contract inherent in the New Deal was torn up.

  5. Trusted Foundry by Scot+Seese · · Score: 4, Insightful

    They will most likely be replaced with equipment provided by vendors who are on the U.S. military's "Trusted Foundry" schedule. It doesn't matter if half the chips in those "Trusted Foundry" switches are manufactured in China - as a result of careful research, you can be "reasonably" sure they don't contain backdoors or malicious code.

    "Reasonably."

    --
    THIS SPACE INTENTIONALLY LEFT BLANK.
    1. Re:Trusted Foundry by Shoten · · Score: 5, Insightful

      They will most likely be replaced with equipment provided by vendors who are on the U.S. military's "Trusted Foundry" schedule. It doesn't matter if half the chips in those "Trusted Foundry" switches are manufactured in China - as a result of careful research, you can be "reasonably" sure they don't contain backdoors or malicious code.

      "Reasonably."

      There's another factor in this. A company like Huawei (founded by former members of the PRA, specifically ones from their cyber warfare capability) or H3C (owned by HP as a subsidiary, but otherwise entirely Chinese, top-to-bottom) can easily be argued to have interests that align with China. Cisco, on the other hand, is an American-founded company with American management.

      If a Chinese national in China puts some nastiness into a switch/router/espresso machine that is then deployed in a sensitive location in the USA, well, it'll make a stink, but nobody will be all THAT shocked either, as the people behind it will be acting in their own nation's interests. Furthermore, they do not have the same market position in the West, and thus have less to lose economically. But if Cisco does this, they are really in deep trouble. I guarantee that the upper and middle management would have to prove their lack of knowledge of it. And that's a losing proposition right there: either you can't prove you knew about/controlled it (in which case you are now on the hook for espionage and other nasty things) or you successfully prove that you have no real control over your own products. At that point, you've proven either that you will screw your own customers AND countrymen, or that you really have no way of keeping your underlings from doing the same. So Cisco has an enormous incentive to make sure that no hanky-panky goes on at their manufacturing facilities, wherever they may be.

      --

      For your security, this post has been encrypted with ROT-13, twice.
    2. Re:Trusted Foundry by Sulphur · · Score: 1

      They will most likely be replaced with equipment provided by vendors who are on the U.S. military's "Trusted Foundry" schedule. It doesn't matter if half the chips in those "Trusted Foundry" switches are manufactured in China - as a result of careful research, you can be "reasonably" sure they don't contain backdoors or malicious code.

      "Reasonably."

      They put a quark in it.

    3. Re:Trusted Foundry by johanw · · Score: 4, Insightful

      Cisco already made backdoors in some products we know of (the recent hazzle about their IP-phones). And they won't even fix some of them. Unless you're connected with the Dalai Lama I think you're much safer with Chinese hardware than with American. At least the Chinese don't give a damn if I download movies for free.

    4. Re:Trusted Foundry by pnutjam · · Score: 1

      You would prefer unreasonably?

      --
      Cheap storage VM.
    5. Re:Trusted Foundry by Anonymous Coward · · Score: 0

      Of course the only country to really sabotage electronics components was the US (Siberian gas valve controls) so we should know.

    6. Re:Trusted Foundry by Anonymous Coward · · Score: 0

      Cisco gears are made in China and that make it a possibility and more sense that China could/would have backdoor installed onto Cisco gears instead of their own brands. It could be fake parts or workers on the factory floor or during the shipment on a slow boat from China or even be on the docks.

    7. Re:Trusted Foundry by amicusNYCL · · Score: 2

      "Safer" is a pretty relative term. A home user may be "safer", in the sense that their online traffic data would only go to the Chinese, who wouldn't really care about what they're doing online. For a government user, sending a copy of their traffic to China is not safer. Likewise, for a government user they don't really care if all of their traffic is being sent to the NSA, because they're the NSA. But for a home user, you probably don't want all of your traffic going to the NSA. Home users might be safer with Chinese technology (safer as in "safer from the US government"), but US government users are safer with the technology that sends everything to the NSA.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    8. Re:Trusted Foundry by Type44Q · · Score: 2

      A company like Huawei (founded by former members of the PRA

      People's Riberation Army? :p

    9. Re:Trusted Foundry by Anonymous Coward · · Score: 0

      Make sure they dont leave your sight on the way here, my friend.

