Analysis | The Cybersecurity 202: The administration's Huawei policy has a Trump problem

By Joseph Marks

11-14 minutes - Source: The Washington Post

---

President Trump and Britain's Prime Minister Boris Johnson. (Peter Nicholls/Reuters)

THE KEY
The Trump administration’s Huawei policy is hitting a familiar snag: President Trump.
The president has thrown his administration’s years-long effort to combat the Chinese telecom into chaos, contradicting official policy at every turn. The most recent snarl came yesterday when the president slammed his own officials on Twitter for planning to restrict U.S. technology sales to China and calling the national security concerns that prompted those restrictions an “excuse.”
There are two big problems with the president's statement. First, Trump himself signed off last year on severe limits on U.S. sales to Huawei and the actions officials are contemplating now would just expand those restrictions.
Second, Trump officials have argued fiercely their concerns about Huawei are based on legitimate national security fears that the company could enable a massive expansion in Chinese spying if it builds allies’ next-generation 5G wireless networks. And the president just delivered a major blow to that argument.
The president’s tweets appear to have tabled internal discussions about boosting limitations on sales to Huawei as well as restricting offers of aircraft engines to China partly produced by General Electric, the New York Times’s Alan Rappeport reports.
The bottom line: As key U.S. allies in Europe and North America seem likely to allow Huawei to build at least portions of their 5G networks, they have no idea what the U.S. position really is. Trump's comments also play into longstanding concerns the president is not concerned about the national security threat posed by Huawei and is more interested in using U.S. restrictions on the company as leverage in his trade standoff with China.
“It makes it look like the U.S. is really just worried about China as a tech competitor and not a national security threat,” Adam Segal, a cybersecurity and China scholar at the Council on Foreign Relations, told me. “It speaks to the problem the administration has had from the beginning in its messaging about Huawei ... It seems as if the president, at any moment, could overturn whatever decision China hawks in the administration make.”
The inconsistency couldn’t come at a worse time because U.S. arguments about Huawei’s dangers already seem to have hit a brick wall in Europe. The United Kingdom has already agreed to allow the company to build portions of its 5G networks and Canada, France and Germany all appear likely to follow suit.
“America’s global campaign to prevent its closest allies from using Huawei … in the next generation of wireless networks has largely failed, with foreign leaders publicly rebuffing the United States argument that the firm poses an unmanageable security threat,” David E. Sanger and David McCabe concluded in the New York Times.
It also comes just two days after Trump contradicted his top officials by announcing through U.S. Ambassador to Germany Richard Grenell the United States may stop sharing classified intelligence with nations that contract with Huawei. Yet, it’s not at all clear whether that's true or if Trump was just sounding off.
The president also struck out at lawmakers in his Twitter rant even though Republicans and Democrats have generally both taken a hard line against Huawei.
House Speaker Nancy Pelosi (D-Calif.) even highlighted the bipartisan opposition during an address at the Munich Security Conference, marking a united front with Secretary of State Mike Pompeo and Defense Secretary Mark Esper. She warned that nations that contract with Huawei are choosing “autocracy over democracy.”
The inconsistent messaging raised hackles on Capitol Hill. Here’s Rep. Jim Himes (D-Conn.):
Former officials also lashed out at Trump for an erratic and inconsistent policy. Here’s Richard Stengel, a top State Department official during the Obama administration:
Perhaps most maddeningly for Huawei hawks, Trump’s tweets stepped on what might have been a rare good day for the United States in its battle with the company. A federal judge in Texas yesterday dismissed a lawsuit from Huawei claiming that Congress overstepped its bounds in 2018 when it barred the company from government computer networks, one of the earliest parries in the long-running conflict.
The decision was largely expected and echoed a previous ruling in which Congress banned the Russian anti-virus firm Kaspersky. But the judge's dismissal of the case before Huawei could even call witnesses deprived it of an opportunity to publicly challenge U.S. arguments it is beholden to the Chinese Communist Party and can’t be trusted not to spy for Beijing.
A Huawei representative told me the company is “disappointed in today’s ruling and while we understand the paramount significance of national security, the approach taken by the U.S. government in the 2019 [law] provides a false sense of protection while undermining Huawei’s constitutional rights.”
The company will “continue to consider further legal options,” the representative said.

You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.

Not a regular subscriber?

