High risk (to lower costs) vendor ban
Smart move Australia.
Why on earth would you want massively reduced infrastructure costs when you could bend over once again for everyone's favourite monopoly, Telstra.
/s
The head of the Australian Signals Directorate, the Down Under equivalent of America's NSA, has said Chinese vendors Huawei and ZTE would be a threat to critical infrastructure if they were allowed to take part in building the country's 5G networks. In a rare public speech, ASD boss Mike Burgess said “a potential threat …
Few years ago, I bought a dual Xeon server (HP) from Canada - because I needed the Canadian software defined radio card built-in, cost around €120k, (amazing h/w & corba s/w stack, rtos etc)
My goods-in dept informed me that the server arrived, so I drove to collect it myself and saw the external shipping box covered with stickers.
Tel-Aviv?, last point of presence before being sent to me, not Toronto, not Vancouver of Colombie-Britannique, but somewhere nice and warm with a beach. I checked the Airwaybill, it listed a despatch company, I googled it: “military software development to order”, there was no HP production anyware reasonably close.
I knew it was implanted, pure economic attack, nothing airy fairy about protecting national sec, or fighting head-choppers, just naked greed. It kicked off with a big data export one day shortly after stuxnet/duqu was released, then we put the server in a cupboard and Tektronix spontaneously phoned us up and offered a free mobo upgrade to our real-time spectrum analyser. (I think they couldn’t remotely remove the evidence from the RSA)
So yes, in my view, Australia and many other nations ought to be worried about the potential for backdoored devices. They and their partners know a lot about that!
That's an interesting anecdote. For sure, ordering from a company in Canada and getting it shipped from the Middle-East would raise my eyebrow as well.
I suppose that the Tektronix call set the equipment back in order ? The only question that remains is : why you ? Do foreign TLAs just hijack server orders randomly, or do you operate in a specific market where this sort of thing is more likely to happen ?
You can forget about "trusting" the vendor - for many years now, even if you purchased a system from a "trusted" vendor, most countries security services have the ability to intercept the shipment in transit and install monitoring software before it's delivered to you - there's no reason why they couldn't install hardware too. Just swap the HDD for one with "phone-home" micro-code ... it's that easy.
In the end it was just a waste of about €100k of citizens’ cash , as a publicly funded open research centre we did/do get the odd attack from all sides I guess. Sad thing is, if they’d phoned up and asked then we’d have given everyone a lab tour and shown if we’d found an innovative way to produce waveforms for next generation radio systems. The RSA upgrade was wonderful.
I hold no malice, all governments have spooks and they can certainly do what they like, being sovereign.
We subsequently dropped all the work with highly specialised and potentially tainted h/w and went for maximum open source h/w & sw, doing amazing things with the various generations of USRP and we fed a lot of improvements back into gnuradio et al.
> In a rare public speech, ASD boss Mike Burgess said “a potential threat anywhere in the network is a threat to the whole network”. It's “paramount” that Australia gets critical infrastructure security right, he said.
Entirely agree. We should make sure that anywhere that we source key infrastructure hasn't legislated that their companies build in backdoors into the security layers of their products.
Let's be honest here - this has nothing to do with national security and everything to do with trade and trying to undermine the Chinese economy.
We are beginning a trade war with China, and ensuring that everyone buys American is an important aspect of this. The US government is essentially bullying all its allies to buy American for big infrastructure - communications, weapons &c. - to ensure that the key lobbyists will have jobs.
Both the United States and the United Kingdom governments have said that that's the case, and the companies involved—Apple and others—have also said there is no evidence of this.”
In other words "This hack goes so far and so deep we'd end up disrupting the World economy with the panic if the truth came out so we'll just lift the rug and sweep under. Trust us, it's better this way."