This is very relevant. The reasoning to ban hardware from China is two fold in the article: 1. To reduce general dependency on Chinas Manufacturing 2. To increase security. And here is the point. Huawei has offered to provide source code and processes for building the firmware for their devices, thus allowing the German state to check every detail of the the devices. Neither Nokia nor Ericson have agreed to do the same, they should be forced to do so for such important infrastructure.
Even worse is Cisco from the USA. They have been found guilty of multiple times adding hardware and/or software backdoors to their devices. Or in their wording “forgetting to remove a remote root access used for development purposes” Here one of the recent cases: https://www.cyber.gc.ca/en/alerts-advisories/vulnerability-impacting-cisco-devices-cve-2023-20198 (This may happen once, but if it happens more than once the company is either guilty of implementing it a backdoor or so incompetent in security no one should dare to buy even a home router from then, much less equipment for critical infrastructure)
In the NSA Leaks Snowden also revealed documents proving that the NSA regularly tampers with Cisco devices to implement backdoors and have standard tools for that. (Also affecting hardware from other US manufacturers)
So asking: “Why these bold claims about increasing security and decreasing dependence with focus on China when these issues are far greater with another supplier” is very much valid. I am actually quite happy that Merz mentioned independence from the USA too.
This is very relevant. The reasoning to ban hardware from China is two fold in the article: 1. To reduce general dependency on Chinas Manufacturing 2. To increase security. And here is the point. Huawei has offered to provide source code and processes for building the firmware for their devices, thus allowing the German state to check every detail of the the devices. Neither Nokia nor Ericson have agreed to do the same, they should be forced to do so for such important infrastructure.
Even worse is Cisco from the USA. They have been found guilty of multiple times adding hardware and/or software backdoors to their devices. Or in their wording “forgetting to remove a remote root access used for development purposes” Here one of the recent cases: https://www.cyber.gc.ca/en/alerts-advisories/vulnerability-impacting-cisco-devices-cve-2023-20198 (This may happen once, but if it happens more than once the company is either guilty of implementing it a backdoor or so incompetent in security no one should dare to buy even a home router from then, much less equipment for critical infrastructure)
In the NSA Leaks Snowden also revealed documents proving that the NSA regularly tampers with Cisco devices to implement backdoors and have standard tools for that. (Also affecting hardware from other US manufacturers)
So asking: “Why these bold claims about increasing security and decreasing dependence with focus on China when these issues are far greater with another supplier” is very much valid. I am actually quite happy that Merz mentioned independence from the USA too.