Tag Archives | Chinese

Hardware security and the Chinese

In the recent days there have been a lot of coverage on the central government’s decision to block sale of networking equipment to domestic carriers in the country by China-based telecom hardware makers Huawei Technologies Co. and ZTE Corp. due to security concerns.

The minutes of the latest meeting of the Foreign Investment Promotion Board (FIPB) while deliberating on a case regarding Huawei clearly bear the government’s apprehension: “Huawei is a company founded by a People’s Liberation Army officer and the company has the capability to remotely manipulate the equipment it supplies to its clients”. This piece of information on the company was communicated to the FIPB by the home ministry.

In order to reduce the panic that may ensue, the officials have been trying to convey that decisions to allow/disallow use of these Chinese-made hardware are done case by case:

“There’s no blanket ban on Chinese equipment,” Gopal K. Pillai, the top bureaucrat in the Home Ministry, told reporters in New Delhi today. “We review equipment case by case.”

In a recent development, the government has also announced the formation of a regulatory body to provide “security certification at different stages for equipment brought to India by both the public and private sectors.”

Understandably some call it extreme paranoia and see these as a knee-jerk response to the recent reports of cyber espionage attributed to non-state Chinese actors, while others claim it as having something to do with the 3G license auction or do with the cheap Chinese hardware that is flooding the Indian market and drowning both Indian and western products.

One would be ill-advised to dismiss such claims completely. The suspicion that Chinese hardware may contain backdoors is neither new nor specific to Indian context. The UK government has raised question about the presence Huwaie in BT’s 21CN network backbone. This is one of the main reasons why BT has a system is in place to inspect the hardware and is able to provide consultancy service to Indian counterpart. A similar concern was also raised by the Australian government. In fact similar fears were raised by the Indian government in 2009 too.

None of these reports have any proof to show that these espionage attempts are actually taking place but given that it is easy to carry out, hard to detect and given Chinese government’s track record of engaging in active information warfare, it is a not-too-remote possibility. Given this, the steps taken by the Indian government to tackle the issue is commendable. It is also good to see follow up actions being taken in the form of setting up of a regulator rather than just banning the import/use of Chinese hardware. Given the experience that companies like BT have had in dealing with similar situations, it is also nice to see the government engaging with them to kick start the effort rather than working in isolation.

On the other hand, the lack of concrete proof of the presence of backdoor is in some ways troubling. If the various three-letter agencies have not been able to publicly state that they have discovered backdoors, nor that they have seen suspicious egress traffic, it does look more likely that there might not be any! This might mean that the “fearmongering” that Chinese companies are being subjected to may be financially motivated. After all, getting rid of cheap Chinese hardware would make the life of both Indian and western competitions a lot easier! That begs the question — why are the hardware from western manufacturers not being subjected to similar scrutiny? Do we have more trust in them than the Chinese ones? If so, what have they done to earn that trust?

A related  issue is that of the involvement of BT in the regulatory process. Its involvement in the process should be made clear openly. Though they do seem to have the expertise to help the Indian counterparts, their involvement should be restricted to consultancy services and the actual testing and audit process should be implemented and conducted by Indian institutions.

And what happens to the existing hardware of Chinese origin that are used extensively by Indian companies? It is just about infeasible to decommission them. Are we going to live with it? Looks like it for the time being. In that case these devices should be subjected to rigorous scrutiny and the companies need to make sure that no information is being leaked but also also that they are working correctly.

http://uk.news.yahoo.com/16/20100504/ttc-india-bans-chinese-networking-kit-ov-6315470.html
Comments { 5 }