THE KEY

Republican and Democratic security hawks in Congress want to make sure President Trump doesn’t roll back restrictions he placed on the Chinese telecom giant Huawei to get a better trade deal with Beijing.

Legislation they introduced in the House and Senate on Tuesday would block the White House from rolling back a ban on Huawei building the United States’ next-generation 5G wireless networks. The Defending America’s 5G Future Act would also allow Congress to disapprove any waivers granted to U.S. companies after a Commerce Department ban on supplying Huawei with software and components.

The Trump administration imposed those restrictions because of fears the Chinese government could compel Huawei to use a privileged position in U.S. telecom networks to spy on or sabotage American companies, but Trump has repeatedly wavered on the bans, insinuating he might roll them back in exchange for a better trade deal.  

The bipartisan bill marks a rare instance of Republican lawmakers joining with Democrats to rein in the president — a fact Sen. Mark Warner (D-Va.), one of the sponsors, told me underscores the danger of Huawei gaining a powerful position in U.S. 5G networks.

“It would be devastating if the administration traded away [restrictions on] Huawei, traded away our national security to get a trade deal done,” Warner, the ranking Democrat on the Senate Intelligence Committee, told me.

“If you have networks that can be penetrated when a Communist Party official says to Huawei, ‘You have to plant this malware in your software upgrade,’ that would be a huge problem,” he said.

Rolling back the Huawei bans would also damage the credibility of U.S. diplomats and intelligence officials who have crisscrossed the globe urging allies to impose similar bans, Warner told me.

“Our national security establishment has put its whole credibility on convincing our allies to not buy Huawei,” he said. “I’m convinced that if the president, in his shoot-from-the-hip style, would trade this away it would be devastating.”

One of the bill’s main Republican sponsors, however, told me he doesn’t view it as a rebuke to Trump and is more concerned about future Democratic presidents rolling back the Huawei bans.

“I view this as an effort to buttress the [administration’s Huawei] policy,” Sen. Tom Cotton (R-Ark.) told me. “I believe some Democratic presidents might not be as tough on China as President Trump has been, so it’s important for Congress to express now our support for these measures and to ensure no president can remove them without congressional approval.”

Cotton added that “Democrats may spin” the bill as a criticism of Trump but said he’s “focused on the threat Huawei poses and will work with [Democrats] when we agree on the merits.”

The bill's other Senate sponsors are Chris Van Hollen (D-Md.), Marco Rubio (R-Fla.), Richard Blumenthal (D-Conn.) and Mitt Romney (R-Utah). Sponsors in the House are Mike Gallagher (R-Wis.), Jimmy Panetta (D-Calif.), Liz Cheney (R-Wyo.) and Ruben Gallego (D-Ariz.).

Huawei has steadfastly denied that it has spied on behalf of the Chinese government, and the intelligence community hasn’t provided smoking-gun evidence that proves otherwise.

Government officials and lawmakers have often argued that their concern is less about spying in the past than spying in the future. And because the Chinese government is so powerful, they say, it would be impossible for Huawei to refuse a spying demand from Beijing.

The danger is compounded because 5G networks will carry far more data than the current generation of wireless networks. And they’ll be connected to far more systems that could endanger people’s lives if they were sabotaged, such as keeping autonomous vehicles safe on the roads and running connected security cameras. Warner, who's a former telecommunications executive, compared the shift during our conversation to the "transition from radio to television." 

U.S. officials’ efforts to convince allies to ban Huawei from their 5G networks have met with limited success, however. Only a handful of nations, including Australia and New Zealand, have instituted full bans. And some close allies, including England and Germany, appear poised to allow Huawei to build some portions of their networks.

If the company is allowed to gain a strong position in global 5G networks, that would “threaten the privacy and prosperity of our businesses and our citizens,” Cotton said.  

PINGED, PATCHED, PWNED

PINGED: The 2020 Census still faces “high risk” of being hacked, despite numerous warnings from government watchdogs and years of efforts to close up digital vulnerabilities, the Government Accountability Office's cybersecurity lead Nick Marinos told lawmakers. The 2020 Census will be the first count conducted primarily online and a failure to address dozens of critical security flaws before it begins could endanger sensitive data for hundreds of millions of Americans including birth dates, marital status, and telephone numbers. 

