Search This Blog

Translate

Search Tool




Jul 14, 2020

Analysis | The Cybersecurity 202: U.K. is set to bar Huawei in a major U.S. victory


By Joseph Marks


with Tonya Riley

The United Kingdom is expected to today announce plans to bar Huawei from its 5G telecom networks, marking a major victory for the Trump administration in its years-long war to rein in the Chinese firm.
That’s a huge about-face from just a few months ago, when the U.K. was ready to allow Huawei to build less-sensitive parts of its next-generation networks despite U.S. warnings that the firm posed unacceptable risks of Chinese spying.
The decision could also prompt European nations that are on the fence about Huawei to limit or ban the company from their 5G networks, Ellen Nakashima and William Booth report.
“The writing’s on the wall in Europe,” Paul Triolo, who heads the Eurasia Group’s global technology policy practice, told my colleagues. “There’s no way that Huawei will remain a big supplier there.”
But the move also underscores the immense costs for Western nations turning away from Huawei, which is among the most prominent and cheapest suppliers of 5G gear.
The British telecoms Vodafone and BT have estimated it would take years and “single-figure billions” of dollars to rid their networks of Huawei equipment. They’re calling for a five-year transition to limit the disruption for customers.
Huawei officials, meanwhile, are warning that the U.K. might be abandoning its chance to be a leader in 5G, which is expected to be much faster and more efficient than current telecom networks and capable of carrying exponentially more data.
“This is a once-in-a-lifetime opportunity for the U.K.,” Huawei Global Vice President Victor Zhang warned.

Surveillance cameras are mounted in front of the Huawei flagship store in Shanghai. (Qilai Shen/Bloomberg News)
Some U.S. companies are also sounding alarms about the difficulty of transitioning away from Huawei. 
A slew of industry groups, including the U.S. Chamber of Commerce, the Aerospace Industries Association and the Computing Technology Industry Association, are pushing for a one-year delay on a Trump administration ban on government contractors using Huawei, as Inside Cybersecurity reports. The ban is expected to be finalized shortly.
They say there’s not enough time to implement the ban and contractors need to focus on weathering the coronavirus pandemic.
“An extension of the deadline would actually strengthen U.S. security by ensuring better planning and execution of the statutory prohibitions,” David Berteau, chief executive of the Professional Services Council, a coalition of government contractors, told Defense News.
Those calls are unlikely to gain much traction from the White House or in Congress, where Republicans and Democrats are largely united in getting tough on China — and on Huawei, in particular.
The fact that allies are turning against Huawei despite those costs is a feather in the cap for the Trump administration’s foreign policy. 
It comes after months during which allies questioned why the administration couldn't produce a “smoking gun” showing that Huawei posed a spying danger. They were also highly skeptical of President Trump for seeming to use U.S. efforts against Huawei as a bargaining chip in U.S.-China trade negotiations.
The turn is partly due to increasingly stringent U.S. restrictions.
The harshest move came in May, when the Commerce Department effectively hobbled Huawei’s supply chain by banning foreign firms selling computer chips within the United States from also working with the Chinese firm.
The shift was helped along by global anger over China’s lack of transparency during the early days of the coronavirus pandemic and its crackdown in Hong Kong.
Finally, U.S. officials changed their strategy from arguing Huawei itself was guilty of spying to arguing that the company simply couldn’t refuse to aid spying by Beijing under China’s communist system.
“We really pivoted that discussion over time,” said Robert Strayer, deputy assistant secretary for cyber and international communications and information policy in the State Department. “If you fully understand the Chinese Communist Party’s intent in the way the system works in China, there’s not autonomy for those companies.”

