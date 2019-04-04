THE KEY

GuoPing, Huawei's rotating chairman, speaks during Huawei's 2018 Annual Report at Huawei Technologies Co. headquarters. (Billy H.C. Kwok/Getty Images)

The U.S. government’s global campaign urging allies to ban Huawei from their 5G telecommunications networks isn’t about fears of Chinese spying, the company’s chief security officer tells me.

Rather, it’s about China’s rise as a global superpower and the United States’s anxiety about no longer being top dog, said Andy Purdy Jr., a former top cybersecurity official in the George W. Bush administration who joined Huawei in 2012.

“There is a large geopolitical context for what is going on,” Purdy told me. “The U.S. is feeling very insecure in the world.”

Purdy’s comments come as U.S. officials are engaged in an epic battle to convince allies that Huawei poses a fundamental threat to the security of their wireless networks — but meeting with only minimal success.

Despite U.S. pleas, the European Commission opted not to urge member nations against contracting with Huawei for their 5G networks, and Germany appears to be seriously considering going with Huawei. Only Australia among U.S. allies has banned Huawei from its 5G networks, which will be up to 100 times faster than current networks — carrying much more data as well as controlling vital technologies such as connected cars and medical devices.

A NATO-affiliated think tank also urged member nations to take “nuanced approaches” to the Huawei 5G issue, rather than imposing a “ blanket ban” ahead of an event marking the alliance’s 70th anniversary this week. Vice President Pence railed against China onstage at that event, declaring that “determining how to meet the challenge of Chinese 5G technology … is a challenge European allies must contend with every day.”

President Trump, however, has seemed to undermine his administration’s arguments, suggesting in a February tweet that he might be willing to negotiate over the United States’s own Huawei ban — which hasn’t been imposed yet — as part of a trade deal with China.

According to Purdy, the U.S. arguments are dodges and misdirection, focused on geopolitical dominance rather than cybersecurity.

“The U.S. understandably likes the world better when the U.S. is the dominant player economically and militarily,” he told me. “Well, now China is a rival, a competitor and in terms of national security and espionage, is viewed as an enemy.”

Purdy was quick to point out that U.S. officials have offered no concrete evidence that Huawei has spied for the Chinese government and do not appear poised to do so. A Chinese cybersecurity law that U.S. officials say would require Huawei to assist Beijing spying if asked — and which Huawei officials say does not apply to the company — is merely an excuse, Purdy said.

“The reality is that the U.S. government believes that such a law is totally irrelevant,” he told me.

Purdy’s comments underscore how far apart the U.S. and Huawei positions are now.

Huawei has no vocal defenders in Congress or the executive branch, and the company is not speaking — even privately — with anyone in the U.S. government, Purdy told me.

The comments also highlight, however, that U.S. security officials — who insist both in public and private that their concerns about Huawei are both genuine and justified — may ultimately lose their argument on the global stage.

During a half-hour interview, Purdy pointed frequently to the European Commission decision and to comments by German Chancellor Angela Merkel pushing back on U.S. pressure to ban Huawei, describing them as evidence that the company can be transparent and win the trust of Western leaders.

Asked why some European leaders nevertheless warn of Huawei’s risks, he blamed it on pressure by U.S. officials.

“Some see the U.S. as a bully internationally,” Purdy said.

To be fair, U.S. analysts have also painted China as a bully — or at least highly coercive — when describing why other nations are turning to Huawei for 5G.

As described by Jim Lewis, a cyber expert at the Center for Strategic and International Studies, Huawei begins its 5G pitch by offering below-market rates that are made possible only by generous subsidies from Beijing, then threatens a damaged trading relationship if the deal doesn’t go through.

“The risk is real, countries understand it, but they fear retaliation,” writes Lewis, who was formerly a top cyber official in the State and Commerce departments.

Huawei’s preferred solution, Purdy said, is for the United States and other nations to come up with standardized requirements for 5G security and a transparent method for testing whether companies can meet them.

“I think the U.S. is on a path to have the kind of security requirements that are necessary to address risk comprehensively . . . when that day comes, I think we’ll be able to participate because we can meet those requirements,” he said.

The U.S. government is, indeed, working on several initiatives to identify cybersecurity risk in government and industry supply chains, but Huawei is unlikely to pass those tests.

Whether companies are bound by foreign laws — such as the Chinese cybersecurity law — is a major factor officials are considering as they devise security requirements, Jeanette Manfra, a lead Homeland Security Department official working on the initiatives, recently told me.

Meanwhile, Huawei is still meeting with some U.S. decision-makers outside government and is hopeful it will be able to make its case to government officials again soon, Purdy told me.

“We certainly have people that we’re talking to to see if we can get folks to talk to us,” he said. “We haven’t given up yet, I’ll put it that way.”

