Analysis | The Cybersecurity 202: Mike Rogers, former Republican House Intel chief, blasts Congress for not taking action on Huawei
By Joseph Marks
Former Rep. Mike Rogers, R-Mich., questions witnesses during a full committee hearing in 2014. (AP Photo/Manuel Balce Ceneta, File)
Former heavy-hitter Republican Rep. Mike Rogers says partisan warfare has so handicapped Congress that it's not doing nearly enough to stop a major world threat: Chinese telecom Huawei controlling large portions of next-generation telecommunication networks.
Rogers says the House Intelligence Committee, which he led until 2015, has been especially derelict as members clash over President Trump’s impeachment.
“Unfortunately, that committee is just broken," Rogers told me, "and it’s going to take a long time for them to get back to any semblance of a functioning oversight intelligence committee. We’ve got to get the whole Congress functioning again so that we can get at these things, [because] the Chinese aren't going to wait for us to get our act together.”
Rogers, a former FBI agent who represented Michigan in Congress, is leading the new advocacy group 5G Action Now, aimed at making the U.S. the global leader in next-generation networks.
His criticism comes as allies across the globe are allowing Huawei to build portions of their next-generation 5G networks, ignoring U.S. warnings that it could aid a surge in global Chinese spying.
United Kingdom Prime Minister Boris Johnson, in the most significant blow to date, today labeled Huawei a “high risk vendor” but will still allow it to build portions of its 5G infrastructure outside the “core,” which has the greatest access to UK citizens’ data, the Guardian reports. “Our world-leading cyber-security experts know more about Huawei than any country in the world – and they are satisfied that with our tough approach and regulatory regime, any risks can be managed,” a source in Parliament told the publication.
Rogers called the U.K.'s move “a very bad decision that [U.K. officials] are going to regret over the long haul.”
Speaking before the expected decision, he warned it could open up the U.K. not just to intense spying by the Chinese government but also to sabotage and slowed network traffic during future disputes with China.
“Imagine your economy sliding along and 10 years from now you run into a significant difference with the Communist Party of China. Guess what? They can start messing with your economic flow by just turning off pieces of the network,” he said.
Rogers praised the Trump administration for barring Huawei from building this country's next-generation networks and blocking American companies from selling it critical components. He criticized Congress, though, for being too slow to deal with the rise of Huawei and for not doing enough to make American companies competitive in 5G.
His group, he says, is aimed partly at convincing U.S. lawmakers to take more decisive action. “We're going to have to get members of Congress to understand what's at stake,” he said, adding that “what's frustrating is that it's taking us so long to do the things that we know we have to do to win.”
The committee, with Rogers at the helm for four years, sounded bipartisan alarms about the threat of Chinese digital espionage and Rogers and the committee's top Democrat Dutch Ruppersberger (Md.) published a 60-page report warning about national security threats from Huawei and another Chinese telecom ZTE.
But five years later, though lawmakers have proposed numerous measures aimed at combating Huawei or making U.S. companies more competitive, none of the boldest bills have become law. That includes an effort this month championed by Senate Intelligence Committee Chairman Richard Burr (R-N.C.) and ranking Democrat Mark Warner (Va.) that would invest $1 billion in domestic Huawei alternatives.
Congress's main anti-Huawei effort came in a 2018 military spending bill that banned the company from U.S. government networks and which Huawei, which has always steadfastly denied aiding Beijing spying, is challenging in federal court.
The group’s main advocacy goal has so far been pushing the Federal Communications Commission to release midrange spectrum for U.S. telecoms to run 5G services, which FCC Chairman Ajit Pai committed to doing yesterday.
Rogers declined to reveal details about the group, including who its members are and who is funding its operations other than to say the group is new and he expects to release more details soon.
He added that “anybody who's interested in beating the Chinese from dominating the 5G network build-out is welcome” to join.
A 5G Action Now representative told me the group’s “goal is to develop a broad base of public, private and grass-roots support” and “as that happens, the public will learn more about our allies and supporters.”
Sitting lawmakers sounded off last night in a last-ditch effort to warn the U.K. government against accepting Huawei.
“The British people deserve the best and it’s not #Huawei,” Sen. Marco Rubio (R-Fla.) warned on Twitter.
