US Nuclear Lab Removes Chinese Tech

← Back to Stories (view on slashdot.org)

US Nuclear Lab Removes Chinese Tech

Posted by samzenpus on Monday January 7, 2013 @05:32AM from the get-it-out-of-here dept.

Rambo Tribble writes "Reuters reports that Los Almos National Laboratory has removed switches produced by Chinese firm H3C, which once had ties to Huawei. This appears to be a step taken to placate a nervous Congress, rather in response to any detected security issues. From the article: 'Switches are used to manage data traffic on computer networks. The exact number of Chinese-made switches installed at Los Alamos, how or when they were acquired, and whether they were placed in sensitive systems or pose any security risks, remains unclear. The laboratory - where the first atomic bomb was designed - is responsible for maintaining America's arsenal of nuclear weapons. A spokesman for the Los Alamos lab referred inquiries to the Department of Energy's National Nuclear Security Administration, or NNSA, which declined to comment.'"

45 of 125 comments (clear)

Min score:

Reason:

Sort:

What's the replacement going to be? by wvmarle · 2013-01-07 05:35 · Score: 5, Insightful

If they don't want made-in-China equipment, what are the alternatives? I don't think that doing without is much of an option.
1. Re:What's the replacement going to be? by AndyKron · 2013-01-07 05:44 · Score: 4, Insightful
  
  The option would be to have a US company build them for 10X the cost plus the usual 1000% kickback. /s
2. Re:What's the replacement going to be? by boulat · 2013-01-07 05:47 · Score: 4, Insightful
  
  And the 10x the cost is worth every penny. Cisco and Juniper routers and switches are the backbone of many serious enterprises. Serious about security and performance. I don't know of any Chinese product that is worth spending money on.
3. Re:What's the replacement going to be? by sjames · 2013-01-07 05:52 · Score: 5, Insightful
  
  Cisco is made in China. They just charge Made in America prices and pocket the difference.
4. Re:What's the replacement going to be? by vlm · 2013-01-07 05:54 · Score: 4, Interesting
  
  I know of a couple alternatives from gossip with industrial controls type people. Please don't secure your nations nuclear secrets based on my /. post.
  Google for "Garrett" they make industrial switches. Industrial as in weird DC voltages (for railroad, telco, etc) and supposedly good rep WRT interference protection. Like if you're running on the factory floor and the network goes bonkers when someone arc welds, rewire the run to a garrett and supposedly that'll fix it most of the time. The reputation of the prices is high, but when you need ethernet connectivity to the PLCs on a railroad engine or whatever, well...
  Google for a place called "wideband" if you want a local. Low to mid end office gear. Really not that expensive, like a couple billable consultant hours for a switch or about three 3rd party wiring calls. My point is complaining about something from wideband costing $800 vs noname for $600 or Cisco for probably about $1000 is kind of pointless for a $100K/yr network admin and $50/hr electrician and all that, but for home its going to be hard to slip a $800 purchase by for a 24 port managed switch. I have no rep info on this although I've heard they work.
  You need like ten centuries of switch*years before reports about reliability and such change from "anecdote" to "information" so onesie-twosie stories about "I heard of one that worked" isn't terribly useful.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
5. Re:What's the replacement going to be? by zlives · 2013-01-07 06:09 · Score: 2
  
  +1
6. Re:What's the replacement going to be? by Anonymous Coward · 2013-01-07 06:20 · Score: 5, Informative
  
  Good thought, but check out the GarrettCom backdoor that was discovered by a curious researcher in 2012:
  http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf
  Looks like in some cases the 'american company' is worse! And why did it take this researcher named in the advisory to dicsover it? Why didn't any of the major corporations or government agencies who rely on this equipment discover it?
7. Re:What's the replacement going to be? by khallow · 2013-01-07 06:22 · Score: 4, Insightful
  
  for a successful and perpetually unwinnable cold war.
  The last cold war was winnable. We know because the US-side won it (and squandered that victory in a way that probably will be talked about for centuries). But while I pointed that out, it's not the point of a cold war. The point of a cold war is to slowly resolve conflicts without sinking into a hot, nuclear war.
8. Re:What's the replacement going to be? by ShanghaiBill · 2013-01-07 06:33 · Score: 3, Insightful
  
