(Reuters) – A leading U.S. nuclear weapons laboratory recently discovered its computer systems contained some Chinese-made network switches and replaced at least two components because of national security concerns, a document shows.
A letter from the Los Alamos National Laboratory in New Mexico, dated November 5, 2012, states that the research facility had installed devices made by H3C Technologies Co, based in Hangzhou, China, according to a copy seen by Reuters. H3C began as a joint venture between China’s Huawei Technologies Co and 3Com Corp, a U.S. tech firm, and was once called Huawei-3Com. Hewlett Packard Co acquired the firm in 2010.
The discovery raises questions about procurement practices by U.S. departments responsible for national security. The U.S. government and Congress have raised concerns about Huawei and its alleged ties to the Chinese military and government. The company, the world’s second-largest telecommunications equipment maker, denies its products pose any security risk or that the Chinese military influences its business.
Switches are used to manage data traffic on computer networks. The exact number of Chinese-made switches installed at Los Alamos, how or when they were acquired, and whether they were placed in sensitive systems or pose any security risks, remains unclear. The laboratory – where the first atomic bomb was designed – is responsible for maintaining America’s arsenal of nuclear weapons.
A spokesman for the Los Alamos lab referred enquiries to the Department of Energy’s National Nuclear Security Administration, or NNSA, which declined to comment.
The November 5 letter seen by Reuters was written by the acting chief information officer at the Los Alamos lab and addressed to the NNSA’s assistant manager for safeguards and security. It states that in October a network engineer at the lab – who the letter does not identify – alerted officials that H3C devices “were beginning to be installed in” its networks.
The letter says a working group of specialists, some from the lab’s counter intelligence unit, began investigating, “focusing on sensitive networks.” The lab “determined that a small number of the devices installed in one network were H3C devices. Two devices used in isolated cases were promptly replaced,” the letter states.
The letter suggests other H3C devices may still be installed. It states that the lab was investigating “replacing any remaining H3C network switch devices as quickly as possible,” including “older switches” in “both sensitive and unclassified networks as part of the normal life-cycle maintenance effort.” The letter adds that the lab was conducting a formal assessment to determine “any potential risk associated with any H3C devices that may remain in service until replacements can be obtained.”
“We would like to emphasize that (Los Alamos) has taken this issue seriously, and implemented expeditious and proactive steps to address it,” the letter states.
Corporate filings show Huawei sold its stake in H3C to 3Com in 2007. Nevertheless, H3C’s website still describes Huawei as one of its “global strategic partners” and states it is working with it “to deliver advanced, cost-efficient and environmental-friendly products.”
Reuters has the full article
