THE KEY

Huawei knows its court fight against U.S. government charges that it's complicit in Chinese spying will be a long slog. So the Chinese telecom is waging a public relations battle instead.

Huawei, which has been targeted by a slew of U.S. government restrictions, is now making its case directly to American companies. A company official tells me Huawei is reaching out to firms to defend its reputation and outline how it protects against Chinese espionage. 

They're also becoming a visible player in forums for industry pros: Huawei officials increased their presence at an annual convention of U.S. wireless carriers last week to push back against the government’s claims, the official noted, and even sponsored a panel discussion titled “Let’s Collaborate to Make America’s Communication Networks Safer.”

The lobbying efforts are an about-face for Huawei, which has historically shied away from big confrontations with the U.S. government though it's been accused of assisting Chinese government hacking for more than half a dozen years. The official says the company is now taking drastic action as the Trump administration's moves over the last 18 months make it far more difficult for Huawei to do business — not just in the United States but anywhere in the world. 

The purpose of the pitch to companies isn’t just to win their business. The broader P.R. campaign could also help improve their reputation in other countries where the company is not facing government bans.

“With these actions taking place, Huawei not only believes that it has to defend its own legal rights in the United States but also needs to maximize its education … about who the company is, about what it's required to do under Chinese law and what it’s required to do under U.S. law,” the Huawei official told me, under condition of anonymity to speak freely about company strategy. 

Those U.S. restrictions include a ban on government agencies and their contractors buying components from Huawei and on certain American companies selling Huawei software and other materials. The Trump administration also banned Huawei from playing any role in building the United States' next-generation 5G wireless networks and has lobbied other nations to impose similar restrictions. although only a handful have followed suit.

The pushback may be too little too late for Huawei’s U.S. business. The telecom has had to lay off half of its U.S. employees in recent months, the company’s lawyers said last week during a hearing challenging the U.S. government ban, the Wall Street Journal’s Tawnell D. Hobbs reported.

But any progress pushing back on U.S. restrictions probably will help Huawei’s reputation in Europe, Latin America and other regions where governments and industry have been hesitant to buy the U.S. argument that there’s no safe way to use Huawei gear without giving a green light to Chinese spying.

And there are some signs Huawei's efforts are paying off in the U.S. The company has had informal talks in recent months with officials at some U.S. government agencies examining whether there’s any way to repair that relationship, the official said, but declined to say what agencies the company had spoken to.

“There have been some communications, but some phone calls are still not being returned,” the official said. “Some folks are hearing our message and are willing to talk, but it’s still a challenge.”

Huawei also got some good news in federal court last week when Judge Amos L. Mazzant III seemed hesitant to dismiss the company’s case challenging the U.S. government ban. Mazzant wondered aloud during the hearing whether there was some way to protect government computer networks from Chinese espionage without imposing such a sweeping and damaging restriction on Huawei, the Journal reported.

The judge also asked for additional filings from Huawei and the government, and said he doesn’t have “an inkling” of how he intends to rule in the matter, Bloomberg News’s Edvard Pettersson reported.

If Huawei successfully knocks back the government’s effort to dismiss the case, that would be a significant victory for the company — especially because a lawsuit filed by the Russian anti-virus company Kaspersky over a similar ban and that made the same legal arguments got thrown out last year at that early stage.

Both companies argue that Congress overstepped its bounds and unfairly singled them out for punishment by imposing the bans.

PINGED, PATCHED, PWNED

PINGED: Microsoft will continue to offer state and local election officials free cybersecurity support for voting systems that use the Windows 7 operating system through the 2020 election, even as it ceases to provide those updates to other users, Sean Lyngaas at CyberScoop reported. Microsoft's decision follows an announcement by the U.S. Election Assistance Commission that it would not recommend that states decertify machines running on the decade-old software despite serious security concerns.

“We want to make sure that Windows 7 end-of-life doesn’t … become a barrier to having a secure and safe election,” Jan Neutze, head of Microsoft’s cybersecurity and democracy team, said.

Microsoft will cease updates for Windows 7 in January, which would have left elections across the country more vulnerableto hacking. The free updates will also be available to other countries holding national elections in 2020, Sean reports.

PATCHED: Russian intelligence agencies are building out a massive network of hacking operations that could pose a significant risk to the United States -- especially if they're weaponized against the 2020 U.S. elections, researchers at the cybersecurity firm Check Point say in a report out later today. 

 “Given the timing, the unique operational security design, and sheer volume of resource investment seen, Check Point believes we may see...an attack carried out near the 2020 U.S. Elections," the researchers write.

One big concern is that the various Russian hacking groups appear not to be sharing hacking tools but all developing their own set of tools to do similar things, Check Point reports. That means that even if U.S. digital defenders figure out how to defend against one Russian group they'll still be vulnerable to other ones, the researchers said. This would make it extremely easy for Russians to launch a “large-scale election hack” in 2020, the researchers warn. 

PWNED: Two years after the WannaCry ransomware attack took down hundreds of thousands of computers around the world, versions of the malicious software are still plaguing some users, Danny Palmer at ZDNet reports. The number of WannaCry attacks are at an all-time high since 2017 and in August the cybersecurity firm Sophos intercepted more than 4 million WannaCry-related attacks, Danny reports. 

Security researchers managed to halt the original WannaCry attack, which U.S. officials say was launched by North Korea, by creating a “kill switch” that stopped the code in its tracks. But Sophos has since identified nearly 3,000 variations of the malware that are immune to the kill switch. 

A big part of the problem is that users aren't updating their computers to protect against new hacking tools and are missing out on crucial patches that could protect them from not just WannaCry, but a host of other malware, Peter Mackenzie, security specialist at Sophos, told Danny.

PUBLIC KEY

— Cybersecurity news from the public sector:

As the United States weighs possible cyberattacks against Iran, it is looking for options that would deter Tehran from further strikes but avoid creating more conflict in the region.
New York Times
U.S. Secretary of Defense Mark Esper is calling on allies in the North Atlantic Treaty Organization to bar Chinese companies from developing 5G networks there, reiterating an American argument that largely has failed to convince European countries to blacklist telecommunication firms with ties to Beijing.
CyberScoop
State lawmakers are increasingly focused on deceptively edited videos, a pervasive technology that advocates say has the potential to disrupt elections. But are bans constitutional?
Nextgov
In tandem with creating a new information warfare command, the Air Force released a new strategy to address digital warfare over the next decade.
Federal Computer Week
PRIVATE KEY

— Cybersecurity news from the private sector:

The scale of suspensions, following the Cambridge Analytica scandal, was far larger than the social network had previously revealed.
The New York Times
When researchers remotely hacked a Jeep Cherokee in 2015, slowing it to a crawl in the middle of a U.S. highway, the portal the hackers used was an infotainment system made by supplier Harman International.
Reuters
Technology
Some cybersecurity professionals are concerned that insurance policies designed to limit the damage of ransomware attacks might actually be encouraging hackers
Associated Press
THE NEW WILD WEST

— Cybersecurity news from abroad:

Rui Pinto ran a website called Football Leaks and won praise as a whistle-blower. Portugal’s authorities consider him a criminal.
New York Times
The Kingdom and oil and gas industry have been slow to shore up defenses, raising red flags about the possibility of longer term fall-out in the region.
CNBC
ZERO DAYBOOK

— Today:

— Coming up:

  • The House Science Committee will host a hearing on “Online Imposters and Disinformation” Tuesday at 10 a.m.
  • The International Association of Privacy Professionals hosts a conference September 24-25 in Las Vegas.