back to article Oz spy boss defends 'high risk vendor' ban

The head of the Australian Signals Directorate, the Down Under equivalent of America's NSA, has said Chinese vendors Huawei and ZTE would be a threat to critical infrastructure if they were allowed to take part in building the country's 5G networks. In a rare public speech, ASD boss Mike Burgess said “a potential threat …

  1. Anonymous Coward
    Anonymous Coward

    High risk (to lower costs) vendor ban

    Smart move Australia.

    Why on earth would you want massively reduced infrastructure costs when you could bend over once again for everyone's favourite monopoly, Telstra.

    /s

  2. Anonymous Coward
    Anonymous Coward

    The problem still remains. Exactly how do you go about sourcing from anywhere but PRC for all the components in your supply chain.

    1. HmmmYes

      There's no problems with sourcing hardware and silicon components from PRC.

      However, youll run into a problem once you start sourcing complex software systems, installed in your infrastructure.

    2. Version 1.0 Silver badge
      Joke

      All of the components in my home computer have a source country printed on them identifying the manufacturing country as Singapore, USA, or Malaysia - I'm confident that it's completely secure and the operating system was written by an American. Oh, did I mention that it's an Altair?

  3. john.jones.name
    Headmaster

    weasel words from lawyers

    no evidence in a public forum...

    much like the other old man named Burgess

  4. Phil Kingston

    So, we're banning the best value vendor and pushing business towards a (probably) US outfit?

    Q: What's better than thinking there might be unwanted eyes on your network traffic?

    A: *Knowing* there's TLA eyes on your network traffic.

  5. David Shaw

    It can happen , I received an ‘implanted’ server

    Few years ago, I bought a dual Xeon server (HP) from Canada - because I needed the Canadian software defined radio card built-in, cost around €120k, (amazing h/w & corba s/w stack, rtos etc)

    My goods-in dept informed me that the server arrived, so I drove to collect it myself and saw the external shipping box covered with stickers.

    Tel-Aviv?, last point of presence before being sent to me, not Toronto, not Vancouver of Colombie-Britannique, but somewhere nice and warm with a beach. I checked the Airwaybill, it listed a despatch company, I googled it: “military software development to order”, there was no HP production anyware reasonably close.

    I knew it was implanted, pure economic attack, nothing airy fairy about protecting national sec, or fighting head-choppers, just naked greed. It kicked off with a big data export one day shortly after stuxnet/duqu was released, then we put the server in a cupboard and Tektronix spontaneously phoned us up and offered a free mobo upgrade to our real-time spectrum analyser. (I think they couldn’t remotely remove the evidence from the RSA)

    So yes, in my view, Australia and many other nations ought to be worried about the potential for backdoored devices. They and their partners know a lot about that!

    1. Pascal Monett Silver badge

      That's an interesting anecdote. For sure, ordering from a company in Canada and getting it shipped from the Middle-East would raise my eyebrow as well.

      I suppose that the Tektronix call set the equipment back in order ? The only question that remains is : why you ? Do foreign TLAs just hijack server orders randomly, or do you operate in a specific market where this sort of thing is more likely to happen ?

    2. Version 1.0 Silver badge
      Big Brother

      Re: It can happen , I received an ‘implanted’ server

      You can forget about "trusting" the vendor - for many years now, even if you purchased a system from a "trusted" vendor, most countries security services have the ability to intercept the shipment in transit and install monitoring software before it's delivered to you - there's no reason why they couldn't install hardware too. Just swap the HDD for one with "phone-home" micro-code ... it's that easy.

    3. David Shaw

      Re: It can happen , I received an ‘implanted’ server

      In the end it was just a waste of about €100k of citizens’ cash , as a publicly funded open research centre we did/do get the odd attack from all sides I guess. Sad thing is, if they’d phoned up and asked then we’d have given everyone a lab tour and shown if we’d found an innovative way to produce waveforms for next generation radio systems. The RSA upgrade was wonderful.

      I hold no malice, all governments have spooks and they can certainly do what they like, being sovereign.

      We subsequently dropped all the work with highly specialised and potentially tainted h/w and went for maximum open source h/w & sw, doing amazing things with the various generations of USRP and we fed a lot of improvements back into gnuradio et al.

  6. Adam 1

    > In a rare public speech, ASD boss Mike Burgess said “a potential threat anywhere in the network is a threat to the whole network”. It's “paramount” that Australia gets critical infrastructure security right, he said.

    Entirely agree. We should make sure that anywhere that we source key infrastructure hasn't legislated that their companies build in backdoors into the security layers of their products.

  7. Anonymous Coward
    Anonymous Coward

    Let's be honest here - this has nothing to do with national security and everything to do with trade and trying to undermine the Chinese economy.

    We are beginning a trade war with China, and ensuring that everyone buys American is an important aspect of this. The US government is essentially bullying all its allies to buy American for big infrastructure - communications, weapons &c. - to ensure that the key lobbyists will have jobs.

  8. Mark 65

    Both the United States and the United Kingdom governments have said that that's the case, and the companies involved—Apple and others—have also said there is no evidence of this.”

    In other words "This hack goes so far and so deep we'd end up disrupting the World economy with the panic if the truth came out so we'll just lift the rug and sweep under. Trust us, it's better this way."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like