Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Nuclear Lab Removes Chinese Tech

Posted by samzenpus on from the get-it-out-of-here dept.

Rambo Tribble writes "Reuters reports that Los Almos National Laboratory has removed switches produced by Chinese firm H3C, which once had ties to Huawei. This appears to be a step taken to placate a nervous Congress, rather in response to any detected security issues. From the article: 'Switches are used to manage data traffic on computer networks. The exact number of Chinese-made switches installed at Los Alamos, how or when they were acquired, and whether they were placed in sensitive systems or pose any security risks, remains unclear. The laboratory - where the first atomic bomb was designed - is responsible for maintaining America's arsenal of nuclear weapons. A spokesman for the Los Alamos lab referred inquiries to the Department of Energy's National Nuclear Security Administration, or NNSA, which declined to comment.'"

25 of 125 comments (clear)

  1. What's the replacement going to be? by wvmarle · · Score: 5, Insightful

    If they don't want made-in-China equipment, what are the alternatives? I don't think that doing without is much of an option.

    1. Re:What's the replacement going to be? by AndyKron · · Score: 4, Insightful

      The option would be to have a US company build them for 10X the cost plus the usual 1000% kickback. /s

    2. Re:What's the replacement going to be? by boulat · · Score: 4, Insightful

      And the 10x the cost is worth every penny. Cisco and Juniper routers and switches are the backbone of many serious enterprises. Serious about security and performance. I don't know of any Chinese product that is worth spending money on.

    3. Re:What's the replacement going to be? by sjames · · Score: 5, Insightful

      Cisco is made in China. They just charge Made in America prices and pocket the difference.

    4. Re:What's the replacement going to be? by vlm · · Score: 4, Interesting

      I know of a couple alternatives from gossip with industrial controls type people. Please don't secure your nations nuclear secrets based on my /. post.

      Google for "Garrett" they make industrial switches. Industrial as in weird DC voltages (for railroad, telco, etc) and supposedly good rep WRT interference protection. Like if you're running on the factory floor and the network goes bonkers when someone arc welds, rewire the run to a garrett and supposedly that'll fix it most of the time. The reputation of the prices is high, but when you need ethernet connectivity to the PLCs on a railroad engine or whatever, well...

      Google for a place called "wideband" if you want a local. Low to mid end office gear. Really not that expensive, like a couple billable consultant hours for a switch or about three 3rd party wiring calls. My point is complaining about something from wideband costing $800 vs noname for $600 or Cisco for probably about $1000 is kind of pointless for a $100K/yr network admin and $50/hr electrician and all that, but for home its going to be hard to slip a $800 purchase by for a 24 port managed switch. I have no rep info on this although I've heard they work.

      You need like ten centuries of switch*years before reports about reliability and such change from "anecdote" to "information" so onesie-twosie stories about "I heard of one that worked" isn't terribly useful.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    5. Re:What's the replacement going to be? by Anonymous Coward · · Score: 5, Informative

      Good thought, but check out the GarrettCom backdoor that was discovered by a curious researcher in 2012:

      http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf

      Looks like in some cases the 'american company' is worse! And why did it take this researcher named in the advisory to dicsover it? Why didn't any of the major corporations or government agencies who rely on this equipment discover it?

    6. Re:What's the replacement going to be? by khallow · · Score: 4, Insightful

      for a successful and perpetually unwinnable cold war.

      The last cold war was winnable. We know because the US-side won it (and squandered that victory in a way that probably will be talked about for centuries). But while I pointed that out, it's not the point of a cold war. The point of a cold war is to slowly resolve conflicts without sinking into a hot, nuclear war.

    7. Re:What's the replacement going to be? by ShanghaiBill · · Score: 3, Insightful

      Hardened Cisco switches.

      Most Cisco switches are made by Foxconn in China and Mexico. They are also opening a factory in Russia.

    8. Re:What's the replacement going to be? by kelemvor4 · · Score: 3, Insightful

      If they don't want made-in-China equipment, what are the alternatives? I don't think that doing without is much of an option.

      I think the concern was specifically with Huawei and the recent hubub surrounding that outfit. Probably only for the reason you are alluding to. If there are any switches manufactured in the US, then I think it would be prudent to use those for high value operations like this one. Actually, if there weren't any - I think the needs of this particular operation would warrant the government manufacturing their own. Control of our nuclear arsenal is somewhat important ;).

