Not really. Look at articles posted on this site whenever a device made in China is "accidentally" sending user information back to some server in China; people keep asking why the government isn't doing anything to warn citizens or companies about bad actors in the hardware department. When the government does warn us not to use hardware from a specific vendor, people here say it's just a GOP plot to hurt China's economy under the guise of security.
For once in 2 years though the current US admin is right IMHO. China is not an ally, Russia is not an ally. Best case they're semi-neutral, worst case they're the next enemy.
China especially has been playing the ultra-long game by slowly getting more and more countries under their dependence, buying up assets left and right and where that didn't help resorting to industrial espionage.
The problem that the telco operators have is that there is (thanks to Chinese dumping, did I mention they are playing a long game) next to no viable competition in either the US or the expanded NATO space - Europe has Ericsson and Nokia which are expensive and the US has Cisco which is expensive and crops up with at least one real backdoor a month.
Pretty much yes, combined with having to fully audit the software top to bottom every couple of weeks for every patch, piece of firmware, etc with pressure to get into production fixes for issues that affect customers service.
From my experience in the industry, most of the protections being offered are hand-wavy things, like a software patch from Huawei being scanned by a desktop virus scanner for viruses or remote access gateways that record the screens of external employees accessing equipment where the demo I got for the solution the security prime couldn't figure out how to actually view the screen recordings. Huawei employees weren't allowed to give us any USB devices either. (I didn't work with Huawei routinely, although I know many who do. I tended to work with Cisco, Nokia, and several smaller vendors).
The only model I could see sort of working is forcing them to hand over the sources to an industry group or government entity, that is then responsible for auditing, building, and signing the software. But there are so many moving components slipping something past that is still plausible, and many barriers towards that sort of model.
Given the many vulnerabilities across all vendors over the last years, secure development and operation practices are missing across the board. Cisco managed to fuck up their entire secure boot solution (https://thrangrycat.com/), Intel's ME can be taken out of service despite "firmware signing", and I presume that a proper audit by the government would have uncovered that.
Mostly yes. The thing is that what we see in 5G with China is also happening in other areas as well, both in IT (think of how much of our stuff is produced in China!) and outside of IT (Belt Road initiative).
When it comes to China and Russia, what they are doing is a plan of the sort that can only be done in an authoritarian, controlled state.
I agree, to a point. I'm not entirely opposed to Trump (or entirely in favor) but it seems if we're going to be stuck playing economic realpolitik with a country as nationalized as China this is a perfectly reasonable step. The US and its allies have not been particularly good stewards with the power they've held over the world for the last ~70+ years, but I shudder to think of what a Chinese controlled network backbone would do to things.
You can argue the West doesn't behave as well as it should on the world stage, but Western ideology seems to be the best hope we have for an eventual egalitarian future, although the human cost will still be high. The further we get from authoritarianism, be it left or right, the better, in my opinion.