  Hardened Cisco switches.
  Most Cisco switches are made by Foxconn in China and Mexico. They are also opening a factory in Russia.
9. Re:What's the replacement going to be? by nschubach · 2013-01-07 06:34 · Score: 2
  
  Why not just have a "home grown" firewall that doesn't allow communication to anything but specific controlled sites? I mean, the data has to go out of the building somewhere and they can control which destinations are acceptable. Even if the someone happened to slip in some code to "spy" on specific data it would have no way outside the network besides that firewall. Unless of course they embed some wireless communication chips in the switches, but that would require that someone in the building have a listening device.
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
10. Re:What's the replacement going to be? by kelemvor4 · 2013-01-07 06:46 · Score: 3, Insightful
  
  If they don't want made-in-China equipment, what are the alternatives? I don't think that doing without is much of an option.
  I think the concern was specifically with Huawei and the recent hubub surrounding that outfit. Probably only for the reason you are alluding to. If there are any switches manufactured in the US, then I think it would be prudent to use those for high value operations like this one. Actually, if there weren't any - I think the needs of this particular operation would warrant the government manufacturing their own. Control of our nuclear arsenal is somewhat important ;).
11. Re:What's the replacement going to be? by kelemvor4 · 2013-01-07 06:48 · Score: 5, Informative
  
  Cisco switches are manufactured in China since 2011 per this press release: http://newsroom.cisco.com/press-release-content?articleId=442243
12. Re:What's the replacement going to be? by Jawnn · 2013-01-07 07:05 · Score: 4, Informative
  
  The option would be to have a US company build them for 10X the cost plus the usual 1000% kickback. /s
  [citation needed]
  ...crickets...
  
  The reality, of course, is nowhere near the numbers you suggest, but hey, who's counting. This is /. and hyperbole is the order of the day. Rational discussions? Supported by actual facts? Pffffff....
13. Re:What's the replacement going to be? by AdamHaun · 2013-01-07 07:16 · Score: 4, Interesting
  
  The option would be to have a US company build them for 10X the cost plus the usual 1000% kickback.
  I've heard the cost difference between Chinese vs. American manufacturing is about 15% for an iPhone (or presumably something like it). Don't have a good source for that, though.
  
  --
  Visit the
14. Re:What's the replacement going to be? by GodfatherofSoul · 2013-01-07 08:40 · Score: 4, Insightful
  
  I've heard similar figures as well. The overhead for building in the US isn't as huge as you'd think. Actually, the overhead for many alternatives to cost-saving measures (like illegal immigrant workers in lieu of Americans) isn't as high as we've all been lead to believe.
  
  --
  I swear to God...I swear to God! That is NOT how you treat your human!
15. Re:What's the replacement going to be? by AmiMoJo · 2013-01-07 09:27 · Score: 2
  
  If you mean "won by default because the Soviet Union collapsed" then yeah, we won.
  The point of a cold was is to scare the shit out of your citizens and spend lots of money on the military. Come on, everyone knows that.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
16. Re:What's the replacement going to be? by AmiMoJo · 2013-01-07 09:29 · Score: 2
  
  The downstream routers are also Chinese. It wouldn't be hard to tag a packet in some way to be copied quietly back to a listening post once it is well past the firewall. Dedicated lines all the way are the only way to be sure.
  Not that this isn't anything but paranoia...
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
17. Re:What's the replacement going to be? by Anonymous Coward · 2013-01-07 10:24 · Score: 2
  
  Don't go ruining corporate propaganda with facts. That would mean the whole race to the bottom this country has been waging on workers since Reagan has all been a scam to take money from the poor and middle class and give it to the rich. That would never happen--not in The Greatest Country on Earth (TM).
Closing the barn door after the horses left... by Cornwallis · 2013-01-07 05:38 · Score: 2

Good thing they took them out before they were connected to anything...
time to build tech in America by jsepeta · 2013-01-07 05:44 · Score: 3, Informative

We have the know-how, and a patriotic, knowledgeable, and capable workforce. If congress instituted taxes on foreign made goods to help fund jobs in America, we'd be safer.