    10. Re:Trusted Foundry by Shoten · · Score: 1

      A company like Huawei (founded by former members of the PRA

      People's Riberation Army? :p

      (grin)

      I was hoping someone would catch that :)

      --

      For your security, this post has been encrypted with ROT-13, twice.
  6. los almos? by Anonymous Coward · · Score: 0

    wtf is this some lab like los alamos?

    1. Re:los almos? by NatasRevol · · Score: 1

      Great, now you gave away their super-secret naming convention.

      You terrorist.

      --
      There are two types of people in the world: Those who crave closure
  7. I'm OK with this. by Anonymous Coward · · Score: 0

    Shame on the government for letting foreign technologies be present in the first place. Did we learn nothing from Siberian Pipeline Sabotage ( http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage). Hmm.. Nuclear research....important? hmmm....

    1. Re:I'm OK with this. by vlm · · Score: 1

      One interesting topic discussed in that very wikipedia article is you can create an economic hit on your enemy merely by plausibly claiming they have defective equipment. So China just cost the USA one zillion bucks to replace all that stuff, even if the story is just make believe.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    2. Re:I'm OK with this. by Jmc23 · · Score: 2
      um, so the USA gov't created an econimic hit on it's enemy the USA by saying the USA had 'untrustworthy' equipment?

      China actually has nothing to do with this at all.

      --
      Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
  8. Computer network threatens nuclear lab? by jkrise · · Score: 4, Informative

    A nuclear lab is, as I would imagine, a place where radioactive materials are researched in order to produce destructive levels of energy. Information generated, processed and researched in this lab should be ideally completely cut off from the rest of the World. It makes zero sense to connect this network of computing devices to the outside world and the internet, so that researchers can post to Facebook or play networked Solitaire. Security should be achieved by completely isolating this network from the rest of the World.

    I do not know of any 'networking' devices from any country or vendor that does not have any vulnerabilities, or is completely immune to hacking. To imagine that non-Chinese networking devices are more 'secure' is to totally miss the point.

    --
    If you keep throwing chairs, one day you'll break windows....
    1. Re:Computer network threatens nuclear lab? by icebike · · Score: 1

      An air gap certainly makes sense in places like this, (and far more secretive places).

      But that particular lab has a horrible history with security issues. Just Google Security Breach Los Alamos.
      Its been far too easy to foreign nationals employed there, and security has always been pretty lax.

      However one must entertain the idea that not everyone working there is entirely clueless, and they have some evidence of rogue network traffic, or some other evidence of breach, or potential for same.

      After all LANL has been thumbing their collective nose at congress for decades, and to suddenly do an about face when a not particularly security conscious administration is in power seems pretty unusual.

      Its just as likely the plan is to force the installation of routers that can be monitored by the NSA.

      --
      Sig Battery depleted. Reverting to safe mode.
    2. Re:Computer network threatens nuclear lab? by Anonymous Coward · · Score: 0

      "Security should be achieved by completely isolating this network from the rest of the World."
      Ok, that's fine. But what if the networking devices installed in the office have a sneaky 3G card builtin. Are you going to build a faraday cage around the premises?

    3. Re:Computer network threatens nuclear lab? by Em+Adespoton · · Score: 1

      That misses the point though; can you imagine if switches were installed in such a lab with a stuxnet-style attack built in and waiting for a certain type of network traffic to pass over them to trigger?

      At that point, it doesn't really matter if data is exfiltrated or if there's no way to remotely access the switches. This seems like what they're attempting to protect against, and is the kind of attack unlikely to originate from home-grown hardware. Of course, most "home grown" hardware these days has chips on-board that are made in China, so most of what they're doing is raising teh bar and making a political statement.

