/The Cybersecurity 202: The U.S. is going after Huawei, but it isn’t changing allies’ minds (via Qpute.com)

The Cybersecurity 202: The U.S. is going after Huawei, but it isn’t changing allies’ minds (via Qpute.com)


THE KEY

The U.S. government is ramping up its assault on Huawei even as its months-long efforts to restrict the Chinese company from the next generation of global telecom networks keeps hitting brick walls. 

The Justice Department filed updated charges yesterday in a criminal case accusing Huawei of a multi-decade effort to steal intellectual property from U.S. tech companies and of striking secret telecom deals with Iran and North Korea that violated U.S. sanctions, as my colleague Jeanne Whalen reported.

Huawei, which has steadfastly denied aiding Chinese spying, shot back that the U.S. Justice Department wanted to “irrevocably damage its reputation and its business for reasons related to competition rather than law enforcement.” 

The new charges came just one day after national security adviser Robert O’Brien said in a blockbuster Wall Street Journal story that for more than a decade, Huawei has maintained secret spying access to customer data that could be exploited by the Chinese government.

It’s a bold one-two punch as U.S. officials paint Huawei as a tool of Beijing’s Communist Party that will enable unprecedented Chinese spying if it’s allowed to build global 5G networks. Yet it seems increasingly inevitable that Huawei will build large portions of 5G infrastructure — including for some of the United States’ closest allies. 

There was a muted response from abroad, suggesting the United States is becoming increasingly isolated as it battles to restrict Chinese influence over a broad range of technological developments that could increase its spying power ranging from 5G to artificial intelligence and quantum computing. 

The United Kingdom has already announced Huawei will build less-sensitive portions of its 5G networks and France appeared poised yesterday to strike a similar deal. The only indication this week’s developments have made any difference came in Canada where conservative opposition lawmakers pushed Prime Minister Justin Trudeau, who hasn’t made a final decision on Huawei, to ban the firm. 

Only a handful of allies, including Australia, New Zealand and Japan, have followed the U.S. lead in completely banning Huawei from their next-generation networks.

The silence from key allies is a major blow to U.S. officials who have warned Huawei control over 5G networks could give China broad power to spy on government officials, steal innovations from other nations’ companies and even sabotage foreign companies to benefit their Chinese competitors. 

The issue is especially vital because 5G will carry exponentially more data than earlier generations of telecom networks and hook into a new breed of Internet-connected devices such as driverless cars, connected homes and smart factories. 

The new indictment alleges Huawei and two of its U.S. subsidiaries violated the Racketeer Influenced and Corrupt Organizations Act, or RICO, a law typically used to charge organized crime syndicates, as part of a conspiracy to steal technology for Internet routers and antennas that would give the company an unfair competitive advantage.

It’s an escalation of a case announced in January 2019, when U.S. prosecutors charged Huawei and its chief financial officer, Meng Wanzhou, with bank and wire fraud. They also charged Huawei with violating U.S. sanctions on Iran and conspiring to obstruct justice. Huawei and Meng denied all those charges.

U.S. lawmakers used the indictment to make a final pitch to allies to steer clear of the Chinese firm. 

“Countries should think twice before trusting Huawei to adhere to the rule of law & protect data,” Rep. Michael McCaul (Tex.), top Republican on the House Foreign Affairs Committee, tweeted. 

Rep. Jim Banks (R-Ind.) called it “shameful” that U.S. allies continue to work with Huawei:

Senate Intelligence Committee Chairman Richard Burr (R-N.C.) and ranking Democrat Mark Warner (Va.) also savaged Huawei in a statement, saying that “the indictment paints a damning portrait of an illegitimate organization that lacks any regard for the law” and that “intellectual property theft, corporate sabotage, and market manipulation are part of Huawei’s core ethos and reflected in every aspect of how it conducts business.”

And Sen. Tom Cotton (R-Ark.):

PINGED, PATCHED, PWNED

PINGED: Mobile voting advocates and skeptics entered into a pitched battle yesterday after researchers at the Massachusetts Institute of Technology released a study describing major digital vulnerabilities in the blockchain-based voting app Voatz. 