--
Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
1. Re:time to build tech in America by ShanghaiBill · 2013-01-07 06:06 · Score: 2
  
  If congress instituted taxes on foreign made goods to help fund jobs in America, we'd be safer.
  Like the way Smoot-Hawley kept us out of WWII?
2. Re:time to build tech in America by Anonymous Coward · 2013-01-07 06:25 · Score: 3, Interesting
  
  Ok, I'll bite vim. How can we enforce the rules of those agencies on Chinese manufacturers? The bunk beds Foxconn stacked their workers in were an OSHA violation before they even started their work day.
  I would recommend we sythesize your and jsepetas theories. We tax imports based on an estimated cost of the imported product if the company in question were to be OSHA, EPA, FDA, and FCC rule compliant, and as they come into compliance with each we drop that portion of the tax.
  Aside from enormous difficulty of managing the import taxation-register and verifying compliance, what do you think?
3. Re:time to build tech in America by ColdWetDog · 2013-01-07 06:25 · Score: 3, Funny
  
  There would also be more pollution in the environment. Keep it in China. That way it's not in the environment.
  Just which planet do you live on anyway?
  
  --
  Faster! Faster! Faster would be better!
4. Re:time to build tech in America by Pinky's+Brain · 2013-01-07 06:51 · Score: 2, Insightful
  
  Sure, break all the WTO agreements and see if SA keeps buying US bonds ... a country with energy and food independence can do whatever the fuck it wants with it's trade policies, the US not so much.
5. Re:time to build tech in America by Pinky's+Brain · 2013-01-07 07:03 · Score: 3, Interesting
  
  Even if we assume for a moment that Smoot-Hawley caused the great depression (laughable given the size of imports/exports in relation to GDP) the Versailles treaty was going to shit long before it and the great depression ... France had already invaded the Ruhr 7 years earlier, initiating hyperinflation.
Trusted Foundry by Scot+Seese · 2013-01-07 05:51 · Score: 4, Insightful

They will most likely be replaced with equipment provided by vendors who are on the U.S. military's "Trusted Foundry" schedule. It doesn't matter if half the chips in those "Trusted Foundry" switches are manufactured in China - as a result of careful research, you can be "reasonably" sure they don't contain backdoors or malicious code.
"Reasonably."

--
THIS SPACE INTENTIONALLY LEFT BLANK.
1. Re:Trusted Foundry by Shoten · 2013-01-07 06:18 · Score: 5, Insightful
  
  They will most likely be replaced with equipment provided by vendors who are on the U.S. military's "Trusted Foundry" schedule. It doesn't matter if half the chips in those "Trusted Foundry" switches are manufactured in China - as a result of careful research, you can be "reasonably" sure they don't contain backdoors or malicious code.
  "Reasonably."
  There's another factor in this. A company like Huawei (founded by former members of the PRA, specifically ones from their cyber warfare capability) or H3C (owned by HP as a subsidiary, but otherwise entirely Chinese, top-to-bottom) can easily be argued to have interests that align with China. Cisco, on the other hand, is an American-founded company with American management.
  If a Chinese national in China puts some nastiness into a switch/router/espresso machine that is then deployed in a sensitive location in the USA, well, it'll make a stink, but nobody will be all THAT shocked either, as the people behind it will be acting in their own nation's interests. Furthermore, they do not have the same market position in the West, and thus have less to lose economically. But if Cisco does this, they are really in deep trouble. I guarantee that the upper and middle management would have to prove their lack of knowledge of it. And that's a losing proposition right there: either you can't prove you knew about/controlled it (in which case you are now on the hook for espionage and other nasty things) or you successfully prove that you have no real control over your own products. At that point, you've proven either that you will screw your own customers AND countrymen, or that you really have no way of keeping your underlings from doing the same. So Cisco has an enormous incentive to make sure that no hanky-panky goes on at their manufacturing facilities, wherever they may be.
  
  --
  
  For your security, this post has been encrypted with ROT-13, twice.
2. Re:Trusted Foundry by johanw · 2013-01-07 06:30 · Score: 4, Insightful
  
  Cisco already made backdoors in some products we know of (the recent hazzle about their IP-phones). And they won't even fix some of them. Unless you're connected with the Dalai Lama I think you're much safer with Chinese hardware than with American. At least the Chinese don't give a damn if I download movies for free.
3. Re:Trusted Foundry by amicusNYCL · 2013-01-07 11:30 · Score: 2
  
