Trump declares emergency over IT threats


33 points | by jfk13 9 days ago


  • Someone1234 9 days ago
    <p>&gt; The president signed an executive order effectively barring US companies from using foreign telecoms believed to pose a security risk to the country.<p>So let&#x27;s just back up a little: A Chinese equipment manufacturer left a telnet daemon running on a single version of a single device and a national emergency is declared, Cisco leaves SSH credentials (public and private keys leaked) hard coded into multiple generations of routers over several years and not a peep..?<p>When is the US going to tell us what these Chinese manufacturers are up to? Heck when are they going to tell the UK&#x27;s own security services? Just telling us why we should be concerned seems far more productive and effective than their current strategy that is marred by accusations of protectionism.<p>I&#x27;m not even saying the US are wrong. I am saying the lack of specific technical information undercuts their whole position.
    • jplayer01 9 days ago
      <p>I&#x27;ve repeatedly seen a lack of interest in geopolitical issues on HN. This whole thing is akin to &quot;Should the US be reliant on a hardware manufacturer that can be considered a non-independent subsidiary of the Chinese government?&quot; Replace Chinese with Russian, Iranian, North Korean, Saudi Arabian, etc. These are all countries, like China, that would love to have that kind of potential leverage and power over US infrastructure and political processes because of the benefits these would bestow.<p>I&#x27;ve said in a recent comment: It doesn&#x27;t matter if Huawei is entirely innocent right now. China is a major competitor to the US as a global power - militarily. politically, economically. If people think they wouldn&#x27;t at some point in the future use Huawei&#x27;s ties deep into cellular infrastructure to serve China&#x27;s needs, they&#x27;re incredibly naive.<p>Hell, none of this is unprecedented. The whole debacle with all the ties between Republican representatives or people in Trump&#x27;s campaign and Russia alone should give pause. Or Russia&#x27;s meddling in the US election. Or Russia&#x27;s meddling in Eastern Europe (Ukraine wishes somebody would give a geopolitical shit right now). And somehow Huawei, and by extension China, are supposed to be impartial and innocent and not a potential threat? Really?
      • wahern 9 days ago
        <p>If the U.S. were serious about any of this they&#x27;d be funding initiatives for open, verified hardware and software. Other than INRIA, the French research group, and CSIRO, from where seL4 comes, where else is this work being done?<p>I don&#x27;t just mean theoretical work. I mean production ready stuff that is useable, like most commercialized solutions are, but also actually <i>secure</i>. Doing both is <i>difficult</i>. seL4 is <i>useable</i> and in fact is being tested in U.S. drones. Why didn&#x27;t the NSA do something like seL4? Instead we get seLinux which isn&#x27;t even secure--anything running on Linux is as a practical matter exploitable on the first day it ships.<p>Our communications and control systems are so fundamentally insecure it hardly matters whether it&#x27;s sourced from Huawei or not--it&#x27;s six of one or a half-dozen of the other, except one of those cartons is at least substantially cheaper than the other.<p>The fact of the matter is that the commercial industry will never develop and deliver secure products on their own. They&#x27;ve never done this well, and are probably fundamentally incapable of doing so because most of the benefits of a secure product inure to the public generally. Commercial vendors can&#x27;t capture the value provided by secure solutions. It&#x27;s up to the public--government, academia, open source community, etc--to invest in and develop the fundamental building blocks of secure systems.<p>Importantly, the entire stack doesn&#x27;t need to be secure. We can write secure networked systems for the Internet because we presume the network is hostile. There&#x27;s no reason that cellular radios should be a trusted component of a wireless cellular network. They are because (1) it&#x27;s just cheaper to do it that way (see above) and (2) the U.S. government spent decades sabotaging cryptography generally and cellular standards specifically, which means even 5G standards are fundamentally broken from a design perspective.<p>So the whole Huawei controversy deserves a giant eye roll. All of the arguments about why Huawei can&#x27;t be trusted are irrelevant. Huawei shouldn&#x27;t be trusted, but neither should Qualcomm or any of these other vendors. Rather, we should set transparency standards and verify that they&#x27;re being met. But doing so requires a ridiculous amount of work up and down the software and hardware stack, starting from the design stage; work that the U.S. government isn&#x27;t actually doing but, in fact, still sabotaging!
      • rst 9 days ago
        <p>The US government has been murmuring about security risks of Huawei gear for years now, mostly without citing any particular technical threats. The report of the open telnet server was the first thing a lot of us have seen which gives technical substance to those complaints, but it almost certainly didn&#x27;t motivate the policy response -- which was, in any case, a continuation of pressure tactics that were already underway, domestically and overseas. For example, Michael Hayden, former head of the CIA and NSA, was publicly calling them a security risk as far back as 2013.<p>Timeline: <a href="https:&#x2F;&#x2F;;security&#x2F;huawei-controversies-timeline-3692840&#x2F;" rel="nofollow">https:&#x2F;&#x2F;;security&#x2F;huawei-controversie...</a>
        • 0xDEFC0DE 9 days ago
          <p>This is most likely just a political action to put pressure on China. They don&#x27;t really care if it&#x27;s hypocritical.
