FCC's 'Rip and Replace' for ZTE and Huawei Balloons To $5.6B

Today, Chairwoman Jessica Rosenworcel notified Congress that providers have initially requested approximately $5.6 billion from the Secure and Trusted Communications Networks Reimbursement Program to cover the costs of removing, replacing, and disposing of insecure equipment and services in U.S. networks. From a report: "Last year Congress created a first-of-its kind program for the FCC to reimburse service providers for their efforts to increase the security of our nations communications networks," said Chairwoman Rosenworcel. "We've received over 181 applications from carriers who have developed plans to remove and replace equipment in their networks that pose a national security threat. While we have more work to do to review these applications, I look forward to working with Congress to ensure that there is enough funding available for this program to advance Congress's security goals and ensure that the U.S. will continue to lead the way on 5G security."

Should have thrown out Cisco

[gweihir]

That is the real insecure equipment.

Re:Should have thrown out Cisco

[AmiMoJo]

What happens to the equipment that is removed? A lot of it seems to end up on eBay, which means you can get some excellent high end gear for next to nothing these days.

I've been upcycling old gear like this for myself and friends recently. ISPs here bought vast numbers of DSL routers from Askey, and they get thrown away when people switch to another provider or upgrade to fibre. You can load OpenWRT onto them and turn them into a combination managed switch with VLAN support, WiFi AP and router.

Re: Should have thrown out Cisco

[kenh]

You understand this is carrier-grade cellular phone network equipment, not a butt-load of Linksys home routers or gigabit switches, right?

You planning on setting up a 5G cellular network in your community?

Re:

[Zocalo]

GP didn't say he was planning on buying the Huawei equipment themself, just that upcycling was possible and asking what will happen to the old Chinese kit.

Telcos being telcos, they're going to ask the FCC for the full cost of the replacement cost of hardware, training, installation, maxed out warranties, a healthy contingency because reasons, a bunch of landfill/disposal costs, and then slap a few more tens of millions in "Misc. Sundries" on top. The redundant equipment, once it's been removed, will the

Re:

[haruchai]

Telcos being telcos, they're going to ask the FCC for the full cost of the replacement cost of hardware, training, installation, maxed out warranties, a healthy contingency because reasons, a bunch of landfill/disposal costs, and then slap a few more tens of millions in "Misc. Sundries" on top

That's pretty much a given. I recall a story from quite some time ago that American telcos had exaggerated the depreciation deductions on their equipment by over $40 billion over several decades.

Re: Should have thrown out Cisco

[kenh]

His examples were home routers that he flashes with OpenWRT and gives to his friends to use at home.

Re:

[DarkOx]

FCC might have comments

Re:

[chill]

Maybe, yeah. Are you familiar with Freedom Fi [freedomfi.com]?

Re:

[AmiMoJo]

The carrier grade stuff is often even better. Standard off the shelf hardware that can run pretty much anything.

Re:

[ArchieBunker]

Maybe not 5G but you can bring back the analog cell network if you want with a LimeSDR. https://limemicro.com/communit... [limemicro.com]

Re:

[gweihir]

It is both. Cellular networks use regular IP connections as backbones these days.

Re:

[bodog]

You planning on setting up a 5G cellular network in your community?

Akshuly - https://www.helium.com/5G [helium.com]

Re: Should have thrown out Cisco

[kenh]

Uh, the equipment they are being asked to replace can't (legally) be used in the US -sure, a foreign (non-US) telco could buy and use the equipment, but I suspect that's a little above the OP's 'pay grade'.

Re:

[OrangeTide]

Reimbursing of disposed equipment means the government pays the carriers to put it on palettes and sell it to an eWaste company. Who then lists a good portion of it on eBay. It's just another way to funnel tax payer money into the pockets of industrialists.

A normal government would have reimbursed, minus the scrap value of the offending equipment. And if the equipment is so inappropriate for use in the United States. Then destruction or export of that equipment should have been a condition of reimbursement.