A man walks past a Huawei shop in Beijing. (Nicolas Asfouri/AFP)
The U.S. argument has worked with many allies, but it won’t put Huawei out of business. 
The U.K.’s decision effectively means Huawei will be cut off from 5G networks across the United States and all four of its closest intelligence-sharing partners — the U.K., Canada, Australia and New Zealand.
Numerous other nations have also banned Huawei from their networks, including Poland, Estonia, the Czech Republic and Japan. India, which has not yet built any 5G system, nevertheless barred two state-run firms from using Chinese gear after security clashes along its border with China.
But Huawei and another Chinese telecom, ZTE, control about 90 percent of the 5G market in China, which accounts for about half the global market. And they’re pushing to control the 5G markets in Latin America and Africa when they develop.
That has many analysts fearing a future in which the world is effectively bisected between regions that rely on Western technology and those in which Chinese technology is ascendant.

The keys
The spyware firm NSO Group can continue to sell its tools internationally, an Israeli court ruled.

Journalist and activist Omar Radi, whose phone was targeted. (Abdeljalil Bounhar/AP).

The judge rejected a request by Amnesty International and other groups to revoke NSO's export license on the basis that it had facilitated human rights violations. The groups failed to provide adequate evidence for their claim that the company attempted to hack the phone of an Amnesty International activist, the judge said.
The ruling was a blow to cybersecurity and privacy groups that accuse NSO of helping authoritarian governments spy on activists, journalists and political dissidents. 
“The ruling of the court flies in the face of the mountains of evidence of NSO Group’s spyware being used to target human rights defenders from Saudi Arabia to Mexico, Danna Ingleton, acting co-director of Amnesty Tech, said in a statement.
NSO, meanwhile, applauded the decision. The judgment is irrefutable evidence that the regulatory framework in which we operate in is of the highest international standard, it said in a statement.
WhatsApp is also suing NSO for allegedly helping to hack at least 100 of its users across 20 countries.
At least 65,000 mail-in ballots have been rejected in primaries held during the pandemic so far.

A voter turns in a ballot at a drop-box location in Hoboken, N.J. (Michael Nagle/Bloomberg News)

The ballots arrived after election deadlines but often through no fault of the voter, according to an NPR analysis reported by Pam Fessler and Elena Moore. The rejected ballots make up a small percentage of total ballots in most states but they're enough to make a difference in a close election. 
In some states the figure is higher. Virginia, for example, rejected nearly 6 percent of mail-in ballots. And even a small percentage of rejected ballots is likely to undermine people's faith that their vote will be counted. 
Even more concerning, people voting by mail for the first time are more likely to have their ballots rejected, Charles Stewart, a political scientist at the Massachusetts Institute of Technology, told NPR. That could cause chaos, with an influx of voters switching to mail voting because of the coronavirus pandemic. 
Democrats and advocacy groups have filed lawsuits trying to force several states to count all mail votes as long as they’re postmarked before Election Day. Republicans argue that it would create too much confusion to continue to count votes after Election Day.
Trump confirmed a U.S. cyberattack against a Russian troll farm ahead of the 2018 midterms. 

(Yuri Gripas/Abaca/Bloomberg News).

The president made the confirmation during an interview with Washington Post columnist Marc Thiessen. 
The Post first reported on the U.S. Cyber Command operation last year, but White House and military officials had not previously acknowledged it, Ellen reports. The operation was a prime example of Trump administration efforts to aggressively punch back against adversaries in cyberspace. The White House expanded Cybercom’s authority to launch offensive attacks in 2018.
The confirmation marked a rare acknowledgment by the president of Russian efforts to sow discord in U.S. elections. The intelligence community warns that Russia is likely to interfere again in the 2020 election.
Cybercom also carried out an attack against computer systems used by IranIslamic Revolutionary Guard Corps to target oil tankers in the Persian Gulf last August. The strike was in retaliation for the destruction of a U.S. surveillance drone.

Government scan

The White House's top tech official will take on a new acting role at the Pentagon.  