        • koube 9 days ago
          <p>The title (written by the BBC) seems to be ambiguous. This is not about hardening US computer systems, this is about banning US companies from using Huawei 5G technology. The United States has been lobbying other countries to not use Chinese 5G technology for a while now, while it doesn&#x27;t seem like there are currently any viable alternatives. This makes it a nation-wide ban.
          • marsrover 9 days ago
            <p>This is great news. The lack of the government seeming to care about national IT security has been bothering me for years now.
            • jfk13 9 days ago
              <p>Are you sure it&#x27;s about national IT security, and not just about sticking it to China because we&#x27;re in a trade war with them?
              • shdh 9 days ago
                <p>Huawei has set a historical precedent of being a bad actor in regards to corporate espionage. How outlandish is it to think that they would also be participating in national espionage for the Chinese government?
                • lostmsu 9 days ago
                  <p>Can you point to a specific example? Why was banning not done via the standard arbitrage?
                • threatofrain 9 days ago
                  <p>How sure are you of a framing which separates information security from economic conflict?
                • joeleisner 9 days ago
                  <p>I remember watching a video about how old&#x2F;antiquated the technology used by the IRS is (i.e. a behemoth computer system built in the 60&#x27;s)... Our government&#x27;s IT infrastructure needs a massive overhaul.
                • rst 9 days ago
                  <p>Text of the EO, from <a href="https:&#x2F;&#x2F;;presidential-actions&#x2F;executive-order-securing-information-communications-technology-services-supply-chain&#x2F;" rel="nofollow">https:&#x2F;&#x2F;;presidential-actions&#x2F;executive-or...</a>
                  • Leary 9 days ago
                    <p>Who&#x27;s gonna build real 5G in the US?
                    • Zenst 9 days ago
                      <p>I&#x27;ve always been supprised that Qualcomm is not more active in this field. Though they recently had some home hotspot 5G coverage kit, and do a lot of work with Nokia. So who knows.
                      • kingosticks 9 days ago
                        <p>I&#x27;d like to know this too. Presumably both Ericsson and Nokia are also foreign telecoms companies, so who does that leave?
                        • sdinsn 9 days ago
                          <p>Just to be clear, since the article isn&#x27;t: the EO does not ban products from all foreign companies, only foreign companies who &quot;poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology or services in the United States&quot; (Direct quote from EO).<p>So Ericsson, Nokia, Samsung, etc. will not be affected.
                          • kingosticks 9 days ago
                            <p>Ahh OK thanks for clarifying that. So by &#x27;foreign&#x27; they really mean &#x27;Chinese&#x27;, and it becomes a little less crazy.
                          • Shelnutt2 9 days ago
                            <p>Samsung is Korean, Alcatel-Lucent was French but now is part of Nokia. Nortel was acquired by Ericsson.<p>Cisco makes some backbone equipment. They were trying hard to sell a LTE &quot;virtualized&quot; core when I previously worked at $wireless_telco, but cisco does not make RAN components.<p>The only US based company I know of that is has licensed products in production use by a major telcom is Airspan [1]<p>[1] <a href="https:&#x2F;&#x2F;;" rel="nofollow">https:&#x2F;&#x2F;;</a>
                          • Chris_Chambers 9 days ago
                            <p>Hopefully no one, ever? 5G is obviously a weapon pretending to be innocent data transfer tech.
                          • Zenst 9 days ago
                            <p>&quot;The president signed an executive order effectively barring US companies from using foreign telecoms believed to pose a security risk to the country.&quot;<p>&quot;Mr Trump does not name any company specifically in the order.&quot;<p>I&#x27;m guessing they are called emergencies as they await for the threat to emerge. Which kinda seems at odds with my definition of emergencies - which would be a defined clear-cut issue that needs addressing.<p>All this effectively does is hurt and curtail legit business with fair and good foreign telecom providers who have now been bundeled via red-tape into the same collection as those unnamed less fair and good foreign telecom providers.<p>Expect a fall-out of how this will hurt and impact legit businesses over the coming days and weeks. Let alone touch upon the possible impact upon Americans using their provider SIM and roaming abroad.
                            • basicplus2 9 days ago
                              <p>Every country should design and manufacture its own internet infrastructure (and be owned and controlled by its gov) as a free, level, secure playing field for the benefit of all of its citizens.
                              • supergirl 9 days ago
                                <p>is he banning every electronic that is made in china? pretty sure even if huawei is banned, chinese made equipment is still used in 5G.
                                • Leary 9 days ago
                                  <p>I&#x27;m throwing out my PC now.
                                • drivingmenuts 9 days ago
                                  <p>A whole bunch a sound and fury, signifying nothing.
                                  • CryoLogic 9 days ago
                                    <p>Does this include russian vote hacking?
                                    • Eleopteryx 9 days ago
                                      <p>It doesn&#x27;t really seem like it
                                      • supergirl 9 days ago
                                        <p>you need to ban facebook for that
                                      • tempsolution 9 days ago
                                        <p>Sounds good. In reality this likely means Trump will abuse this power for some absurd changes and surveillance.