    9. Re:What's the replacement going to be? by kelemvor4 · · Score: 5, Informative

      Cisco switches are manufactured in China since 2011 per this press release: http://newsroom.cisco.com/press-release-content?articleId=442243

    10. Re:What's the replacement going to be? by Jawnn · · Score: 4, Informative

      The option would be to have a US company build them for 10X the cost plus the usual 1000% kickback. /s

      [citation needed]
      ...crickets...

      The reality, of course, is nowhere near the numbers you suggest, but hey, who's counting. This is /. and hyperbole is the order of the day. Rational discussions? Supported by actual facts? Pffffff....

    11. Re:What's the replacement going to be? by AdamHaun · · Score: 4, Interesting

      The option would be to have a US company build them for 10X the cost plus the usual 1000% kickback.

      I've heard the cost difference between Chinese vs. American manufacturing is about 15% for an iPhone (or presumably something like it). Don't have a good source for that, though.

      --
      Visit the
    12. Re:What's the replacement going to be? by GodfatherofSoul · · Score: 4, Insightful

      I've heard similar figures as well. The overhead for building in the US isn't as huge as you'd think. Actually, the overhead for many alternatives to cost-saving measures (like illegal immigrant workers in lieu of Americans) isn't as high as we've all been lead to believe.

      --
      I swear to God...I swear to God! That is NOT how you treat your human!
  2. time to build tech in America by jsepeta · · Score: 3, Informative

    We have the know-how, and a patriotic, knowledgeable, and capable workforce. If congress instituted taxes on foreign made goods to help fund jobs in America, we'd be safer.

    --
    Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
    1. Re:time to build tech in America by Anonymous Coward · · Score: 3, Interesting

      Ok, I'll bite vim. How can we enforce the rules of those agencies on Chinese manufacturers? The bunk beds Foxconn stacked their workers in were an OSHA violation before they even started their work day.

      I would recommend we sythesize your and jsepetas theories. We tax imports based on an estimated cost of the imported product if the company in question were to be OSHA, EPA, FDA, and FCC rule compliant, and as they come into compliance with each we drop that portion of the tax.

      Aside from enormous difficulty of managing the import taxation-register and verifying compliance, what do you think?

    2. Re:time to build tech in America by ColdWetDog · · Score: 3, Funny

      There would also be more pollution in the environment. Keep it in China. That way it's not in the environment.

      Just which planet do you live on anyway?

      --
      Faster! Faster! Faster would be better!
    3. Re:time to build tech in America by Pinky's+Brain · · Score: 3, Interesting

      Even if we assume for a moment that Smoot-Hawley caused the great depression (laughable given the size of imports/exports in relation to GDP) the Versailles treaty was going to shit long before it and the great depression ... France had already invaded the Ruhr 7 years earlier, initiating hyperinflation.

  3. Trusted Foundry by Scot+Seese · · Score: 4, Insightful

    They will most likely be replaced with equipment provided by vendors who are on the U.S. military's "Trusted Foundry" schedule. It doesn't matter if half the chips in those "Trusted Foundry" switches are manufactured in China - as a result of careful research, you can be "reasonably" sure they don't contain backdoors or malicious code.

    "Reasonably."

    --
    THIS SPACE INTENTIONALLY LEFT BLANK.
    1. Re:Trusted Foundry by Shoten · · Score: 5, Insightful

      They will most likely be replaced with equipment provided by vendors who are on the U.S. military's "Trusted Foundry" schedule. It doesn't matter if half the chips in those "Trusted Foundry" switches are manufactured in China - as a result of careful research, you can be "reasonably" sure they don't contain backdoors or malicious code.

      "Reasonably."

      There's another factor in this. A company like Huawei (founded by former members of the PRA, specifically ones from their cyber warfare capability) or H3C (owned by HP as a subsidiary, but otherwise entirely Chinese, top-to-bottom) can easily be argued to have interests that align with China. Cisco, on the other hand, is an American-founded company with American management.

