US nuclear research facility the Los Alamos National Laboratory has removed network components made in China over fears they may be insecure, news agency Reuters has reported.
The lab, where the first ever atomic bomb was made in 1945, had been using network devices made by H3C – a former joint venture between Chinese telecommunications equipment giant Huawei and 3Com, which was since acquired by HP.
However, a letter seen by Reuters reveals that the lab removed at two least H3C devices from its network. The news agency says the letter appears to have been written in response to a government investigation into "supply chain risks" in the country’s energy sector.
In 2011, a separate US nuclear research facility – the Oak Ridge National Laboratory – cut its network off from the Internet after it fell victim to an "advanced persistent threat", a euphemism commonly used to describe targeted attacks from Chinese intelligence forces.
In October 2012, Cisco security researcher Kurt Grutzmacher was due to make a security conference presentation on vulnerabilities he had discovered in H3C’s network equipment. However, Grutzmacher says he was asked by HP not to make the presentation, claiming "the vulnerabilities are apparently too big for them to be ready".
Grutzmacher insisted that he investigated H3C’s equipment "as an individual research and not as part of any company".