upnorth

Level 29
Content Creator
Trusted
Verified
Pushing out a list of software that people/governments shouldn't buy/use, but aren't the actual security issue within there own softwares/setup?
a string of cyber attacks that officials said put hackers working on behalf of the Russian government in a position where they could manipulate some industrial systems used to control infrastructure, including at least one power generator.
 

Slyguy

Level 40
Wonder how they are going to stop utilizing China, does this mean yanking hardware too? :emoji_thinking:
This is already enforced with TAA compliance. For example while some components of a Fortinet may(and are) made in China, the product is 'significantly' US because the testing, R&D, software and final assembly would be in the USA to meet TAA requirements.

This has been going on for a long time with manufacturers.
 
  • Like
Reactions: oldschool and Brie
I

illumination

This is already enforced with TAA compliance. For example while some components of a Fortinet may(and are) made in China, the product is 'significantly' US because the testing, R&D, software and final assembly would be in the USA to meet TAA requirements.

This has been going on for a long time with manufacturers.
Same standards they used when all those back-door devices/parts were discovered flooding into the US?
 

Slyguy

Level 40
Same standards they used when all those back-door devices/parts were discovered flooding into the US?
Nope. TAA is to meet govt. supplier certifications for 'significantly US' products. It doesn't apply at all to consumers unless the manufacturer declares their entire product line TAA compliant. Consumer stuff - good luck there. Backdooring TAA compliant stuff is going to be way harder for China. The reason is, those chips come in from one place, the board another, the caps another. All of it gets hand assembled in the USA after testing and validation. Then the software which is entirely made here gets loaded on and validates the hardware integrity. Backdooring it would generally require access to the development code and assembly line.
 
  • Like
Reactions: oldschool and Brie
I

illumination

You cannot protect the nation by doing one without the other. But pffffff... figuring out how to do it without tanking the world economy. Almost easier to simply launch missiles and drop bombs. Same result. Less effort.
Was kind of my point, but it got lost in translation, but as always, the sharp one enters for clarification ;) :)