White House Chief Technology Officer Michael Kratsios. (Patricia de Melo Moreira/AFP/Getty Images)

Michael Kratsios joined the White House in 2017. He is best known for spearheading initiatives in artificial intelligence, quantum computing and 5G communications technology. He has also led the White House’s private-public partnership to use supercomputers to combat the coronavirus pandemic.
“In seeking to fill this position we wanted someone with experience in identifying and developing new technologies and working closely with a wide range of industry partners,” Defense Secretary Mark T. Esper said in a statement.
Kratsios formerly served as chief of staff to Peter Thiel, one of Trump’s most prominent Silicon Valley supporters and a co-founder of Palantir, which has more than $60 million worth of military contracts.
More government and political news:
The U.S. Secret Service last week announced it is merging its Electronic Crimes Task Forces and Financial Crimes Task Forces into a unified network dubbed the Cyber Fraud Task Forces, a move it attributed to the growing convergence of cyber and traditional financial crimes.
Reuters
Rep. John Katko (R-N.Y.) on Monday introduced three pieces of legislation designed to improve cybersecurity at the national level, particularly within the Department of Homeland Security (DHS). 
The Hill

Industry report

Tech giants backed a lawsuit against a Trump administration rule that could force out international students. 

The Massachusetts Institute of Technology. (Maddie Meyer/Getty Images)

Facebook, Google and Microsoft joined a brief filed by the U.S. Chamber of Commerce on Monday in support of a lawsuit brought against Immigration and Customs Enforcement, Ashley Gold reported for Axios.
The tech companies are asking a federal judge to halt or slow the enforcement of the new guidance that would prevent foreign students from staying in the United States if their academic institutions don’t offer in-person classes. They argue that the administration failed to properly consider the consequences of the move on the U.S. business community.
More industry news:

EXCLUSIVE: The MGM Resorts 2019 data breach is much larger than initially reported.
ZDNet
Google will block anonymous users from joining Google Meet video conferences organized by G Suite for Education customers.
ZDNet

Cyber insecurity

Researchers say a popular router has failed to fix severe security flaws.

Fiber optic cables. (Jason Alden/Bloomberg News)

They flagged the vulnerabilities to manufacturer Tenda more than six months ago and the company has yet to fix them, Motherboard reports.
More hacking news:

Mitre Corp runs some of the U.S. government's most hush-hush science and tech labs. The cloak-and-dagger R&D shop might just be the most important organization you've never heard of.
Forbes

Emails and procurement records point to a "mobile" version of the GrayKey.
Vice

Chat room

Cybersecurity pro tip: Wrapping your phone in tin foil won't prevent surveillance. Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation:
I don't know who needs to hear this, but wrapping your cell phone in tin foil will not protect you from surveillance by governments and law enforcement. Learn, my children! Learn from the mistakes the bad people make. https://t.co/9QvDvSiM9T
— Eva (@evacide) July 13, 2020

Daybook

  • The House Oversight Committee will hold a hearing to examine U.S. cybersecurity preparedness and the National Cyber Director Act on Wednesday at 12 p.m.
  • The House Budget Committee will hold a hearing on the need for federal investments in technology in light of the coronavirus pandemic Wednesday at 2 p.m.
  • The Center for Democracy and Technology will host an event, A Shared Responsibility: Protecting Consumer Health Data Privacy in an Increasingly Connected Worldon Wednesday at 4 p.m.
  • The Aspen Institute will host a discussion about U.S. election security in the shadow of the coronavirus on Thursday at 1 p.m.
  • The House Homeland Security Committee will hold a hearing evaluating the Cyberspace Solarium Commission recommendations on Friday at 12:30 p.m.
  • The House Administration Committee will hold a hearing on the security of remote voting in the House on Friday at 1 p.m.
  • The Center for Strategic and International Studies will host a discussion with former Google chairman and chief executive Eric Schmidt about technology, data and innovation policy on Friday at 4 p.m.
  • The Senate Rules Committee will hold a hearing on general election preparations on July 22 at 10:30 a.m.

Secure log off

Tweet us your cybersecurity-themed names for Washington’s football team:
I wonder what name they’ll pick pic.twitter.com/QjQC3YBtOc
— Dave Jorgenson 🍰 (@davejorgenson) July 13, 2020

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.