The way the last administration rolled this out was certainly with a political narrative, but my guess is it originated with people that weren't thinking at all about politics.
The simple story is that core infrastructure is of strategic national importance, and an elevated risk that infrastructure is compromised can never be worth whatever the benefits are of using a particular supplier's equipment. There is no practical way to 100% ensure that every piece of software, and every chip, in every piece of equipment is clean. Chips are especially scary (the push to have domestic chip fab by the US and other countries is about more than just supply chain).
This is true when it comes from what are considered trustworthy suppliers as well, but you're dealing with probabilities. I think that regardless of whether this move fits into a political narrative about China, or "economic warfare", the practical basis is that for some types of equipment, the risk is just too large and the ability to mitigate too limited, in general.
Unfortunately this was figured out with Huawei/ZTE after the fact, but tbh I don't think the specific company matters at all, it just happened to be they were in this business at the time & based in the wrong country.
"There is no practical way to 100% ensure that every piece of software, and every chip, in every piece of equipment is clean"
If we really cared about security and reliabilty, all critical infrastructure would be open source, both software and hardware, so that multiple suppliers could produce the parts.
Instead we choose 'free market' with a thumb on the scale. This does nothing to protect from random hackers and criminals, ignorance, sloppyness and lazyness.
I agree 100%. But we don't really care about security and reliability. The political system is both corrupt and poorly incentivized. It doesn't reward robustness, but saving money on paper while really, truly, funneling money to cronies[1].
[1] Corruption doesn't look like mobster movies. It's mostly backyard barbecues, buddies helping their buddies' business grow by throwing them a bone. At so many different scales.
Like I've always said, if there's something to be learned about society, you'll learn it in Star Trek.
"Mr. Worf, villains who twirl their mustaches are easy to spot. Those who clothe themselves in good deeds are well-camouflaged."
- Picard and Worf, discussing both the investigations and the misguidedness of Admiral Satie
"Open source" hardware would be a step forward, but how do you know that the hardware on the chip(s) matches the published design(s)?
You'd have to randomly sample some statistically significant number of the chips in the distribution/retail/whatever pipeline and, I guess, scan them with the appropriate tools? And verify them that way?
It's worse than that... functionality testing wouldn't be enough. Short of putting every chip under an electron microscope you can't really guarantee it.
Right, yeah, I was thinking physical verification.
Functionality testing could verify known behaviors, but could never formally prove the non-existence of unknown, hostile behaviors.
- "time bomb" style hostile functionality that only unlocks after a certain time
- hostile functionality that can be remotely unlocked by obscure behaviors. think: more advanced versions of port knocking, specially (mis?)crafted TCP/IP payloads
I'm sure somebody can correct me if I'm wrong, but I'm quite certain that scanning the chips with an electron microscope would destroy them. You'd need to decap the chips, and so on.
There’s really no way to ever be 100% sure of hardware. Sure we could use FPGAs for all hardware and then the hardware “source” is software, but who makes the FPGAs? There’s techniques even under X-ray to mask a rogue chip.
Are you 100% sure of anything? That there aren't any NSA employees bribed by the CPP? Just like Chelsea Manning and Snowden took gigabytes of confidential information right from under the US government nose, they could do the same without any elaborate techniques. Soviet spies were very successful and stole atomic bomb secrets.
But let's suppose everyone working for the government or subcontracted by them is 100% loyal and CCP never manages to blackmail them.
What does it take to bribe a DPD guy on minimum wage delivering your 'American produced' equipment, who can't afford a dentist and is in pain every day? Let's say you ask him to 'mistake' one package for another, and have millions at your disposal?
You talk about "techniques even under X-ray to mask a rogue chip", but do network operators even bother opening the casing of the router to validate the motherboard has not been replaced entirely?
What if it's networking equipment where China replaced a single chip, who is ever going to find out?
Does the network operator validate firmware of every single chip?
We have security holes all over the place, this talk of 100% certainty is basically fantasy.
