Security folks recognize that 100% certainty is impossible. Instead, the problem is always trying to balance the acceptable risk for each application of tech against the increased costs for an extra "9" of confidence. Although I suppose the minimum should always make the adversary jump through enough hoops to deter opportunistic & medium effort attacks, along with close monitoring for rapid detection of anything that gets through.
In this case, it's pretty low hanging fruit to make a policy w/ financial backing that says "we won't use hardware from companies controlled by slightly hostile countries with incompatible values".
In this case, it's pretty low hanging fruit to make a policy w/ financial backing that says "we won't use hardware from companies controlled by slightly hostile countries with incompatible values".