  9. Re:china has had by Anonymous Coward · · Score: 0

    In your 2nd part, you seem to imply that exploiting weaknesses in adversaries/competitors and covering weaknesses in oneself simultaneously constitutes an act of hypocrisy, or at the very least an act that deserves criticism. It's not, it's what every intelligent nation -- nay, every intelligent organism in the history of existence -- has done and will do.

  10. We know everything! by game+kid · · Score: 2, Funny

    Dear Sirmadam President,

    You might have removed our Glorious People's Technology from your nuclear reactors, but we know everything that happened in there now. The nuke codes, the aliens, the frat parties you held above the spent-fuel pool with that "Lohan" girl because the glow was supposedly aphrodisiac...pah! We're way ahead of you there!

    We have better nukes. Scalier aliens. Even more of your tech. And when we call in your debts...we'll have the blackmail videos from the party to make you pay! I hear some of your Cabinet members were...deeply embedded that day! Haaa hahaha*continues to laugh and cough all Sephiroth-like*...

    On behalf of the People's Republic,

    [signature]

    Big Hoojie

    PS: YES WE SPELLED "SCALIER" CORRECTLY. Our aliens are like fucking Draconians, not those starved green bean dolls with potato heads and shit.

    --
    You can hold down the "B" button for continuous firing.
    1. Re:We know everything! by Anonymous Coward · · Score: 0

      Our aliens live under our grounds up in our caves. They look strikingly like the reptile dudes from Skyrim, except much taller.

  11. what about the iPhones in the organization? by mschaffer · · Score: 1

    Screw the switches, think about all of the iPhone floating around LANL (and Congress)!

    1. Re:what about the iPhones in the organization? by jittles · · Score: 1

      Screw the switches, think about all of the iPhone floating around LANL (and Congress)!

      Probably 0. Hopefully 0. These facilities have lockers where you are supposed to leave all phones, cameras, and anything else that could be used to steal data. You're not supposed to be able to get in without emptying your pockets. You're even supposed to leave your car keys, etc, in the locker.

    2. Re:what about the iPhones in the organization? by icebike · · Score: 2

      Seriously, You know this? How?

      As recently as 2007 this was clearly not the case.

      It was only after several years on the job that she was caught with bomb designs in her trailer and fired. But the investigation reveals that Quintana had taken her cell phone into a vault filled with secret documents where she worked — another major security violation. She also had access to a high-speed classified printer, even though such access was "not required by her job," and used the device to run off hundreds of copies of classified documents that she also brought home.

      See: http://www.time.com/time/nation/article/0,8599,1612912,00.html

      --
      Sig Battery depleted. Reverting to safe mode.
    3. Re:what about the iPhones in the organization? by jittles · · Score: 4, Informative

      Seriously, You know this? How?

      As recently as 2007 this was clearly not the case.

      Because I've worked in a facility like this before. Not Los Alamos, but with classified data.

      It was only after several years on the job that she was caught with bomb designs in her trailer and fired. But the investigation reveals that Quintana had taken her cell phone into a vault filled with secret documents where she worked — another major security violation. She also had access to a high-speed classified printer, even though such access was "not required by her job," and used the device to run off hundreds of copies of classified documents that she also brought home.

      See? She violated security protocol by bringing her phone into the vault. It says so right there in your own quote. So as I said there should be 0 iPhones around there. Whether people actually follow the rules is up to the site security officer, but the rules clearly state no cell phones.

      See: http://www.time.com/time/nation/article/0,8599,1612912,00.html

    4. Re:what about the iPhones in the organization? by s.petry · · Score: 2

      Read the NISPOM and JFAN security guides. No external devices can be brought in to secured areas. No USB sticks, no media without a lengthy process to scan and check in the data. Nothing leaves the secured area without being shredded. We had some hefty machinery built to munch up everything from memory and CD/DVD media to hard drives and LTO tapes.