I think we need to do defense in depth more. There was a funny pic in one of the sysadmin subs about buying firewalls from everyone and putting them in a chain, with each firewall labelled with which nation state compromised it. The joking idea being that sure, the U.S. has backdoors into your Cisco gear, but it you put that behind a Huawei firewall they may not have the backdoors to both, add in a Russian firewall and then an intruder needs all three. Funny but I think not so ridiculous these days if you are paranoid.
Security folks recognize that 100% certainty is impossible. Instead, the problem is always trying to balance the acceptable risk for each application of tech against the increased costs for an extra "9" of confidence. Although I suppose the minimum should always make the adversary jump through enough hoops to deter opportunistic & medium effort attacks, along with close monitoring for rapid detection of anything that gets through.
In this case, it's pretty low hanging fruit to make a policy w/ financial backing that says "we won't use hardware from companies controlled by slightly hostile countries with incompatible values".
Even if the hardware is only what is spec'd in the Open Source model, the model itself has a lot of complexity for bugs to hide in. Those bugs might be intentional, they might not be. The same obviously goes for software.
Even really-high-profile open-source security suites have seen critical bugs that have been around for many years. Being open source is a good start but it's hardly sufficient to guarantee anything about the supply chain. The opposite may actually be true in some cases.
Didn’t the heart bleed exploit originate from an open source library?
I don’t think open source is the panacea you think it is, exploits will exist as long as they’re profitable and state actors have incentives to stock pile zero days. My guess is it’ll make it even easier to identify zero days if everything was open source.
They've been making this same argument for as long as I can remember, and it keeps being false. Open source means vulnerabilities get found and patched much quicker and people bring large-scale software bug-finding techniques to bear on the problem. For really robust software, we need better languages, better verification, and more and more testing and tools. All of which work best on source code.
I don't know exactly the US story, but the UK has forced operators to remove "5G" huawei equipment. This becomes pretty farcical when you realise they are still allowed to use it for 4G (and indeed most 5G configurations bands 4G+5G signals together), and they are used in nearly every single fibre to the cabinet deployment (and at least some of the newer FTTH).
It's clearly political. If it was a real threat then they'd be forcing operators to throw at all Huawei equipment, OR banning future installs, but at getting them to trash just 5G equipment is a political stunt, IMO.
> This becomes pretty farcical when you realise they are still allowed to use it for 4G (and indeed most 5G configurations bands 4G+5G signals together)
No, it is not a purely political farce. There is a fundamental architectural difference (that amounts to a technical one as well) that translates into a reason why 4G deployments are more «secure» as opposed to 5G deployments.
Unlike in 4G, where the data that is tunneled through the core network is always encrypted, 5G allows for encrypted tunnels to get terminated near 5G base stations to enable the mobile edge computing amongst other reasons. Server equipment that is deployed at the 5G base station site then can take an advantage of the substantially decreased latency for latency sensitive workloads (ehrm, 5G enabled Doom/Quake, anyone?). AWS have a product, Wavelength, that does precisely that, and I am pretty confident there are other telcos/products doing the same.
4G, on the other hand, never terminates encrypted tunnels and passes them through the core network unchanged. Therefore, retaining the potentially compromised 4G core network equipment alongside the 5G one is somewhat «safer» – in the sense that at least the unencrypted email etc traffic won't leak out. Especially considering that 4G is on the way out (medium to long term), hence there is no need to rush and start pouring massive amounts of money into replacing/decommissioning the 4G equipment now, although it might speed up the demise of 4G in the UK and other countries.
But if the 4G equipment doing the encrypting tunneling at both ends is potentially compromised how does that encryption help?
Also, nearly everything is HTTPS these days so I still don't see a massive attack vector here (at least one that wouldn't be spotted immediately like MITMing TLS connections).
I think the much greater "threat" rather than messing round with traffic itself is just to shut down masses of the towers and core networks remotely. In that case, switching off 4G would be way worse as (at least in the UK) all networks doing 5G require a 4G signal as well to bond against. So having separate 5G equipment wouldn't help one iota if the 4G stuff is down.
> But if the 4G equipment doing the encrypting tunneling at both ends is potentially compromised how does that encryption help?
The major attack vector for the compromised 4G equipment is the remote deactivation (or a wipeout or both) of it by an adversary. Breaking the encryption on the fly for volumes of traffic traversing mobile core networks is still technologically challenging. Hence the plain text communication can still be considered somewhat protected.