.@FiniteStateInc found "#Huawei devices to be less secure than comparable devices from other vendors," and "the security posture of [Huawei] devices is not improving over time."— Senator Rubio Press (@SenRubioPress) January 27, 2020
5G ties economic security & nat'l security more closely together. Such risks are unacceptable.
Rep. Ted Yoho (R-Fla.) warned that “implementing #Huawei technology into national infrastructure projects is a recipe for long-term security risks.”
Implementing #Huawei technology into national infrastructure projects is a recipe for long term security risks, both from Chinese spies & hackers taking advantage of holes in its compromised system. #China— Ted Yoho (@RepTedYoho) January 27, 2020
"If our allies move forward with Huawei in their 5G networks, we will have to re-examine certain aspects of our relationship. We will not risk sensitive national security information finding its way back to Beijing."— House Foreign Affairs GOP (@HouseForeignGOP) January 24, 2020
PINGED, PATCHED, PWNED
San Francisco 49ers defensive end Dee Ford (55) gestures next to Green Bay Packers quarterback Aaron Rodgers (12) during the first half of the NFL NFC Championship football game on Jan. 19 in Santa Clara, Calif. (Tony Avelar/AP)
The verified Twitter accounts of the San Francisco 49ers and the Kansas City Chiefs, the two teams playing in the Super Bowl this weekend, were affected. OurMine, a hacker group that has previously infiltrated the accounts of top executives including Twitter chief executive Jack Dorsey, took responsibility for the breach.
“We are here to Show people that everything is hackable,” the group wrote in a tweet yesterday afternoon on the official Green Bay Packers account. The tweet has been removed.
“As soon as we were made aware of the issue, we locked the compromised accounts,” said Twitter spokeswoman Katie Rosborough. “We are currently investigating the situation.”
Twitter also suspended OurMine’s account for violating its community guidelines.
The group also reportedly broke into and began posting on the official Minnesota Vikings Instagram account. Andy Stone, a spokesman for Instagram’s parent company Facebook, said it's “investigating and working to secure and restore access to any impacted accounts.” Facebook declined to say how many accounts were affected.
U.S. Sen. Mark R. Warner (D-Va.). (Erin Scott/Reuters)
“No consumer would realistically have an inkling that their anti-virus software could be selling their browsing data,” Sen. Mark R. Warner (D-Va.) told Joseph Cox at Motherboard. “Congress can’t afford to ignore these issues any longer.” Warner also called on the Federal Trade Commission to regulate the anti-virus industry.
The data sold by jump shot, a subsidiary of Avast, included customers’ Google searches, location data, YouTube videos and even visits to porn websites, Motherboard reported. While the data did not include users' names and emails, experts told Motherboard it was possible to figure out people’s identities based on the available data.
Avast stopped collecting user data through its browser extension after Mozilla and Google removed the extension last month. It’s now asking existing anti-virus users to opt into data collection, the company told Joseph.
Sen. Ron Wyden (D-Ore.), however, told Motherboard he was concerned that the company had not committed to deleting the data it already collected without consent.
“The only responsible course of action is to be fully transparent with customers going forward, and to purge data that was collected under suspect conditions in the past,” Wyden said.
A Turkish flag flies on a passenger ferry with the Bosporus in the background in Istanbul on Jan. 27. (Murad Sezer/Reuters)
The nature and scale of the attacks, which tamper with address book of the Internet to send visitors to impostor sites, have sparked serious concern from Western intelligence agencies. Targets of the hacking included Cypriot and Greek government emails services as well as the Iraqi government's national security adviser. Hackers also targeted civilian organizations in Turkey including a chapter of the Freemasons.
Reuters confirmed the attacks using public Internet records. Officials and private cybersecurity investigators say the campaign is ongoing.
The U.K. National Cyber Security Centre and U.S. Office of the Director of National Intelligence declined to comment to Reuters on who was behind the attacks.
PUBLIC KEY— Cybersecurity news from the public sector:
PRIVATE KEY--A security flaw in video conference service Zoom left meetings vulnerable to hackers, according to a new report from researchers at Check Point. Zoom issued security changes after researchers brought the findings to the company.
— Cybersecurity news from the private sector: