Page 1 of 2
Los Alamos National Laboratory is ripping out devices made by a Chinese manufacturer citing security risks, but security experts say the move will do little to stop attackers set on stealing secrets.
"There is definitely been plenty of proof that the Chinese use the supply chain to their advantage," said Avivah Litan, vice president and distinguished analyst at Stamford, Conn.-based Gartner. "If you have a high security environment and you are concerned about theft of intellectual capital, you would be wise not to use Chinese equipment."
The highly sensitive government laboratory is reportedly removing networking switches made by China-based H3C Technologies, according to Reuters, which obtained a letter about the decision. H3C is a joint venture between Huawei Technologies Co. and 3Com Corp., a firm that was acquired by Hewlett-Packard in 2010. A security assessment focusing on sensitive networks prompted the move by the U.S. nuclear weapons laboratory, according to the letter.
China-based Huawei and ZTE have come under pressure following a report by the U.S. House of Representatives' Permanent Select Committee on Intelligence in October, which labeled the two telecom and mobile equipment makers a security risk. Executives of both firms have publicly dismissed the report's findings, citing their longstanding business in the U.S. and strong commitment to security.
Switches and routers are designed to direct network traffic. The devices can also collect logs and be coded to incorrectly send data to a centralized repository shedding details that an attacker can use to their advantage, said Jeff Vansickel, a senior consultant, information security and technology at Sudbury, Mass.-based SystemExperts Corp. The threat is a concern, especially for a sensitive government agency, but there is a greater risk that attackers will use other methods to gain access to sensitive systems.