Do people already need a reminder of the Juniper JunOS situation?
I don't think this is a good thing.
On one had we have Huawei which is untrusted by default, everyone assumes it has a backdoor but yet there are no reports of said backdoor and no evidence that networks using the hardware have suffered from exfiltration or infiltration.
On the other hand Juniper was very publicly compromised and networks running their hardware were most definitely subject to attack.
That said; this is probably primarily focused on wireless networks and if they are replacing Huawei it will be with Ericson or Nokia gear which I think we can have some manner of trust in.
EDIT: My point is I think the Huawei equipment being assumed untrusted is a better model than assumed "trusted" suppliers that can easily be back doored because no-one is looking as hard.
I don't know if Huawei firmware has backdoors, but I can tell you I've looked at it (when evaluating their network switches) and it's a humongous mess of NIH. They even wrote their own SSH server and userspace IP stack (but still use the Linux one internally). It's rather buggy; simply scp'ing a file off of the switch leaked memory leading to a crash and reboot. It's just very poor quality.
Backdoors or not, I have very little doubt their equipment is full of exploitable security issues.
In the UK we have an agreement with Huwawei and access to firmware, which can be bit-for-bit compared to what ships. We don't for other manufacturers. But guess which one we're told not to trust.
I don't know what you're talking about with "allegedly".
Bloomberg "allegedly" found HW backdoors in huawei, Vodafone also "allegedly" found backdoors in their equipment from huawei back in the day(i think about a decade ago).
When you go talk to your red-team pentester friends, you quickly find out that the black market is full of 0days or full-blown backdoors for huawei equipment, from routers to consumer-grade mobile phones.They're not the only ones, but there's a clear discrepancy.
While in the consumer space Huawei might not be ever fully-banned (imo even though they should, because people are f*cking stupid and it's already too late), in gov & military(especially NATO) infrastructure, i'm guaranteeing they're already(US,AUS,JP,PL,RO) or soon to be banned.
Now the what-about argument is gonna follow here, saying "how about western companies that also engage in privacy-violating and espionage policies?".Yes that's also obviously true, but to a much lesser degree, and those companies/corporations main concern is money&profit,unlike Huawei.They might collude with governments and institutions, but they're not fully controlled by one, like in the fascistic China at the moment.And i say fascistic because chinese companies conveniently use 'free'-markets inside China and Western countries up to the point where their gov. notices and dictates their every move.
I don't think this is a good thing.
On one had we have Huawei which is untrusted by default, everyone assumes it has a backdoor but yet there are no reports of said backdoor and no evidence that networks using the hardware have suffered from exfiltration or infiltration.
On the other hand Juniper was very publicly compromised and networks running their hardware were most definitely subject to attack.
That said; this is probably primarily focused on wireless networks and if they are replacing Huawei it will be with Ericson or Nokia gear which I think we can have some manner of trust in.
EDIT: My point is I think the Huawei equipment being assumed untrusted is a better model than assumed "trusted" suppliers that can easily be back doored because no-one is looking as hard.