      So "congress"? Yes, but we already know that cesspool for what it is. Secured areas like LANL? Not a chance.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    5. Re:what about the iPhones in the organization? by icebike · · Score: 1

      Please just Google Los Alamos and Security Breach, or, I don't know, maybe click the link in the message you replied to?

      Don't pontificate about standards that appear to be honored only in the breach.

      --
      Sig Battery depleted. Reverting to safe mode.
    6. Re:what about the iPhones in the organization? by 1729 · · Score: 1

      Read the NISPOM and JFAN security guides. No external devices can be brought in to secured areas. No USB sticks, no media without a lengthy process to scan and check in the data. Nothing leaves the secured area without being shredded. We had some hefty machinery built to munch up everything from memory and CD/DVD media to hard drives and LTO tapes.

      So "congress"? Yes, but we already know that cesspool for what it is. Secured areas like LANL? Not a chance.

      Times have changed. Dunno about LANL, but at LLNL:

      https://csp-training.llnl.gov/CS0149-W/non-gov_respons.html

  12. US projecting their actions on Iran's onto China by Anonymous Coward · · Score: 0

    Perhaps they are worried that China might take a cue from what the US did to Iran's nuclear equipment?

  13. FUD about Chinese networking equipment by Kohath · · Score: 0, Flamebait

    This FUD is just weird. Why is there a FUD campaign being waged against Huawei? And who is behind it? And what's Slashdot's motive for getting involved?

    (Maybe Huawei is doing exactly what the FUDsters fear, BTW. I have no idea. I just think the FUD campaign is curious.)

    1. Re:FUD about Chinese networking equipment by Em+Adespoton · · Score: 1

      Which campaign? Huawei has documented ties to the Chinese cyber-espionage program. A foreign power likely to be a target of such a program has removed their products from sensitive locations. I don't see anyone saying "DON'T BUY FROM Huawei!!! They'll steal your WoW account to steal your gold!" or anything of the sort.

      There are times when UD (Uncertainty and Doubt) are useful measures when making product decisions. I don't see anyone (other than perhaps politicians) entering into the F part.

    2. Re:FUD about Chinese networking equipment by Anonymous Coward · · Score: 0

      Huawei has documented ties to the Chinese cyber-espionage program

      [citation needed]

    3. Re:FUD about Chinese networking equipment by Kohath · · Score: 0

      The phrase "documented ties to" sounds like guilt by association. How about making a specific allegation?

      If this was the only instance of anti-Huawei FUD, you would have a point. But I've been seeing it for years, related to cellphone base stations and all manner of networking equipment for civilian applications. The Heritage Foundation wrote a scare report years ago ( http://www.heritage.org/research/reports/2008/02/trojan-dragon-chinas-cyber-threat ) for some reason.

      This effort is being led by someone, for a specific reason. I'm just wondering Who? and Why?

    4. Re:FUD about Chinese networking equipment by Em+Adespoton · · Score: 1

      Does this answer those questions at all?

      http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/Huawei-ZTE%20Investigative%20Report%20(FINAL).pdf
      (Dated October 8, 2012)

  14. It's Richard Nixon's fault by Spy+Handler · · Score: 3, Insightful

    for opening up China to trade. (granted he thought he was doing good by dividing the Communist bloc and weakening the Soviets)

    Free unrestricted trade is NOT a 100% universally good thing, no matter how much our glorious corporations and econ professors tell us so.

  15. Re:US projecting their actions on Iran's onto Chin by Jmc23 · · Score: 1
    People in general tend to ascribe motivations to others that they themselves hold.

    This should tell you something about the USA's mental health and it's constant war on everything.

    --
    Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
  16. Related story by ThatsNotPudding · · Score: 2

    This would be another reason not to allow personal cellphones in secure and sensitive work areas. If the FBI can turn on mobsters' phone mics (and therefore cameras), so can the Peoples' Central Committee.