PINGED, PATCHED, PWNED

A Ring doorbell device. (Chip Somodevilla/Getty Images)

PINGED: Internet-connected doorbell company Ring will make extra security checks mandatory for all its users amid growing criticism about the company’s security practices and high-profile stories about hackers compromising the devices to spy on and harass families, the Amazon-owned company announced yesterday. Users will now have to enter a unique code they received via text message or email every time they login. (Amazon founder Jeff Bezos owns The Washington Post).
Consumer advocacy groups and lawmakers including Sen. Ron Wyden (D-Ore.) slammed the company last year for failing to adequately protect users' accounts. Two couples whose cameras were breached by hackers are also suing the company.
But the breaches haven't been enough to scare away most customers, my colleague Drew Harwell found in an unscientific survey of more than 50 Internet-connected camera owners.
Drew found most camera owners were “fine with intimate new levels of surveillance — as long as they were the ones who got to watch.”
“They analyzed their neighbors. They monitored their kids and house guests. And they judged the performance of housekeepers, babysitters and other domestic workers, often without letting them know they were being recorded,” Drew reports. “’I know maybe I should’ tell them, one woman explained, ‘but they won’t be as candid.’”

The WhatsApp logo. (Dado Ruvic/Reuters)

PATCHED: Facebook must unblock the private account of an employee of the Israeli surveillance company NSO group, a Tel Aviv court ordered yesterday. 
Facebook blocked the account and those of several other NSO employees when it sued the company in October for allegedly helping government spies break into the WhatsApp accounts of about 1,400 users across 20 countries, including human rights activists, journalists and diplomats. The case marked the most significant lawsuit to date against the spyware industry, which critics say acts unethically by helping autocratic regimes gather information on their enemies.
The court is expected to issue similar rulings for other NSO employees whose accounts were blocked, an NSO spokeswoman told Steven Scheer and Tova Cohen at Reuters.
“We will continue to take appropriate action to defend our users and we look forward to participating in open court to document how NSO threatens the safety and security of users and needs to be held accountable,” Facebook said in a statement to Reuters.

Reality Winner walks into the federal courthouse in Augusta, Ga. (Michael Holahan/Augusta Chronicle/AP)

PWNED: Lawyers for former NSA contractor Reality Winner are asking Trump to commute her 2018 sentence for leaking government secrets, Taylor Barnes at the Intercept reports. Winner was sentenced to more than five years in prison after leaking classified information about the Russian government's attempts to hack a Florida-based voting software supplier to the Intercept.
Trump has issued numerous high-profile pardons and commutations to high profile people including several yesterday to former Illinois governor Rod Blagojevich, junk bond king Michael Milken and former New York police Commissioner Bernard Kerik among others.
The petition refers to a 2018 tweet in which President Trump called the sentence — the longest ever given to a journalistic source under the Espionage Act — “unfair."
“Our country was attacked by a hostile foreign power,” Winner's attorney Alison Grinter said at a Monday news conference. “Our national healing process cannot begin until we forgive our truth-tellers and begin the job of rebuilding what was taken from us: election security, accountability for those who endeavor to undermine our democracy, and safeguarding the American right to government by and for the people.”
Grinter will send the Justice Department 4,500 letters of support in addition to the clemency request.

PUBLIC KEY

— The 2020 Tokyo Olympics face myriad hacking threats from nation-backed groups including targeted data leaks, disinformation operations and denial of service attacks that overwhelm vital functions with web traffic in an effort to take them offline, according to the first-ever joint threat assessment from the Cyber Threat Alliance, a coalition of tech and cybersecurity companies, released today. Those attacks could also target  anti-doping agencies, services supporting game operations such as ticketing systems, Japanese officials and tourists.
The cybersecurity company SonicWall has also joined the association, CTA announced.
— More cybersecurity news from the public sector:

Cambridge Analytica was called out by Facebook for misuse of user data and shuttered in 2018.
Politico

Operations halted for two days at unnamed US natural gas compression facility.
ZDNet

A former CIA employee accused of being responsible for the largest leak in agency history thinks his case should be thrown out of court.
CyberScoop

PRIVATE KEY

— Cybersecurity news from the private sector:

Dell Technologies announced today that it was selling legacy security firm RSA for $2.075 billion to a consortium of investors led by Symphony Technology Group. Other investors include Ontario Teachers’ Pension Plan Board and AlpInvest Partners. RSA came to Dell when it bought EMC for $67 billion i…
TechCrunch

YouTube is littered with bot-driven videos promising big in-game riches—that also try to steal your personal information.
Wired

The lax security of supply chain firmware has been a known concern for years—with precious little progress being made.
Wired

THE NEW WILD WEST

— Cybersecurity news from abroad:

Russia's central bank last year recorded an increase in online theft that s...
Reuters

A nation-state actor that has links with Chinese hackers is exploiting two new backdoors to run a cyber-espionage campaign against gambling entities in Southeast Asia, according to Trend Micro research.
CyberScoop

The Brazilian telecoms regulator preparing to auction bandwidth for fifth-generation (5G) mobile data said any decision on the security risks of using Chinese technology will ultimately be taken by the president’s national security advisor.
Reuters