The researchers found bugs they said could allow hackers to surreptitiously change or spy on votes users cast with the app but didn’t find any evidence the app had actually been hacked during a series of pilots mostly for military and overseas voters in West Virginia, Oregon and Washington state. Voatz shot back that the researchers were looking at an outdated version of the app and made incorrect assumptions about the company’s technology that rendered their research meaningless. The researchers said they used the most recent version of the app as of Jan. 14.

Voatz says it’s cooperated with the Department of Homeland Security on audits that have not yet been publicly released. Yet a 2019 DHS audit obtained by NBC News also found multiple cybersecurity problems. 

The dispute comes as federal, state and local officials are struggling to secure conventional election technology against hackers from Russia and elsewhere and most security experts say adding hackable smartphones to the mix is simply too dangerous. Mobile voting firms and some state and local officials, however, say the technology can make voting far easier for people who are often disenfranchised. 

Officials in Mason County, Wash., who’d planned to pilot Voatz, quickly scrapped those plans after the MIT report came out, the New York Times reported. Officials in West Virginia, which is considering using the app broadly for voters with disabilities in 2020, remained more bullish.

The app “is not perfect — nothing is — and security is always a concern for us,” Donald Kersey, a senior election official there, told the Times. “But this is about using new technologies that give us a way to make sure people who maybe can’t always vote have that opportunity.” 

PATCHED: The Democratic National Committee played a bigger role than it has let on in approving the app that imploded on Iowa caucus night and delayed results for days, documents obtained by Hunter Walker at Yahoo News show.

The documents include a contract signed in October between the app maker Shadow Inc. and Iowa Democrats that gave the DNC continual access to Shadow’s software systems including security controls. That suggests the party would have had ample opportunity to review the technology before the Feb. 3 primary. A contract provision also required Shadow to give the DNC monthly updates and to work with cybersecurity specialists selected by the DNC.

“They were intimately involved in this process,” a source who provided the contract to Hunter said of the DNC. 

DNC Chairman Tom Perez has harangued Iowa Democrats for the app’s failure, though he later acknowledged we all fell short, in an interview with MSNBC.

Troy Price, chairman of the Iowa Democratic Party, resigned on Wednesday, but stressed that Iowa Democrats are not the only party to blame” for the app’s failure.  

PWNED: Nevada Democrats, meanwhile, released more details about their own caucus tech plans as they scramble to avoid a repeat of Iowa’s debacle. 

The plan is to use a browser-based Google Forms tool to transmit early voters’ preferences back to their home precincts on Caucus Day, Megan Messerly at the Nevada Independent reports. That tool will also have a calculator function that will add early votes to caucus night results to determine which candidates have earned delegates and how many. The new plan came after Nevada Democrats scrapped a plan to use two apps built by Shadow Inc., the company that built the disastrous Iowa app.

The party consulted on the plan with security experts at Google, the DNC and the Department of Homeland Security, Nevada State Democratic Party Executive Director Alana Mounce wrote in a memo. Precincts will also keep backup paper copies of votes, she wrote. 

Mounce said the party has an extra verification process to ensure the form hasn’t been hacked, but would not provide details, citing security concerns, Megan reports. 

PUBLIC KEY

— Cybersecurity news from the public sector:

PRIVATE KEY

— Cybersecurity news from the private sector:

THE NEW WILD WEST

Cybersecurity news from abroad:

ZERO DAYBOOK

Coming up:

  • The Penn State Dickinson Law and Institute for Computational and Data Sciences will host an event “Hacking The U.S. Election: How Can We Make U.S. Elections More Secure?” on February 24 from 8:30am-1:00pm
  • US Election Assistance Commission will host a 2020 Elections Disability, Accessibility and Security Forum in Washington, D.C. on Thursday from 9am to 4:30pm
  • RSA Conference 2020 is scheduled for Feb. 24 to 28 in San Francisco.




This is a syndicated post. Read the original post at Source link .