Are you 100% sure of anything? That there aren't any NSA employees bribed by the CPP? Just like Chelsea Manning and Snowden took gigabytes of confidential information right from under the US government nose, they could do the same without any elaborate techniques. Soviet spies were very successful and stole atomic bomb secrets.
But let's suppose everyone working for the government or subcontracted by them is 100% loyal and CCP never manages to blackmail them.
What does it take to bribe a DPD guy on minimum wage delivering your 'American produced' equipment, who can't afford a dentist and is in pain every day? Let's say you ask him to 'mistake' one package for another, and have millions at your disposal?
You talk about "techniques even under X-ray to mask a rogue chip", but do network operators even bother opening the casing of the router to validate the motherboard has not been replaced entirely?
What if it's networking equipment where China replaced a single chip, who is ever going to find out?
Does the network operator validate firmware of every single chip?
We have security holes all over the place, this talk of 100% certainty is basically fantasy.
I think we need to do defense in depth more. There was a funny pic in one of the sysadmin subs about buying firewalls from everyone and putting them in a chain, with each firewall labelled with which nation state compromised it. The joking idea being that sure, the U.S. has backdoors into your Cisco gear, but it you put that behind a Huawei firewall they may not have the backdoors to both, add in a Russian firewall and then an intruder needs all three. Funny but I think not so ridiculous these days if you are paranoid.
Security folks recognize that 100% certainty is impossible. Instead, the problem is always trying to balance the acceptable risk for each application of tech against the increased costs for an extra "9" of confidence. Although I suppose the minimum should always make the adversary jump through enough hoops to deter opportunistic & medium effort attacks, along with close monitoring for rapid detection of anything that gets through.
In this case, it's pretty low hanging fruit to make a policy w/ financial backing that says "we won't use hardware from companies controlled by slightly hostile countries with incompatible values".
But let's suppose everyone working for the government or subcontracted by them is 100% loyal and CCP never manages to blackmail them.
What does it take to bribe a DPD guy on minimum wage delivering your 'American produced' equipment, who can't afford a dentist and is in pain every day? Let's say you ask him to 'mistake' one package for another, and have millions at your disposal?
You talk about "techniques even under X-ray to mask a rogue chip", but do network operators even bother opening the casing of the router to validate the motherboard has not been replaced entirely? What if it's networking equipment where China replaced a single chip, who is ever going to find out? Does the network operator validate firmware of every single chip?
We have security holes all over the place, this talk of 100% certainty is basically fantasy.