  "Safer" is a pretty relative term. A home user may be "safer", in the sense that their online traffic data would only go to the Chinese, who wouldn't really care about what they're doing online. For a government user, sending a copy of their traffic to China is not safer. Likewise, for a government user they don't really care if all of their traffic is being sent to the NSA, because they're the NSA. But for a home user, you probably don't want all of your traffic going to the NSA. Home users might be safer with Chinese technology (safer as in "safer from the US government"), but US government users are safer with the technology that sends everything to the NSA.
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
4. Re:Trusted Foundry by Type44Q · 2013-01-07 12:41 · Score: 2
  
  A company like Huawei (founded by former members of the PRA
  People's Riberation Army? :p
Computer network threatens nuclear lab? by jkrise · 2013-01-07 06:03 · Score: 4, Informative

A nuclear lab is, as I would imagine, a place where radioactive materials are researched in order to produce destructive levels of energy. Information generated, processed and researched in this lab should be ideally completely cut off from the rest of the World. It makes zero sense to connect this network of computing devices to the outside world and the internet, so that researchers can post to Facebook or play networked Solitaire. Security should be achieved by completely isolating this network from the rest of the World.
I do not know of any 'networking' devices from any country or vendor that does not have any vulnerabilities, or is completely immune to hacking. To imagine that non-Chinese networking devices are more 'secure' is to totally miss the point.

--
If you keep throwing chairs, one day you'll break windows....
Re:Rebadged H3C / 3Com by Shoten · 2013-01-07 06:11 · Score: 2

Most HP A-Series switches are just rebadged H3C hardware. Some still come direct from HP with the H3C badge on.
Given that the A-Series firmware is present across even the HP badged hardware, are they going to throw out all HP A-Series switches?
They'd have to have HP-made switches in the first place...I recall HP's market penetration, and from what I recall, neither of HP's customers are a National Laboratory...(snicker)

--

For your security, this post has been encrypted with ROT-13, twice.
We know everything! by game+kid · 2013-01-07 06:15 · Score: 2, Funny

Dear Sirmadam President,
You might have removed our Glorious People's Technology from your nuclear reactors, but we know everything that happened in there now. The nuke codes, the aliens, the frat parties you held above the spent-fuel pool with that "Lohan" girl because the glow was supposedly aphrodisiac...pah! We're way ahead of you there!
We have better nukes. Scalier aliens. Even more of your tech. And when we call in your debts...we'll have the blackmail videos from the party to make you pay! I hear some of your Cabinet members were...deeply embedded that day! Haaa hahaha*continues to laugh and cough all Sephiroth-like*...
On behalf of the People's Republic,
[signature]
Big Hoojie
PS: YES WE SPELLED "SCALIER" CORRECTLY. Our aliens are like fucking Draconians, not those starved green bean dolls with potato heads and shit.

--
You can hold down the "B" button for continuous firing.
It's Richard Nixon's fault by Spy+Handler · 2013-01-07 06:21 · Score: 3, Insightful

for opening up China to trade. (granted he thought he was doing good by dividing the Communist bloc and weakening the Soviets)
Free unrestricted trade is NOT a 100% universally good thing, no matter how much our glorious corporations and econ professors tell us so.
Re:I'm OK with this. by Jmc23 · 2013-01-07 06:25 · Score: 2

um, so the USA gov't created an econimic hit on it's enemy the USA by saying the USA had 'untrustworthy' equipment?
China actually has nothing to do with this at all.

--
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
Related story by ThatsNotPudding · 2013-01-07 06:37 · Score: 2

This would be another reason not to allow personal cellphones in secure and sensitive work areas. If the FBI can turn on mobsters' phone mics (and therefore cameras), so can the Peoples' Central Committee.
In other words by Virtucon · 2013-01-07 06:49 · Score: 2

Cisco or Juniper just received a big contract to supply Chinese made goods from a US Brand name Manufacturer.
It just goes to show how screwed up our government is, really. If somebody in the NSA would dissect one of these systems and say "there's where the security hole is" it would be of real benefit to the rest of us who support lots of shops with a variety of gear. If there isn't anything to worry about then just tell those idiots on capitol hill to STFU! Oh wait, we're talking congress right? Never mind.

--
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Yeah? And replace with what? by blind+biker · 2013-01-07 07:00 · Score: 2

Cisco switches are made in China, with chinese-made components - that is, the nice ASICs put in the switches, the perfect place to put the backdoors.

