Archived material Access restricted Article
Rantburg

Today's Front Page   View All of Thu 06/30/2011 View Wed 06/29/2011 View Tue 06/28/2011 View Mon 06/27/2011 View Sun 06/26/2011 View Sat 06/25/2011 View Fri 06/24/2011
1
2011-06-30 -Lurid Crime Tales-
The Navy Bought Fake Chinese Microchips That Could Have Disarmed U.S. Missiles
Archived material is restricted to Rantburg regulars and members. If you need access email fred.pruitt=at=gmail.com with your nick to be added to the members list. There is no charge to join Rantburg as a member.
Posted by g(r)omgoru 2011-06-30 14:46|| || Front Page|| [3 views ]  Top

#1 Not surprising. There have been counterfeit CISCO routers made in China that have back doors in them too. Both civilian and military institutions have made standing policies not to buy CISCO switches/routers that are not made in the USA.

Thank you China for helping us support our "Made in the USA" program.
Posted by DarthVader 2011-06-30 15:23||   2011-06-30 15:23|| Front Page Top

#2 Both civilian and military institutions have made standing policies not to buy CISCO switches/routers that are not made in the USA.

Labels are cheap and easy to slap on.
Posted by Eohippus Phater7165 2011-06-30 16:31||   2011-06-30 16:31|| Front Page Top

#3 Labels are cheap and easy to slap on.

Yes, but the serial numbers and lot tracking from place of origin that Cisco track and provide are not.
Posted by DarthVader 2011-06-30 16:48||   2011-06-30 16:48|| Front Page Top

#4 Do you believe that is anything more than the most casual deterrent?
Posted by Eohippus Phater7165 2011-06-30 17:31||   2011-06-30 17:31|| Front Page Top

#5 Yes. We had to do a complete checkdown of our Cisco routers in 2007-8 and the amount of serial numbers and lot numbers that Cisco kept track of was amazing. Basically, we could verify 100% that our routers/switches were in fact made in the US and the chips were made from trusted sources in "safe" countries by trusted manufacturers.

It is up to each CIO if this is worth the cost vs the risk, but I am reasonably comfortable with the IBMs, HPs, Googles and Microsofts of the world have taken steps to sure they are operating as safely as possible. There will always be holes of course, but they get plugged as soon as they are found.

The places I'm worried about is the little mom and pop local banks and tech businesses that don't know or cut corners. They are the most vulnerable.
Posted by DarthVader 2011-06-30 19:05||   2011-06-30 19:05|| Front Page Top

#6 Do you believe that is anything more than the most casual deterrent?

Actually, it is. There are two NCIS investigations going at my facility regarding delivered (but not installed) CISCO equipment that was found to be graymarket, thanks to due diligence on our part.

The weak spot is the procurement process. There is no incentive for experienced acquisition experts (already in short supply) in DOD to remain within the Department. The process itself is convoluted. There are also outside pressures (think politicians).

There is something to be said for the old MILSPEC.
Posted by Pappy 2011-06-30 19:06||   2011-06-30 19:06|| Front Page Top

#7 The weak spot is the procurement process.

Exactly. Spies-R-Us network consulting low bids on gov contracts. Bids on DoD/intel networks. Even uses fresh faced American engineers to do the work. Who I am kidding, H1B visa Indian engineers would raise less suspicion. Orders and replaces legit CISCO routers (or any other equipment) w/ Chinese trojans. Serials and appearances match. The only way to tell the difference would be to grind down each chip and inspect every transistor layer w/ an electron microscope.
Posted by Eohippus Phater7165 2011-06-30 19:39||   2011-06-30 19:39|| Front Page Top

#8 Who I am kidding,

nobody
Posted by Frank G 2011-06-30 20:28||   2011-06-30 20:28|| Front Page Top

#9 Exactly. Spies-R-Us network consulting low bids on gov contracts. Bids on DoD/intel networks. Even uses fresh faced American engineers to do the work. Who I am kidding, H1B visa Indian engineers would raise less suspicion

Obviously you have no experience with military networks. You have to have a security clearance to work on them. An H1B Indiian IT worker won't get one.

But the issue is procurement. The problem is more the lines of who the military (and the government for that matter) can buy from. You have to go with the lowest bidder, unless you can make a case that "can be defended in court". Same with asking for 'sole source' purchase. For non-military agencies, if you contract over a certain amount, a percentage has to go to businesses owned by certain demographics.

So - you end up with companies that are 'owned' by the correct demographics, but are essentially fronts or drop-ship points. Most are legit. But, given the shortage of acquisition specialists, political pressure, CYA attitude of senior administrators, bureaucratic restrictions, military and federal regulations, the stupidity of the funding cycle, the 'social justice' aspect of purchasing, and the inherent inefficiencies of a huge procurement system, you will have problems like this.

That's why there's an NCIS.
Posted by Pappy 2011-06-30 21:51||   2011-06-30 21:51|| Front Page Top

#10 An H1B Indiian IT worker won't get one.

That was a joke. I once worked for a company, in chip design (massively parallel - of interest to the gov) where I was the the only US citizen in the entire engineering staff. The only one who could gain access to US gov and gov contractor facilities. And yes, the company was (openly) foreign owned, headquartered in a (friendly) foreign country. Though I can't say the same for some of engineers, many of Islamic background and a few years after 9/11. While that company was legit, I could easily see where an unfriendly power set up US operations to vend to the government and infiltrate tainted equipment. It's a lot cheaper than spy satellites and a lot less dangerous than some the the ops Americans pulled off like Ivy Bells.
Posted by Eohippus Phater7165 2011-06-30 23:02||   2011-06-30 23:02|| Front Page Top

#11 A lot of the classified electronic equipment the government uses is designed by foreign born engineers, though with citizenship. That doesn't stop some of them from leaking details to their native governments or selling the info to the highest bidder. Quite a few cases in the news w/ the worst (or most careless) cases being Chinese immigrants.
Posted by Eohippus Phater7165 2011-06-30 23:09||   2011-06-30 23:09|| Front Page Top

23:47 European Conservative
23:09 Eohippus Phater7165
23:02 Eohippus Phater7165
22:38 Keystone
22:25 CincinnatusChili
22:23 Mikey Hunt
22:19 CincinnatusChili
22:04 CrazyFool
21:51 Pappy
21:36 JohnQC
20:56 no mo uro
20:48 Barbara
20:34 Frank G
20:32 Frank G
20:28 Frank G
20:24 Frank G
20:20 CrazyFool
20:17 CrazyFool
19:48 Zhang Fei
19:43 Glenmore
19:39 Eohippus Phater7165
19:38 Ebbang Uluque6305
19:16 Pappy
19:06 Pappy









Paypal:
Google
Search WWW Search rantburg.com