  17. Reverse-engineer maybe? by Anonymous Coward · · Score: 0

    So much time and effort goes into all this philosophizing and speculating. How about reverse-engineering the things and find out if the code does anything evil? It's worth a try at least.

  18. National security should be privatized by Anonymous Coward · · Score: 0

    See, shit like this is why I am a libertarian. Instead of pulling "risky" equipment, we should be privatizing ALL the services that USE the equipment and just let the invisible hand of the free market fix any and all security problems.

    1. Re:National security should be privatized by Pinky's+Brain · · Score: 2

      Anything which won't be known to be a problem before you can cash out your options and stock isn't a problem. Someone lower on the totem pole rocking the boat by researching whether there are problems on the horizon is an immediate problem to be solved.

    2. Re:National security should be privatized by sheph · · Score: 0

      I'd lean towards agreeing with you if only it worked that way. Unfortunately most private industry bows to the almighty buck, and security is usually seen as an impediment to maximum profits. It's not until they've been exploited and had their backside handed to them that they finally see security as a worthwhile investment. Even then some still don't get the point. I'm wondering why as a taxpayer we put substandard crap in there in the first place. It's not like we don't know who are enemies are.

      --
      I don't believe in karma, I just call it like I see it.
  19. In other words by Virtucon · · Score: 2

    Cisco or Juniper just received a big contract to supply Chinese made goods from a US Brand name Manufacturer.

    It just goes to show how screwed up our government is, really. If somebody in the NSA would dissect one of these systems and say "there's where the security hole is" it would be of real benefit to the rest of us who support lots of shops with a variety of gear. If there isn't anything to worry about then just tell those idiots on capitol hill to STFU! Oh wait, we're talking congress right? Never mind.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
  20. In other news... by Minwee · · Score: 1

    All Los Alamos staff have been ordered to change the combination on their safe if Dr. Feynman has been seen in their office.

  21. A whiff of pejudice? by Anonymous Coward · · Score: 0

    Get rid of tech just because it was made in China? This worked really well for the Nazi when they got rid of "Jewish Science".

    Oh those devious Chinese. You can never trust them.

  22. Yeah? And replace with what? by blind+biker · · Score: 2

    Cisco switches are made in China, with chinese-made components - that is, the nice ASICs put in the switches, the perfect place to put the backdoors.

    --
    "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
    1. Re:Yeah? And replace with what? by Anonymous Coward · · Score: 0

      That's why you send the foundry the bluepring, and check the dice they send you back - to make sure it has the same # of components in the same locations as the original design.

      Not to mention also analyzing the resulting hardware to make sure every piece does what it's supposed to do and nothing else.

  23. L-o-o-o-ng overdue by gestalt_n_pepper · · Score: 4, Insightful

    Hardware and chips are about the most obvious attack vector for USA defense hardware there is. I seriously doubt that more than half of our radio transmission equipment would work 15 minutes into a conflict with China, since this too is an obvious weak point. I expect that hardware generated viruses would take out quite a bit of our tactical grids as well. It's what I would do, if I were them.

    Bottom line. We can't buy *ANY* defense equipment from overseas, directly or indirectly, without increasing security risks significantly.

    Not that anyone cares, of course. Politicians just want to reduce costs. So do contractors and subcontractors. Monitoring all this costs money and nobody wants to be accused of "regulation" or being against globalization, and so we seal our own eventual military doom.

    --
    Please do not read this sig. Thank you.
    1. Re:L-o-o-o-ng overdue by stoatwblr · · Score: 1
      All it'd take to knock out North American (or European, or Asian, etc) infrastructure is a few well-aimed strikes at the power distribution inftrastructure.

      The choices are:

      Conventional precision strikes on major transformers (the same ones everyone's worrying which would be knocked out in a major solar flare)

      A suitable yield stratospheric nuclear airburst - why create masses of fallout and civilian deaths when you can simply wipe out half a continent's worth of electrical grid in one go with a good-size EMP?

    2. Re:L-o-o-o-ng overdue by gestalt_n_pepper · · Score: 1

      And why bother with a bomb when you can do it with a SCADA virus?

      --
      Please do not read this sig. Thank you.
    3. Re:L-o-o-o-ng overdue by stoatwblr · · Score: 1
      As a bonus, scada virus won't result in rapidly escalating nuke exchanges. The scenario for such events now is actually worse than in the cold war days.

      For all the USA military is sabre rattling about cyber-attacks. any such attack on a foreign nation which has ample resources to retaliate is a non-starter. It's much easier to simply arrange for top tier carriers to blackhole the ASNs involved.

      This is already done routinely, although the usual target is hijacked netblocks and the ASNs advertising their routes. Moving to deal with attacks across the network, vs attacks on the integrityof the network will take a lot more pushing and shoving at high levels.

  24. Reuters reports removed Red routers. by Culture20 · · Score: 1

    Roadhouse.
    Alliteration.

  25. More dangerous than Fukushima? by Anonymous Coward · · Score: 0

    Is this an admission that they don't insist on full access to firmware code on the equipment they buy? If so then they are inherently more dangerous than any Japanese nuclear plant, don't you think?

  26. Re:china has had by Shoten · · Score: 2

    Based on available classified and unclassified information, Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems

    This, coming from a nation that once rigged Zerox machines to covertly capture soviet documents, and rigged a SCADA controller to turn a gas pipeline into a 3 kiloton bomb in siberia.

    Yeah, I think that's the point. It's not hypocrisy, it's making sure our own methods aren't used against us. I think you missed that point entirely. Also worth noting is that it's one thing when a country you have entirely embargoed, with only specific exceptions, steals technology from you which you then sabotage to piss in their canteen. It's another entirely when your largest economic trading partner abuses that relationship, by sabotaging the very items they worked hard to get you to buy in the first place.

    --

    For your security, this post has been encrypted with ROT-13, twice.
  27. Open Source Hardware by xanojsp · · Score: 4, Informative

    For critical applications, one can use a White Rabbit switch. White Rabbit is a technology developed at CERN and other institutes and companies. The switch PCB is Open Source (licensed under the CERN Open Hardware Licence) and all the switching happens inside an FPGA for which all VHDL sources are available under LGPL. There is already one company commercializing it, but the sources are all available for any other company to build it, test it, commercialize it and provide support. The terms of the licence give no privilege to any single vendor. No royalties, no patents. Plus the HDL can be customized for particular applications (low latency, redundancy...).

    1. Re:Open Source Hardware by Joe_Dragon · · Score: 1

      object White Rabbit kill all the camera and door locks.

    2. Re:Open Source Hardware by Anonymous Coward · · Score: 0

      Good idea - why do you object?

    3. Re:Open Source Hardware by Going_Digital · · Score: 1

      Except the FPGA is proprietary so there is no guarantee that nothing underhand is happening there. It is a question of how deep you want to go, at some point you have to trust someone.

    4. Re:Open Source Hardware by xanojsp · · Score: 1

      So you mean that Xilinx would know in advance someone will use pin number h9 of one of their chips as a port in an Ethernet switch and would have instrumented the chip to sniff Ethernet frames as they go through that port and send them somewhere? OK...
      Would they do that for all possible data transmission standards (SATA, firewire...) and all possible pins in all FPGA families? I agree at some point you have to trust someone, and this is a point I would be comfortable with.

  28. Lods a bull by Anonymous Coward · · Score: 0

    This bollox for even thogh the switches such as cisco dell and hp are also made in china. all asics are made in china (most) so whats the difference..

  29. But there are security issues! by Agent+ME · · Score: 1

    This appears to be a step taken to placate a nervous Congress, rather in response to any detected security issues.

    But there *are* glaring security issues, with at least some of their products.

    https://www.computerworld.com/s/article/9229785/Hackers_reveal_critical_vulnerabilities_in_Huawei_routers_at_Defcon

  30. Re:What's the replacement going to be? OpenBSD by Anonymous Coward · · Score: 0

    see subject