--
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
L-o-o-o-ng overdue by gestalt_n_pepper · 2013-01-07 07:02 · Score: 4, Insightful

Hardware and chips are about the most obvious attack vector for USA defense hardware there is. I seriously doubt that more than half of our radio transmission equipment would work 15 minutes into a conflict with China, since this too is an obvious weak point. I expect that hardware generated viruses would take out quite a bit of our tactical grids as well. It's what I would do, if I were them.
Bottom line. We can't buy *ANY* defense equipment from overseas, directly or indirectly, without increasing security risks significantly.
Not that anyone cares, of course. Politicians just want to reduce costs. So do contractors and subcontractors. Monitoring all this costs money and nobody wants to be accused of "regulation" or being against globalization, and so we seal our own eventual military doom.

--
Please do not read this sig. Thank you.
Re:what about the iPhones in the organization? by icebike · 2013-01-07 07:09 · Score: 2

Seriously, You know this? How?
As recently as 2007 this was clearly not the case.

It was only after several years on the job that she was caught with bomb designs in her trailer and fired. But the investigation reveals that Quintana had taken her cell phone into a vault filled with secret documents where she worked — another major security violation. She also had access to a high-speed classified printer, even though such access was "not required by her job," and used the device to run off hundreds of copies of classified documents that she also brought home.

See: http://www.time.com/time/nation/article/0,8599,1612912,00.html

--
Sig Battery depleted. Reverting to safe mode.
Re:National security should be privatized by Pinky's+Brain · 2013-01-07 07:11 · Score: 2

Anything which won't be known to be a problem before you can cash out your options and stock isn't a problem. Someone lower on the totem pole rocking the boat by researching whether there are problems on the horizon is an immediate problem to be solved.
Re:what about the iPhones in the organization? by jittles · 2013-01-07 07:17 · Score: 4, Informative

Seriously, You know this? How?
As recently as 2007 this was clearly not the case.
Because I've worked in a facility like this before. Not Los Alamos, but with classified data.

It was only after several years on the job that she was caught with bomb designs in her trailer and fired. But the investigation reveals that Quintana had taken her cell phone into a vault filled with secret documents where she worked — another major security violation. She also had access to a high-speed classified printer, even though such access was "not required by her job," and used the device to run off hundreds of copies of classified documents that she also brought home.
See? She violated security protocol by bringing her phone into the vault. It says so right there in your own quote. So as I said there should be 0 iPhones around there. Whether people actually follow the rules is up to the site security officer, but the rules clearly state no cell phones.
See: http://www.time.com/time/nation/article/0,8599,1612912,00.html
Re:china has had by Shoten · 2013-01-07 07:28 · Score: 2

Based on available classified and unclassified information, Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems
This, coming from a nation that once rigged Zerox machines to covertly capture soviet documents, and rigged a SCADA controller to turn a gas pipeline into a 3 kiloton bomb in siberia.
Yeah, I think that's the point. It's not hypocrisy, it's making sure our own methods aren't used against us. I think you missed that point entirely. Also worth noting is that it's one thing when a country you have entirely embargoed, with only specific exceptions, steals technology from you which you then sabotage to piss in their canteen. It's another entirely when your largest economic trading partner abuses that relationship, by sabotaging the very items they worked hard to get you to buy in the first place.

--

For your security, this post has been encrypted with ROT-13, twice.
Open Source Hardware by xanojsp · 2013-01-07 07:31 · Score: 4, Informative

For critical applications, one can use a White Rabbit switch. White Rabbit is a technology developed at CERN and other institutes and companies. The switch PCB is Open Source (licensed under the CERN Open Hardware Licence) and all the switching happens inside an FPGA for which all VHDL sources are available under LGPL. There is already one company commercializing it, but the sources are all available for any other company to build it, test it, commercialize it and provide support. The terms of the licence give no privilege to any single vendor. No royalties, no patents. Plus the HDL can be customized for particular applications (low latency, redundancy...).
Re:what about the iPhones in the organization? by s.petry · 2013-01-07 09:26 · Score: 2

Read the NISPOM and JFAN security guides. No external devices can be brought in to secured areas. No USB sticks, no media without a lengthy process to scan and check in the data. Nothing leaves the secured area without being shredded. We had some hefty machinery built to munch up everything from memory and CD/DVD media to hard drives and LTO tapes.
So "congress"? Yes, but we already know that cesspool for what it is. Secured areas like LANL? Not a chance.

--
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.