PINGED, PATCHED, PWNED

The U.S. Coast Guard patrols the intracoastal waterway in front of President Trump's Mar-a-Lago resort. (Lynne Sladky/AP)

PINGED: Congressional Democrats are demanding answers about a Chinese woman arrested last weekend with a malware-infected thumb drive at President Trump's Mar-a-Lago resort.

At the top of the list is whether the facilities the president and his associates use to access classified information at the Florida resort are vulnerable to exploitation, my colleagues Karoun Demirjian and Rachael Bade report.

The Secret Service will brief leaders of the House Oversight Committee this morning about the incident. The House Intelligence Committee has also requested a briefing.

And “in a Wednesday letter to FBI Director Christopher A. Wray, Senate Minority Leader Charles E. Schumer (N.Y.), Judiciary Committee ranking Democrat Sen. Dianne Feinstein (Calif.) and Intelligence Committee vice chairman Sen. Mark R. Warner (Va.) stressed that the ‘incident raises very serious questions regarding security vulnerabilities at Mar-a-Lago, which foreign intelligence services have reportedly targeted,’ ” Karoun and Rachel write.

The incident is also raising questions about lax security procedures at the resort -- and whether it's feasible for a president to routinely vacation in a spot where swarms of other guests are always coming in and out, my colleagues David A. Farenthold, Devlin Barrett, Josh Dawsey and Ellen Nakashima report.

Shannon Donnelly, the longtime society columnist for the Palm Beach Daily News who has covered Mar-a-Lago for years, described for my colleagues "a situation in which the Secret Service is dealing with two missions, to keep the president safe and to keep his customers happy."

“I’m surprised that she got in. But then again, I’m not surprised,” Donnelly said of the intruder Yujing Zhang. “There’s hundreds of people coming and going when there’s an event, and half of them are members — they’re not used to being stopped.”

Trump, meanwhile, called the incident “a fluke” and said he wasn’t concerned about the resort’s security.

PATCHED: A frightening new malware created by Israeli researchers would allow hackers to crack into medical imaging equipment and modify CT and MRI scans, journalist Kim Zetter reports for The Post.

The research highlights a growing fear among cybersecurity officials that foreign intelligence agencies will begin modifying important data such as financial and health-care records — either to sow chaos directly or to degrade trust in that information.

Zetter begins the article by recounting the 2016 incident when Democratic presidential candidate Hillary Clinton quelled rumors about her health by releasing a CT scan that showed she had pneumonia. What would have happened, Zetter asks, if a hacker had manipulated those scans to show cancerous nodules?

“The research isn’t theoretical,” Zetter writes. “In a blind study the researchers conducted involving real CT lung scans, 70 of which were altered by their malware, they were able to trick three skilled radiologists into misdiagnosing conditions nearly every time.”

PWNED: Facebook is facing another security lapse after a damaging year that has included numerous security failings, including the 2018 Cambridge Analytica scandal in which more than 87 million Facebook user records were scraped without consent by the political data firm.

“Security researchers have found hundreds of millions of Facebook user records sitting on an inadvertently public storage server,” TechCrunch’s Zack Whittaker reports. The exposed data was found by researchers at security firm UpGuard.

“In the researchers’ write-up, Mexico-based digital media company Cultura Colectiva left more than 540 million records — including comments, likes, reactions, account names and more — stored on the Amazon S3 storage server without a password, allowing anyone to access the data,” Whittaker writes.

Facebook has removed the records, Reuters reported.

PUBLIC KEY

Cybersecurity news from the public sector:

Elizabeth Warren wants jail time for CEOs in Equifax-style breaches Should more CEOs go to jail after data breaches? Elizabeth Warren thinks so. Ars Technica

The Improbable Rise of Huawei How did a private Chinese firm come to dominate the world’s most important emerging technology? Foreign Policy

MIT cuts ties with Huawei, ZTE, cites federal investigations | ZDNet It seems MIT wants to stay well away from the trade investigations and court cases swirling around the Chinese companies. ZDNet

PRIVATE KEY

Cybersecurity news from the private sector:

Cybersecurity experts urge skepticism over claims Saudis hacked Bezos's phone When Jeff Bezos’s personal security consultant published a startling indictment of the National Enquirer on Saturday, alleging that the tabloid publication may have worked with Saudi Arabia to expose the Amazon CEO’s affair, there was one thing missing: any evidence for the claim. Yahoo News

A Major Antivirus Company Will Now Alert Users to 'Stalkerware' Antivirus company Kaspersky Lab announced that its Android security product will now mark all stalkerware apps as malware, prompting users to delete them. Motherboard

Bayer says has detected, contained cyber attack Germany's largest drugmaker, Bayer, said it had detected and contained a cy... Reuters

Michigan medical practice folds after ransomware attack | SC Media A Battle Creek, Mich. medical practice is being forced to shut its doors after cyberattackers wiped out its files when the firm refused to pay a ransom. SC Magazine

THE NEW WILD WEST

Cybersecurity news from abroad: