[Flyin'Dutch']

@kanga

My point was that as they are already allowed to hold the levers of that kind of hardware directly why worry about the remote access bits.

[kanga]

@kanga

My point was that as they are already allowed to hold the levers of that kind of hardware directly why worry about the remote access bits.

But there may be, and I hope there are, systems which ensure that some functions in the plant are controlled only within the plant, or if remotely only from authorised locations by authorised people elsewhere in UK. But complex hardware and software connected to the plant or on the authorised communication paths may be able to subvert these if they came from potentially malign actors who are ultimately controlled by a foreign government.

[johnm]

One or two points:

No-one is required to take the lowest bid that's always a choice. It's a more complicated choice for the public sector and in all cases requires careful attention to the purchase spec so that the purchaser remains in control of the process.

Huawei, Cisco and other major suppliers have holes in their software, whether deliberate or accidental they can always be exploited.

For critical infrastructure air gaps and/or control over the development process are essential.

There is no such thing as a secure network, transfers need powerful end to end encryption with different keys for every exchange and ideally really secret or dangerous stuff should not be connected, it should be local access behind a secure door only.

[Paul_Sengupta]

https://www.bbc.com/news/technology-48265421

Vodafone has said that it will turn on its 5G service in the UK on 3 July.

The company will rely on equipment from the Chinese telecoms provider Huawei, among others, to deliver the service.

[PaulB]

Which presumably means that the *chose* Huwawei, as other suppliers exist?

[Paul_Sengupta]

They've definitely used other suppliers as well though.

[matthew_w100]

We evaluated Huwawei for our (university) core network. The biggest problem was that though it was cheap it simply wasn't very good. Although the tin said it had all the features we needed , when put to the test it couldn't do them all at the same time. Enabling one feature would mean another would stop working. In particular, TCAM (memory) allocation had to be carefully and manually tuned - for us, unsuccessfully.

Then there was the issue that the command interface was a copy of Cisco's but altered enough to avoid copyright. If you can imagine anything more irritating...we had to establish a swearbox.

But worst, every time we reported a feature problem or one of many many bugs we would receive the very next day a new hand-rolled and patched version of the operating system. They thought this was a good thing, very responsive. To us it demonstrated a complete lack of engineering process, unstable software and the suspicion that every customer was actually running bespoke firmware.

I am very surprised it passed the stringent tests it must have faced to be used in critical national infrastructure.

[johnm]

I am very surprised it passed the stringent tests it must have faced to be used in critical national infrastructure.

If only such diligence was in use.....

[cockney steve]

Why would any cheapskate manufacturer of absolutely anything bother to refine and perfect their offering before placing it in the marketplace?

Punters the world over are prepared to pay for the privilege of being a "crash-test dummy"

bean- counters the world- over think it's cheaper to stand the occasional recall, but I think that Boeing's Board, shareholders and recent customers may have a different take on that one.

[kanga]

I am very surprised it passed the stringent tests it must have faced to be used in critical national infrastructure.

If only such diligence was in use.....

Or rather, if only warnings made by those performing such due diligence and reporting of shortcomings were heeded by Ministers for whom the lowest vaguely plausible tender which appeared to meet the requirements must be accepted, even apparently in CNI if 5G is deemed such. When Huawei was first bidding for digital exchanges work, the warnings were heeded, but the privatised BT could not be directed by Government to reject the bid, so the taxpayer had to spend a lot of money protecting CNI from the detected or (more worrying, merely suspected) security and reliability flaws. Outside CNI, of course, government has little or no power to direct a private company not to accept a low bid.

Still, Huawei has promised to sign 'no spy' agreements, so that's reassuring ..

https://www.bbc.co.uk/news/business-48276822

[johnm]

I learned a long time ago that there is no such thing as a secure network. The only defence is to protect end points and use serious encryption for transmissions.

[kanga]

I learned a long time ago that there is no such thing as a secure network. The only defence is to protect end points and use serious encryption for transmissions.

.. and the greatest weakness at the end points are people, especially senior ones ..

[eltonioni]

Well this is new, and should put the national security cat among the Theresa's club footed pigeons. It used to look like the B word would force her out but she seems determined to have a long list of incompetence in the history books.

https://www.bbc.co.uk/news/world-us-canada-48289550

President Donald Trump has declared a national emergency to protect US computer networks from "foreign adversaries".

He signed an executive order which effectively bars US companies from using foreign telecoms believed to pose national security risks.

The order does not name any company, but is believed to target Huawei.


....


In a separate move, the US commerce department added Huawei to its "entity list" - a move that bans the company from acquiring technology from US firms without government approval.

[johnm]

@eltonioni it isn't new, moreover the USA tried to get indigenous companies to put backdoors into kit and encryption systems and got the dusty answer they deserved.

Trumps actions are pointless and silly from a technical and diplomatic perspective but his whole approach is to play to the redneck gallery that elected him, nothing much else matters to him.

[eltonioni]

In the midst of this ongoing farce, the USA last night declaring a National Emergency re Huawei " seemed like a relatively new and quite important thing to me.

Not being a telecoms expert I will ask what might be a silly question; is this a common thing?