      If a Chinese national in China puts some nastiness into a switch/router/espresso machine that is then deployed in a sensitive location in the USA, well, it'll make a stink, but nobody will be all THAT shocked either, as the people behind it will be acting in their own nation's interests. Furthermore, they do not have the same market position in the West, and thus have less to lose economically. But if Cisco does this, they are really in deep trouble. I guarantee that the upper and middle management would have to prove their lack of knowledge of it. And that's a losing proposition right there: either you can't prove you knew about/controlled it (in which case you are now on the hook for espionage and other nasty things) or you successfully prove that you have no real control over your own products. At that point, you've proven either that you will screw your own customers AND countrymen, or that you really have no way of keeping your underlings from doing the same. So Cisco has an enormous incentive to make sure that no hanky-panky goes on at their manufacturing facilities, wherever they may be.

      --

      For your security, this post has been encrypted with ROT-13, twice.
    2. Re:Trusted Foundry by johanw · · Score: 4, Insightful

      Cisco already made backdoors in some products we know of (the recent hazzle about their IP-phones). And they won't even fix some of them. Unless you're connected with the Dalai Lama I think you're much safer with Chinese hardware than with American. At least the Chinese don't give a damn if I download movies for free.

  4. Computer network threatens nuclear lab? by jkrise · · Score: 4, Informative

    A nuclear lab is, as I would imagine, a place where radioactive materials are researched in order to produce destructive levels of energy. Information generated, processed and researched in this lab should be ideally completely cut off from the rest of the World. It makes zero sense to connect this network of computing devices to the outside world and the internet, so that researchers can post to Facebook or play networked Solitaire. Security should be achieved by completely isolating this network from the rest of the World.

    I do not know of any 'networking' devices from any country or vendor that does not have any vulnerabilities, or is completely immune to hacking. To imagine that non-Chinese networking devices are more 'secure' is to totally miss the point.

    --
    If you keep throwing chairs, one day you'll break windows....
  5. It's Richard Nixon's fault by Spy+Handler · · Score: 3, Insightful

    for opening up China to trade. (granted he thought he was doing good by dividing the Communist bloc and weakening the Soviets)

    Free unrestricted trade is NOT a 100% universally good thing, no matter how much our glorious corporations and econ professors tell us so.

  6. L-o-o-o-ng overdue by gestalt_n_pepper · · Score: 4, Insightful

    Hardware and chips are about the most obvious attack vector for USA defense hardware there is. I seriously doubt that more than half of our radio transmission equipment would work 15 minutes into a conflict with China, since this too is an obvious weak point. I expect that hardware generated viruses would take out quite a bit of our tactical grids as well. It's what I would do, if I were them.

    Bottom line. We can't buy *ANY* defense equipment from overseas, directly or indirectly, without increasing security risks significantly.

    Not that anyone cares, of course. Politicians just want to reduce costs. So do contractors and subcontractors. Monitoring all this costs money and nobody wants to be accused of "regulation" or being against globalization, and so we seal our own eventual military doom.

    --
    Please do not read this sig. Thank you.
  7. Re:what about the iPhones in the organization? by jittles · · Score: 4, Informative

    Seriously, You know this? How?

    As recently as 2007 this was clearly not the case.

    Because I've worked in a facility like this before. Not Los Alamos, but with classified data.

    It was only after several years on the job that she was caught with bomb designs in her trailer and fired. But the investigation reveals that Quintana had taken her cell phone into a vault filled with secret documents where she worked — another major security violation. She also had access to a high-speed classified printer, even though such access was "not required by her job," and used the device to run off hundreds of copies of classified documents that she also brought home.

    See? She violated security protocol by bringing her phone into the vault. It says so right there in your own quote. So as I said there should be 0 iPhones around there. Whether people actually follow the rules is up to the site security officer, but the rules clearly state no cell phones.

    See: http://www.time.com/time/nation/article/0,8599,1612912,00.html

  8. Open Source Hardware by xanojsp · · Score: 4, Informative

    For critical applications, one can use a White Rabbit switch. White Rabbit is a technology developed at CERN and other institutes and companies. The switch PCB is Open Source (licensed under the CERN Open Hardware Licence) and all the switching happens inside an FPGA for which all VHDL sources are available under LGPL. There is already one company commercializing it, but the sources are all available for any other company to build it, test it, commercialize it and provide support. The terms of the licence give no privilege to any single vendor. No royalties, no patents. Plus the HDL can be customized for particular applications (low latency, redundancy...).