Re:

[Krishnoid]

And when the possibly compromised (?) stuff makes it through eBay, perfusing data centers of various lowest bidders with them, the carriers can then outsource to those bidders. Then when the time comes, the back doors can be activated everywhere! Or exfiltration all along the way. Genius, really.

Re:

[bn-7bc]

Yes, but then it will be thst lowest bidder that ends up with the legal fallout and not telcos/government, so who really cares, certainly not the telcos/government, this is not about solving a problem (real or perceived), it's about re assigning blame

Re:

[gweihir]

Yes, this is a nice opportunity. Personally, I do not need it, I have a regular Linux Box as firewall/router, but my ISP basically delivers Gigabit Ethernet via Fiber and that makes things easy.

insecure by configuration

[Rockoon]

whats to stop them from asking for money to replace perfectly good equipment that they intentionally configured wrong?

Re:

[dogcar3604]

This is a hatchet job, directed specifically at the Chinese.

Re:

[zephvark]

Nah, that's just an excuse they're using. It's a massive giveaway from the Government to large corporations.

Re:

[EvilSS]

Nah, that's just an excuse they're using. It's a massive giveaway from the Government to large corporations.

Yea but there are so many they need to have some way of telling them apart.

Re:

[slazzy]

Can't say they don't deserve it though

Re:

[schwit1]

This a legitimate self-defense directed at the CCP.

Chinese law states that every Chinese business is required to aid in state security.

Re:

[Krishnoid]

I believe you, but how about a citation for everyone?

Re:

[larryjoe]

I believe you, but how about a citation for everyone?

A summary of the Chinese National Intelligence Law, from our revered Wikipidia [wikipedia.org] (with bolding added):

The most controversial sections of the law include Article 7 which potentially compels businesses registered in the People's Republic of China or have operations in China to hand over information to Chinese intelligence agencies such as the MSS. Article 10 makes the law applicable extraterritorially, having implications for Chinese businesses operating overseas specifically technology companies, compelling th

Re:

[cheesybagel]

Right. As if the US and other countries do not have similar laws in place.

Re:

[oh_my_080980980]

Really? Better not tell the rest of corporations doing business in China. You know like apple.

Re:

[DarkOx]

I am not go to say it isn't but its not clear to me what the motives are.

The telco's are well into their 5g rollout which is a license to make everyone update their plans and bump average monthly bills. That is $$$ for them. Swapping a bunch of equipment already deployed delays and even risks that revenue.

I am not sure the big carriers want to change horses now even if someone else is paying for the kit.

I sure can see some big US and EU hardware vendors pushing for this but frankly those guys are actually

Re:

[bn-7bc]

Odd thus must be a US thing, the rollout is well underway here in Norway ( yea I know Norway is way smaller than the US bla bla..) and cell planes have not risen above the inflation rate by any noticeable margin. Ok Norway might be a typical as we have some if the highest mobile prices in Europe( Even compared to averge vage iirc), even our telecom regulator thinks the prices are to high, so it might be the telcos swallow more if the cost than they wold normally just to avoid regulatory pushback

Re:

[bn-7bc]

Judt to make it clear, my intention above was not to bad moth the US/brag about norway, I was just currious abaout why evryone in the us seam to expext their bills to go up just because the telcos upgrade to 5G jusr so they (the telcos) can offer new and/or better services, that utimatly has a great potential to imcreses bouth their top an bottom line. Yes costumers end up paying in the end, but nor neceseraly the same costumers paying for existing services.

Re:

[ArchieBunker]

The arrest of the CFO is another piece in this strange puzzle. https://www.cnn.com/2018/12/11... [cnn.com]

Re:

[EvilSS]

whats to stop them from asking for money to replace perfectly good equipment that they intentionally configured wrong?

It doesn't have to be configured wrong. If it's from ZTE or Huawei then they get money to replace it, even if it's perfectly good and configured correctly.

Re:

[HiThere]

And that's exactly the way it should be done, if the theory behind this replacement is correct. The only thing is, who built the stuff that they're replacing the older stuff with? Why are they considered more secure? There aren't that many semi-conductor fabs in the US these days.

Re:

[thegarbz]

whats to stop them from asking for money to replace perfectly good equipment that they intentionally configured wrong?

They would need to provide actual proof if they went down that path.

Re:

[Rockoon]

So you imagine that they are currently giving massive amounts of evidence right now, right?

Why not just imagine that they give the exact same evidence they are required to give this time. Oh, thats right....

...thegarbz is defending corrupt fascist cunts again, so requires different amounts of things like evidence, depending on if the corrupt fascist cunts would want him to

Re:

[thegarbz]

So you imagine that they are currently giving massive amounts of evidence right now, right?

Literally the opposite of what I implied.

Why not just imagine that they give the exact same evidence they are required to give this time.

What time? Was there a previous time? Do you think this isn't a continuation of what has been going on for a few years now?

...thegarbz is defending corrupt fascist cunts again, so requires different amounts of things like evidence, depending on if the corrupt fascist cunts would want him to

I'm not sure if you have a reading comprehension issue or just had an aneurysm but either way based on what you got out of my post you need some professional help.

I really hope

[pele]

It's CISCO and Nokia and Siemens who are paying this 5.6b bill and not the taxpayers

Re:

[FuegoFuerte]

Genuinely curious, why would those 3 pay the bill for something the US .gov decided on, even if they stand to benefit from it? If anything, this may be a royal PITA for them due to the supply chain constraints right now - I seriously doubt any of them can fill $2B of orders on short notice for cell infrastructure equipment, as they've probably worked with their customers to forecast out at least 6-12 months, and have orders with their suppliers based on those forecasts.

Suddenly bumping your demand by $2B s

Obsolescence

[Anonymous Coward]

Gotta wonder how much old shit is getting a replacement here so that companies can get free upgrades.

Re: Obsolescence

[kenh]

About $5BN worth of hardware by my estimate...

Re: Obsolescence

[kenh]

This is a literal giveaway to telcos - imagine the government just decided to swap every Internal Combustion Engine car over 15 years old with a free Electric Vehicle.

A smart telco would snap up any available 'compromised' chicom telco equipment and get a free upgrade to current American-made hardware at a steep discount, courtesy of the American taxpayer.

Re:

[MachineShedFred]

Don't forget that they would then liquidate the ZTE / Huawei gear that they can't use to some other country that doesn't give a shit, pocketing the cash from that sale. This gear won't end up in a metal shredder, it will end up in Africa / South America / south Asia.

Re: Obsolescence

[kenh]

Maybe they have a 'cash for clunkers' -like requirement that they have to pour a caustic liquid in the device before they can get the cash?

Re:

[MachineShedFred]

Not likely. If there's one thing the telcos are good at, it's milking the government of money without having to live up to any obligations whatsoever. See: the Telecommunications Act of 1996 and the excise taxes we're still paying for an open fiber network connectivity that millions still do not have, over $400B and counting later. [huffpost.com]

Re:

[Tablizer]

sshhhh

assume for the moment this isn't politics

[cats-paw]

That the NSA figured out that there really is backdoors in some of the equipment, therefore they have to assume it's in all of the equipment.

Is it really possible, that no commercial user of the equipment would have figured this out ?

or an independent security firm ?

it seems really, really unlikely.

any kind of security monitoring of a corporate network would catch phone home packets of just about any sort,wouldn't they ?

Re: assume for the moment this isn't politics

[IdanceNmyCar]

Ding ding...this is the humor about this kind of stuff. Conspiracies about China always require a world class conspiracy that would effectively mean their network security approaches are years ahead of us to hide it at these scales. Instead, it's now easier for America to accept an extreme minority of anecdotes or that our government has secret insight it's not willing to reveal.

However not being a netsec expert, I think it's fair to assume there are ways to develop hardware kill switches that do not phone

Re:assume for the moment this isn't politics

[Krishnoid]

How many companies did/are the log4j vulnerability affect/ing? It seems really, really likely. Actually, kind of sounds like standard corporate operating procedure to deprioritize security audits of hardware.

