Exclusive: U.S. nuclear lab removes Chinese tech over security fears

LONDON Tue Jan 8, 2013 2:02am IST

A man walks past a Huawei company logo outside the entrance of a Huawei office in Wuhan, Hubei province October 9, 2012. REUTERS/Stringer

A man walks past a Huawei company logo outside the entrance of a Huawei office in Wuhan, Hubei province October 9, 2012.

Credit: Reuters/Stringer

Stocks

   

LONDON (Reuters) - A leading U.S. nuclear weapons laboratory recently discovered its computer systems contained some Chinese-made network switches and replaced at least two components because of national security concerns, a document shows.

A letter from the Los Alamos National Laboratory in New Mexico, dated November 5, 2012, states that the research facility had installed devices made by H3C Technologies Co, based in Hangzhou, China, according to a copy seen by Reuters. H3C began as a joint venture between China's Huawei Technologies Co and 3Com Corp, a U.S. tech firm, and was once called Huawei-3Com. Hewlett Packard Co acquired the firm in 2010.

The discovery raises questions about procurement practices by U.S. departments responsible for national security. The U.S. government and Congress have raised concerns about Huawei and its alleged ties to the Chinese military and government. The company, the world's second-largest telecommunications equipment maker, denies its products pose any security risk or that the Chinese military influences its business.

Switches are used to manage data traffic on computer networks. The exact number of Chinese-made switches installed at Los Alamos, how or when they were acquired, and whether they were placed in sensitive systems or pose any security risks, remains unclear. The laboratory - where the first atomic bomb was designed - is responsible for maintaining America's arsenal of nuclear weapons.

A spokesman for the Los Alamos lab referred enquiries to the Department of Energy's National Nuclear Security Administration, or NNSA, which declined to comment.

The November 5 letter seen by Reuters was written by the acting chief information officer at the Los Alamos lab and addressed to the NNSA's assistant manager for safeguards and security. It states that in October a network engineer at the lab - who the letter does not identify - alerted officials that H3C devices "were beginning to be installed in" its networks.

The letter says a working group of specialists, some from the lab's counter intelligence unit, began investigating, "focusing on sensitive networks." The lab "determined that a small number of the devices installed in one network were H3C devices. Two devices used in isolated cases were promptly replaced," the letter states.

The letter suggests other H3C devices may still be installed. It states that the lab was investigating "replacing any remaining H3C network switch devices as quickly as possible," including "older switches" in "both sensitive and unclassified networks as part of the normal life-cycle maintenance effort." The letter adds that the lab was conducting a formal assessment to determine "any potential risk associated with any H3C devices that may remain in service until replacements can be obtained."

"We would like to emphasize that (Los Alamos) has taken this issue seriously, and implemented expeditious and proactive steps to address it," the letter states.

Corporate filings show Huawei sold its stake in H3C to 3Com in 2007. Nevertheless, H3C's website still describes Huawei as one of its "global strategic partners" and states it is working with it "to deliver advanced, cost-efficient and environmental-friendly products."

RECKLESS BLACKBALLING?

The Los Alamos letter appears to have been written in response to a request last year by the House Armed Services Committee for the Department of Energy (DoE) to report on any "supply chain risks."

In its request, the committee said it was concerned by a Government Accountability Office report last year that found a number of national security-related departments had not taken appropriate measures to guard against risks posed by their computer-equipment suppliers. The report said federal agencies are not required to track whether any of their telecoms networks contain foreign-developed products.

The Armed Services committee specifically asked the DoE to evaluate whether it, or any of its major contractors, were using technology produced by Huawei or ZTE Corp, another Chinese telecoms equipment maker. ZTE Corp denies its products pose any security risk.

In 2008, Huawei and private equity firm Bain Capital were forced to give up their bid for 3Com after a U.S. panel rejected the deal because of national security concerns. Three years later, Huawei abandoned its acquisition of some assets from U.S. server technology firm 3Leaf, bowing to pressure from the Committee on Foreign Investment in the United States. The committee evaluates whether foreign control of a U.S. business poses national security risks.

In October, the House Intelligence Committee issued an investigative report that recommended U.S. government systems should not include Huawei or ZTE components. The report said that based on classified and unclassified information, Huawei and ZTE "cannot be trusted to be free of foreign state influence" and pose "a security threat to the United States and to our systems."

William Plummer, Huawei's vice president of external affairs in Washington, said in an email to Reuters: "There has never been a shred of substantive proof that Huawei gear is any less secure than that of our competitors, all of which rely on common global standards, supply chains, coding and manufacturing.

"Blackballing legitimate multinationals based on country of origin is reckless, both in terms of fostering a dangerously false sense of cyber-security and in threatening the free and fair global trading system that the U.S. has championed for the last 60-plus years."

He referred questions about H3C products to Hewlett Packard. An HP spokesman said Huawei no longer designs any H3C hardware and that the company "became independent operationally ... from Huawei" several years prior to HP's acquisition of it. He added that HP's networking division "has considerable resources dedicated to compliance with all legal and regulatory requirements involving system security, global trade and customer privacy."

(Reporting by Steve Stecklow; Editing by Richard Woods) (steve.stecklow@thomsonreuters.com)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (20)
usagadfly wrote:
It is reckless to assume that products from an American registered company are “American”. Not only are most technical products sold by American companies developed abroad but the companies themselves have little other than history to make them “American”.

It is difficult to even know what “American” is any more. Is there really a difference, for instance, between the loyalties of a pro-Israel US Senator and Benjamin Netanyahu? Are they even paid from different sources? It would be a grave error to think there is.

Jan 07, 2013 4:44pm IST  --  Report as abuse
Abulafiah wrote:
A wise move. Almost certainly Huawei gear. Huawei was founded by the Chinese military, and currently will not reveal its corporate structure. They are not to be trusted.

Jan 07, 2013 5:08pm IST  --  Report as abuse
cranston wrote:
Network switches can be programmed to communicate information transferred across them outside of the network in which they have been installed.

Jan 07, 2013 5:28pm IST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

BBM FOR WINDOWS

TECH SHOWCASE

Linkedin Performance

Linkedin Performance

LinkedIn forecasts strong quarter, driven by hiring business.  Full Article 

Cyber Attack

Cyber Attack

Hacking attack in Canada bears signs of Chinese army unit - expert.  Full Article 

P2i IPO

P2i IPO

Start-up behind 'dunkable' phone technology explores Asian IPO.  Full Article 

Network Not Needed

Network Not Needed

No cell service? goTenna lets users send texts without cellular network connectivity.  Video 

Privacy Concerns

Privacy Concerns

Microsoft ordered by U.S. judge to submit customer's emails from abroad.  Full Article 

Hopeful Outlook

Hopeful Outlook

New products to return Taiwan's HTC to growth by year end.  Full Article 

Making it Big

Making it Big

Xiaomi's star rises as Chinese handset makers gnaw at Samsung's share: report.  Full Article 

Smartphone Scare

Smartphone Scare

Smartphone management flaws puts users at risk, researchers say.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage