[Infowarrior] - Computer lab’s Chinese-made parts raise spy concerns
Richard Forno
rforno at infowarrior.org
Thu Aug 18 07:16:17 CDT 2011
Computer lab’s Chinese-made parts raise spy concerns
By Eli Lake
The Washington Times
Tuesday, August 16, 2011
http://www.washingtontimes.com/news/2011/aug/16/computer-labs-parts-raise-spy-concerns/print/
A U.S. supercomputer laboratory engaged in classified military research concluded a recent deal involving Chinese-made components that is raising concerns in Congress about potential electronic espionage.
The concerns are based on a contract reached this summer between a computer-technology firm and the National Center for Computational Engineering at the University of Tennessee, whose supercomputers simulate flight tests for next-generation U.S. military aircraft and spacecraft, and simulate submarine warfare for the Navy.
The storage system for the contract calls for using software from U.S. cybersecurity firm Symantec installed over devices made by Huawei Technologies, a Chinese telecommunications giant that U.S. officials have said has close ties to China's military. Huawei and Symantec formed a joint venture in 2008, with Huawei owning 51 percent of the shares of the enterprise.
Last week, four Republican senators and one member of the House Permanent Select Committee on Intelligence urged the Pentagon and Energy Department in a letter to review the contract for potential risks to national security.
The lawmakers' request highlights tensions between the intelligence community and high-technology companies on how sensitive computer servers, microchips and software that are designed or produced in foreign countries can provide foreign intelligence services backdoor access to sensitive information systems.
"Given Huawei's close ties to the [Chinese] government and its military and intelligence sectors, its history of alleged corrupt practices and infringement on intellectual-property rights, and concerns it may act as an agent for a foreign government, Huawei is not an appropriate partner for advanced U.S. research centers - especially those working on critical or classified defense projects for the United States government," the five lawmakers stated in an Aug. 9 letter to Defense Secretary Leon E. Panetta, Energy Secretary Steven Chu and Mary Schapiro, chairwoman of the Securities and Exchange Commission.
The lawmakers were Sens. Jon Kyl of Arizona, Jim DeMint of South Carolina and Tom Coburn and Sen. James M. Inhofe, both of Oklahoma, and Rep. Sue Wilkins Myrick, a North Carolina Republican who chairs the House Intelligence subcommittee that oversees counterintelligence.
Huawei's vice president for external affairs, William Plummer, said in an interview Tuesday that the concerns expressed by the lawmakers are misplaced.
"This letter is just the most recent chapter in what has become a tiresome book promoting fear about China and slandering Huawei as a proxy," he said. "The fiction is growing old."
Huawei was founded in 1988 by Ren Zhengfei, a former engineer for the People's Liberation Army, the Chinese military. U.S. intelligence agencies suspect the company of having the capability of bugging microchips it seeks to install in U.S. networks and equipment that could give China's government the equivalent of a listening post inside U.S. telecommunications architecture.
In 2008, the Treasury Department-led Committee on Foreign Investment in the United States blocked a proposed sale of the software company 3com to Huawei, based on national security grounds. Last year, representatives of the National Security Agency urged major telecommunications companies such as AT&T and Sprint to cancel a deal that would put Huawei firmware and hardware on the cell towers of the national 4G wireless network.
"My understanding is the ownership of Huawei is closely tied to the government of China," said retired Air Force Col. John Toomer, who left the service this year as deputy director of the cyber and information operations directorate.
"We've had that fear for a long time, of having chips compromised by intelligence services," he said. "You are inviting a risk by using chips manufactured by Huawei at such a sensitive facility."
Mr. Plummer said in response to that allegation that his company should not be singled out.
"Cybersecurity concerns are real, they are global, they are agnostic to national borders and they apply equally to the entire information, communication, technology industry supply chain," Mr. Plummer said. "It is incorrect to suggest that the gear of one vendor is somehow less secure than the gear of another."
A 2009 white paper prepared for the congressional U.S.-China Economic and Security Review Commission said China's military has "begun employing this capability to mount a large-scale computer-network exploitation effort for intelligence-gathering purposes against the U.S. and many countries around the world."
The five lawmakers, in their letter, raised concerns that Huawei is seeking to place its gear inside sensitive installations by partnering with U.S. vendors. In the case of the University of Tennessee National Center for Computational Engineering, a company called MPAK Technologies won the bid. That company specializes in data-storage architecture, and it has sensitive contracts with the FBI and other U.S. government agencies.
In an interview, MPAK founder and CEO Michael Kornblum said his storage architecture was not at risk of being compromised by an intelligence service. Data for the system would be encrypted, and the storage system will not be connected to the Internet. He also said the Huawei hardware was not installed on the disc drives, where the data would be stored.
"If you were to do the kinds of activities the senators are talking about, you would put that technology in the disk drives because the data lives on the disk drives," Mr. Kornblum said. "Huawei does not manufacture the disk drives."
Jeffrey Carr, the CEO and founder of Taia Global, a cybersecurity firm said, however, that encryption is not enough.
"There are so many alternative ways of compromising a network. It can be done through a thumb drive, a printer server," he said. "It could be done through a vendor that seeks to install or to service the equipment, it could be done through an insider, an alternative communication channel like Bluetooth or another peer-to-peer network. It could done through an internal email."
Mr. Carr, who first wrote about the lab's contract on his blog last month, said: "If you are targeting an advanced facility, the bad guy will figure out the layout of the network."
Another concern expressed by the lawmakers is that Huawei has been subsidized by the Chinese government, giving it an unfair advantage over U.S. companies such as Cisco Systems.
In the letter, the U.S. lawmakers stated that Chinese policy gives Huawei the ability to offer much lower prices than their competitors.
Mr. Kornblum said his company's bid to build the storage system for the supercomputer was "significantly cheaper."
"It's no mystery that Huawei is trying to get into the U.S. market," he said. "They have done some things to enter the U.S. market that were less publicized. But they are going to get into the market, and they are going to eat Cisco's lunch. Huawei's technology is superior."
Huawei's Mr. Plummer said his company was given $25 billion in credit from 28 banks around the world, including the Chinese development bank.
Mr. Plummer added: "We are doing business no differently than anyone else does business. We have customers, and we have partners, and we have suppliers, and that is how business is done."
© Copyright 2011 The Washington Times, LLC. Click here for reprint permission.
More information about the Infowarrior
mailing list