The Commerce Department is behind on implementing more than 30 recommendations suggested by the GAO, Marinos testified at a Senate Homeland Security hearing, and is at risk of not meeting key milestones for five systems that would protect census data. Marinos also raised serious cybersecurity concerns at a House Appropriations Committee hearing in May. A GAO report released Tuesday shows that more than 300 cybersecurity risks to the census system remain.

The Census Bureau also still hasn't implemented a system to track suggestions by partners at the Department of Homeland Security, increasing the likelihood that vulnerabilities will go uncorrected, Marinos added. Government auditors warn that hackers may also try to access Census systems by tricking employees on social media into sharing login access.

PATCHED: A bipartisan group of House lawmakers wants to combat Huawei by making U.S. officials take a more active role in international standards-setting meetings where rules of the road for 5G networks are being written. A bill sponsored by Reps. Michael McCaul (R-Tex.) and Henry Cuellar (D-Tex.) pushes the State Department to send more diplomats to those meetings and requires the department to report back to Congress on areas where China is getting a leg up in negotiations. 

“China fully intends to become the preeminent global power — using tactics like hacking, cyberattacks, intellectual property theft, and espionage to achieve its goals,” McCaul said in a statement. “China’s majority control of the world’s 5G networks, interconnected devices and cloud storage is a risk we cannot accept.” 

PWNED: Hackers are forcing tech-savvy schools offline and leaving teachers without the resources they need to educate students, the Associated Press’s Michael Melia reports

In Connecticut, for example, hackers forced the Avon Public School System offline several times each day for six weeks and "lesson plans built around access to the internet [came] to a halt," Melia reports. Other schools in the Florida Keys "took themselves offline for several days last September after a district employee discovered a malware attack." And "the 2,000-student Coventry Local School District in Ohio had to close schools in May as staff worked to fight a virus of that had infected the network." In that case, the FBI helped assist in the recovery process. 

Senate Minority Leader Chuck Schumer (D-N.Y) asked DHS last October to investigate how to support cybersecurity at schools after a series of denial of service attacks flooded the networks of 50 New York school districts, making the Internet unusable. But most schools still lack the in-house IT or cybersecurity insurance to deal with attacks, the AP reports.

The FBI warns that it's hard to put a price tag on the increasingly common attacks against schools since they often go unreported. Culprits can include foreign or domestic hackers looking for information they can use to harass, exploit, or gain financial access.

PUBLIC KEY

— Cybersecurity news from the public sector:

Defense Secretary nominee Mark Esper told the Senate Armed Services Committee Tuesday that he is confident in the security of the 2020 elections.
CyberScoop
Ukraine has arrested an alleged major computer hacker who has been sought by the United States for years. The head of Ukraine's national security service Ivan Bakanov said Tuesday that Mykhailo Rytikov was arrested in the city of Odessa.
Yahoo News
The military’s torpid response has been caused by bureaucratic inertia, the political dominance of traditional weapons and a failure to comprehend how rapidly warfare is changing in the modern world.
Gov Tech
PRIVATE KEY

— Cybersecurity news from the private sector:

Hackers had access to customer info such as names, billing, device details, and more.
ZDNet
The president of embattled cryptocurrency exchange Bitpoint has revealed the full extent of last week's $28 million hack.
The Next Web
A security lapse at a hotel management startup has exposed hotel bookings and guests’ personal information.
TechCrunch
Highly skilled, unauthorized users may be able to enable system options not purchased in Philips' Holter 2010 Plus software, but the company said the issue shouldn't compromise patient data or overall system operations. 
Med Tech Drive
Medtronic and the FDA left an insulin pump with a potentially deadly vulnerability on the market—until researchers who found the flaw showed how bad it could be.
Wired
The Android malware pushed fake prizes to generate click fraud. The program’s developers borrowed open-source code from the real Telegram app.
CyberScoop
THE NEW WILD WEST

— Cybersecurity news from abroad:

A 20-year-old Bulgarian cybersecurity worker has been arrested on suspicion of i...
Reuters
Hong Kong activist Joshua Wong said that Google Inc. warned him about government-backed hacking attempts as the former British colony’s historic protests continue to draw global attention -- and China’s ire.
Reuters
ZERO DAYBOOK

Today:

  • The House Oversight Committee hosts a hearing on the role of FedRAMP in IT modernization at 11 a.m.
  • The House Science subcommittee on energy hosts a hearing on modernizing and security the nation's electricity grid at 2 p.m.

Coming up:

  • The Aspen Security Forum takes place July 17-20 in Aspen, Colorado