More on TLS and MITM. Even though our security unit deems TLS v1.2 and, until recently, v1.1 (!) to be secure and acceptable for the purpose of encrypting sensitive datasets in motion, I vehemently disagree with them and consider anything that is not TLS v1.3 to be insecure. The best compromise I have managed to coax out of the security unit is that the cost of a MITM for TLS v1.2 is still prohibitevely expensive for most players with nefarious intentions, albeit it is not entirely improbable.
Openreach in the UK are deploying 0% new Huawei for FTTP and have basically stopped using them for FTTC because of the 30% rule. EE still use Huawei for new 5G deployments - but only in the access leg and for no more than 30% of their new builds.
They've already forced removal from core/security-critical roles, but that takes serious time to actually implement.
Well not just that. If the government mandates all Huawei equipment to be thrown out, the providers will go to court and the government will most likely end up paying for it.
In the middle of a global pandemic and resulting supply chain crisis, a rapidly intensifying fight against climate change and other expensive issues it's probably not a great idea to throw more billions away.
Of course it could be a risk but it can be mitigated in other ways like multiple layers of encryption. That's never a bad idea anyway.
Is that an euphemism for corruption? It's almost certain hands were greased. That however seem to have been aligned with many interests, also of those who are supposed to protect us, but nevertheless it's worrying that there is no investigation of any kind.
No. The 5G part does not make any sense, but I think politicians think that 5G is some all seeing dancing future (it isn't, it's a marginal improvement over 4G) that must be secured at all costs.
They really won't. 2G is going very strong, and 3G is maybe getting shut down in next couple of years. 4G will be the primary access technology for at least 10 years and probably longer.
If this is such a big security problem then surely 10+ years is an unacceptable amount of time to have potentially compromised equipment in the supply chain?
>my guess is it originated with people that weren't thinking at all about politics
How is everything you just described not "politics"? In fact it is the epitome of political action, and this doesn't make it of lower quality thinking. China has been identified as geopolitical adversary, and all decisions flow from that distinction.
"The specific political distinction to which political actions and motives can be reduced is that between friend and enemy." - Carl Schmitt
They took what had been viewed as simply a free market, or technology, or economic competition and applied "politics" to it.
I’m pretty sure GP meant that whoever in the USA started the push to eliminate Huawei equipment wasn’t thinking in terms of American party politics- as in, this didn’t arise during the Trump administration because Trump wanted to look tough on China, it arose because some American government researcher discovered some backdoors when Trump happened to be president. The whistle was blown not to give one party an edge out talking point, but because the researcher wanted to help their country. So political in the USA vs. China sense, but not political in the commonly used Republicans vs Democrats sense.
And the supply chain issues alone are alarming enough, if your high-tech military (and its vast civilian tributaries) rely on chip factories within easy bombing distance of your largest geopolitical competitor.
> The way the last administration rolled this out was certainly with a political narrative, but my guess is it originated with people that weren't thinking at all about politics.
During the last administration there were multiple reports of Huawei hardware containing backdoors, which were originally criticized by the mass media; a Bloomberg piece comes to mind. I don’t think that the political nature of the initiative has changed at all. It has always been about national security.
I understand that the most serious and unrecognised problem is the wholesale outsourcing of network infrastructure to vendors, down to single digit head office teams in certain European operators.
The simple story is that core infrastructure is of strategic national importance, and an elevated risk that infrastructure is compromised can never be worth whatever the benefits are of using a particular supplier's equipment. There is no practical way to 100% ensure that every piece of software, and every chip, in every piece of equipment is clean. Chips are especially scary (the push to have domestic chip fab by the US and other countries is about more than just supply chain).
This is true when it comes from what are considered trustworthy suppliers as well, but you're dealing with probabilities. I think that regardless of whether this move fits into a political narrative about China, or "economic warfare", the practical basis is that for some types of equipment, the risk is just too large and the ability to mitigate too limited, in general.
Unfortunately this was figured out with Huawei/ZTE after the fact, but tbh I don't think the specific company matters at all, it just happened to be they were in this business at the time & based in the wrong country.