Re:

[Anonymous Coward]

any kind of security monitoring of a corporate network would catch phone home packets of just about any sort,wouldn't they ?

If they were enabled. The switches might not phone "home" until they see packets come through to ticktock.cn or whatever, then the switch also sends and receives its own little bits from the same website.

Re:

[Gravis Zero]

Is it really possible, that no commercial user of the equipment would have figured this out ?
or an independent security firm ?

Backdoors can be hidden in exceptionally obscure methods by combining software and hardware. A backdoor could be disguised as a simple programming bug in packet handling that actually end up charging a charge pump in the CPU IC. Trigger it enough times in a row and for a second or so the SSH authentication always succeeds.'

Then again, it could be 100% hardware, buried under several fabrication layers and waiting for a specific packet. You would need to resources of the NSA to really check everything.

Re:

[HiThere]

Actually, that's quite plausible. The vendors are more interested in getting their stuff sold than they are in detecting backdoors. So the vendors won't go looking, because they might not like what they found.

As to "phone home packets", only a very simpleminded exploit would issue those all the time. More reasonable would be to send the packets to a nominally reasonable location (say a hotmail account, though that probably dates me), and only after a delay upon being triggered.

This doesn't mean I believe

Remove insecure equipment

[PPH]

Would it be suficient to just board over AT&T's Room 641A [wikipedia.org]?

Stupid

[jacks smirking reven]

Either this whole fiasco is pointless anti-China posturing or the decision to use any major Chinese telecome company for equipment should have outlawed from the start. It's not like Huawei or ZTE suddenly become partially state owned, it's been that way forever as it is for many large Chinese companies. That's just how they do things over there. Now it just costs everyone else money.

Re:

[HiThere]

It's not pointless, but there is definitely an element of anti-China posturing. And what do you mean by "from the start"? If you go back far enough it seemed a reasonable thing to do, and an attempt to convert China to capitalism and away from communism. That the Chinese were never communists is not something that was politically acceptable to believe. I don't know how much factual basis is behind the decisions, but the US legislature never makes decisions based on technical grounds. So the enabling le

Re:

[cheesybagel]

Huawei has never been state owned. It is an employee owned joint stock company. ZTE is a state owned company.

So... the new stuff....

[Puls4r]

Has anyone though to ask WHERE the new stuff is coming from? Because last I checked, there aren't many American fabs or American businesses building networking hardware in America.

So how are they verifying the NEW stuff doesn't have Chinese content with backdoors in it as well?

Huawei Balloons

[anonymouscoward52236]

Huawei Balloons? Where do I get these? LOL.

Re:

[dohzer]

If Google's version is anything to go by, you can probably find them floating over the African continent somewhere. https://en.wikipedia.org/wiki/... [wikipedia.org]

Huawei stencil kits. Rebadge your equipment now!

[Que_Ball]

I wonder if any of the carriers have taken a stencil kit and spray paint can to go paint Huawei logos on all their old equipment yet?

Hey government, you need to pay for all this Huawei equipment that is totally NOT just old end of life Nortel gear we have not bothered to replace yet.
Wink wink!

Nice grift

[oh_my_080980980]

Now how do I get in on the action. I'm sure I can find many products in my house that are made in China and can no doubt be used by China for nefarious actions.

All it takes is one house to fall and China has a beach head for their invasion.

Share costs

[DriveDog]

The carriers knew better but didn't care. So pay some but not all this time, require them to use equipment not reasonably suspected of being backdoored, and leave the requirement but dont help in the future. It should hurt enough now to deter future apathy. While were at it, make it easy for smaller concerns to enter every level so the big boys can't pass all the costs to consumers without losing market share. If you'd tried to get help resolving issues with Charter, Verizon, and AT&T all already today

Can't wait for the follow up...

[VeryFluffyBunny]

...article where we read that the telcos took the money but left most of the equipment untouched, paid big shareholder dividends & the execs paid themselves massive bonuses.

Huawei Balloons

[groobly]

Gotta get rid of those Huawei balloons already.