LONDON (Reuters) - A
leading U.S. nuclear weapons laboratory recently discovered its
computer systems contained some Chinese-made network switches and
replaced at least two components because of national security concerns, a
document shows.
A letter from the Los
Alamos National Laboratory in New Mexico, dated November 5, 2012, states
that the research facility had installed devices made by H3C
Technologies Co, based in Hangzhou, China, according to a copy seen by
Reuters. H3C began as a joint venture between China's Huawei
Technologies Co and 3Com Corp, a U.S. tech firm, and was once called
Huawei-3Com. Hewlett Packard Co acquired the firm in 2010.
The discovery raises
questions about procurement practices by U.S. departments responsible
for national security. The U.S. government and Congress have raised
concerns about Huawei and its alleged ties to the Chinese military and
government. The company, the world's second-largest telecommunications
equipment maker, denies its products pose any security risk or that the
Chinese military influences its business.
Switches are used to
manage data traffic on computer networks. The exact number of
Chinese-made switches installed at Los Alamos, how or when they were
acquired, and whether they were placed in sensitive systems or pose any
security risks, remains unclear. The laboratory - where the first atomic
bomb was designed - is responsible for maintaining America's arsenal of
nuclear weapons.
A spokesman for the Los
Alamos lab referred enquiries to the Department of Energy's National
Nuclear Security Administration, or NNSA, which declined to comment.
The November 5 letter seen
by Reuters was written by the acting chief information officer at the
Los Alamos lab and addressed to the NNSA's assistant manager for
safeguards and security. It states that in October a network engineer at
the lab - who the letter does not identify - alerted officials that H3C
devices "were beginning to be installed in" its networks.
The letter says a working group of specialists, some from the
lab's counter intelligence unit, began investigating, "focusing on
sensitive networks." The lab "determined that a small number of the
devices installed in one network were H3C devices. Two devices used in
isolated cases were promptly replaced," the letter states.
The letter suggests other H3C devices may still be installed.
It states that the lab was investigating "replacing any remaining H3C
network switch devices as quickly as possible," including "older
switches" in "both sensitive and unclassified networks as part of the
normal life-cycle maintenance effort." The letter adds that the lab was
conducting a formal assessment to determine "any potential risk
associated with any H3C devices that may remain in service until
replacements can be obtained."
"We would like to emphasize that (Los Alamos) has taken this
issue seriously, and implemented expeditious and proactive steps to
address it," the letter states.
Corporate filings show Huawei sold its stake in H3C to 3Com in
2007. Nevertheless, H3C's website still describes Huawei as one of its
"global strategic partners" and states it is working with it "to deliver
advanced, cost-efficient and environmental-friendly products."
RECKLESS BLACKBALLING?
The Los Alamos letter appears to have been written in response
to a request last year by the House Armed Services Committee for the
Department of Energy (DoE) to report on any "supply chain risks."
In its request, the committee said it was concerned by a
Government Accountability Office report last year that found a number of
national security-related departments had not taken appropriate
measures to guard against risks posed by their computer-equipment
suppliers. The report said federal agencies are not required to track
whether any of their telecoms networks contain foreign-developed
products.
The Armed Services committee specifically asked the DoE to
evaluate whether it, or any of its major contractors, were using
technology produced by Huawei or ZTE Corp, another Chinese telecoms
equipment maker. ZTE Corp denies its products pose any security risk.
In 2008, Huawei and private equity firm Bain Capital were
forced to give up their bid for 3Com after a U.S. panel rejected the
deal because of national security concerns. Three years later, Huawei
abandoned its acquisition of some assets from U.S. server technology
firm 3Leaf, bowing to pressure from the Committee on Foreign Investment
in the United States. The committee evaluates whether foreign control of
a U.S. business poses national security risks.
In October, the House Intelligence Committee issued an
investigative report that recommended U.S. government systems should not
include Huawei or ZTE components. The report said that based on
classified and unclassified information, Huawei and ZTE "cannot be
trusted to be free of foreign state influence" and pose "a security
threat to the United States and to our systems."
William Plummer, Huawei's vice president of external affairs
in Washington, said in an email to Reuters: "There has never been a
shred of substantive proof that Huawei gear is any less secure than that
of our competitors, all of which rely on common global standards,
supply chains, coding and manufacturing.
"Blackballing legitimate multinationals based on country of
origin is reckless, both in terms of fostering a dangerously false sense
of cyber-security and in threatening the free and fair global trading
system that the U.S. has championed for the last 60-plus years."
He referred questions
about H3C products to Hewlett Packard. An HP spokesman said Huawei no
longer designs any H3C hardware and that the company "became independent
operationally ... from Huawei" several years prior to HP's acquisition
of it. He added that HP's networking division "has considerable
resources dedicated to compliance with all legal and regulatory
requirements involving system security, global trade and customer
privacy."
No comments:
Post a Comment