China: What Evil Lurks Within?

Tuesday, September 06, 2011

Joel Harding


Eli Lake, in the Washington Post, is once again using our fear of the unknown against us.

In his article Mr. Lake brings up Huawei's attempts to operate as, well, a business.  Huawei is accused, as a high tech telecommunications company, of attempting to get equipment onto the US 4G cell network. 

Huawei has also been accused of attempting to acquire 3Com, the sale was overturned based on 'National Security Concerns'.

I recall my own cries of paranoia over the great Soviet bear. Everything remotely associated with the Soviets was evil, bad and highly suspect. How in the heck did we ever trust them enough to allow them to take down the wall?

I recall speaking with my own Division G2 shortly before the wall came down, "It's a trick, it's a ruse!" is what I said. In retrospect they were more like teddy bears.

Flash forward to 2011 and shades of the PRC! Everything they touch is tainted, every action they take is evil and every Chinese person must be a spy...

I went to China last December to speak with leaders, scholars and practitioners about cyberwar, information warfare and related fields... I told them our fears and they countered with "We fear Windows, because we're sure NSA got to Microsoft and had them build in a back door".

The things is we, the Western world, are going to spy on China and China is going to spy on us (meaning the rest of the world), it's just that we  don't get caught and blamed so much publicly.

I've preached a little mantra for some years now:  Trust but verify.  NSA/CSS established a program, The Trusted Access Program Office (TAPO), nicknamed the Foundry Program.

The program makes "national security critical components" for:

Any government-sponsored program can use the Trusted Foundry:

  • DoD Sponsored Programs may qualify for prepaid access (provided funding remains).
  • Other government agencies will need to provide funding for access.
  • Contractors working on IR"D projects may access the foundry provided they have a government sponsor.

How about the rest of the Department of Defense?  How about the rest of the government?  How about all the corporations?  How about "we the people"?  Sorry, you're on your own. 

There is no program for the rest of us.  I know at least two people within the government who have been telling people about this problem for over ten years, but all we hear is the sound of crickets chirping.

A quote attributed to Secretary Rumsfield, but actually originated by Carl Sagan is: The absence of evidence is not evidence of absence.  The US does not have a program to examine, down to the individual chip level, an entire computer being imported from China. 

Such a program is, according to some, prohibitively expensive.  Pardon me?  Fully testing 1 in every 10,000 imported systems might be expensive, but it would be even more expensive not to if we are, indeed, being quietly infiltrated through high-tech and, heretofore, untested means.

As for the PLA connection in Huawei, I submit to you:  kindly name one defense contractor or telecommunications giant that does not employ at least one retired general or admiral?   Hat tip to Richard Stiennon for that point!

Possibly Related Articles:
China Cyber Security Telecom Espionage National Security NSA PLA Huawei
Post Rating I Like this!
Joel Harding Quick correction, it wasn't Bill Gertz, it was Eli Lake. I tried to make the correction before publication but failed. Apologies.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.