with Tonya Riley


President Trump took a break from denouncing Democrats’ impeachment investigation during a fiery news conference yesterday to publicly pressure Finnish President Sauli Niinisto to block Huawei from his nation’s 5G networks.

Trump also praised the Finnish company Nokia, which is competing with the Chinese telecom for 5G wireless contracts, as “a great company” and “a global leader in 5G technology.”

The comments were among just a few from Trump that didn’t center on the whistleblower and impeachment investigations, and they underscore how critical the administration considers the 5G fight in Europe.

“The United States and Finland are…partnering to ensure the security of 5G networks,” Trump said, adding that “it is critical that we use safe and trustworthy technology providers, components and supply chains” in 5G.

Trump has banned Huawei from playing any role in U.S. 5G networks, citing concerns the company could be complicit in Beijing spying. U.S. envoys have crisscrossed the globe urging allies to do the same.

But that effort has had limited success — especially in Europe, which is a vital U.S. military and intelligence partner.

Officials fear that if Huawei has a foothold in Europe it will give Beijing an inroad to swipe any U.S. government and corporate secrets that touch the continent’s 5G networks. The fear is supercharged because those networks will carry orders of magnitude more data than current networks and will hook into a new generation of Internet-connected technology operating in hospitals, energy plants and other vital infrastructure.

But European nations have been hesitant to follow the United States — partly because Huawei already supplies a lot of their current telecom infrastructure and it would be onerous to shut it out.

“In Europe the situation is maybe a bit different … because the company you mentioned is inside Europe, partly at least,” Niinisto said as he mostly evaded questions about Huawei during the joint news conference.

Niinisto told reporters he was awaiting a risk assessment from the European Union that is expected in the next couple of weeks meant to guide nations’ 5G decisions. But it won’t be binding.

“What the European Union is now doing is … asking each country what kind of experiences, what you have seen and found out … and after that we have to decide together in [the] European Union what kind of tools we need to protect ourselves,” he said.

Niinisto also ducked commenting on Nokia, which is one of only two major Huawei competitors for global 5G infrastructure, along with Sweden’s Ericsson.

“We all know Nokia is a major factor in this area. They will answer for themselves,” he said.

Huawei has consistently denied spying for China and accused the United States of trying to hack its networks and urging employees to bring unsubstantiated claims of wrongdoing against the company.

And despite more than a year of intense U.S. lobbying, only Australia, New Zealand and Japan have embraced total Huawei bans while close U.S. allies including England and Germany have signaled they may allow Huawei to build some parts of their networks.

Trump also hasn’t helped matters by repeatedly wavering and suggesting he might reverse the ban as part of a trade deal with China. That has even prompted Republican and Democratic security hawks in Congress to push legislation that would prevent the president from reversing himself.

The Cybersecurity 202 will publish Oct. 8, 9 and 10 while Congress in recess. We will return to our normal schedule Oct. 14.


PINGED: Ransomware hacking victims shouldn’t pay off their assailants, the Department of Homeland Security's Assistant Director for Cybersecurity Jeanette Manfra said at the Washington Post Live Cybersecurity Summit yesterday. But she understands why they sometimes do.

“I'm not the person in the midst of making that tough decision about what's going on, and I don't fully understand what their risk calculus is,” Manfra said. “And when you have insurers and others that are going to cover that, that furthers our problem of misalignment of incentives.”

Manfra’s comments reflect the sticky position for federal cybersecurity officials who warn that victims who pay hacker ransoms could be funding criminal enterprises or even rogue nation-states such as North Korea, but also realize many victims aren’t in a good position to stand firm against hackers’ demands. While the FBI firmly recommends victims don't pay up, as recently as 2015 the agency gave conflicting advice.

Manfra urged companies and state and local governments to take precautions to prevent ransomware attacks, such as updating their security systems and backing up data.

Here are some more big moments from the conference.

October is National Cybersecurity Awareness Month, but it also marks the start of Domestic Violence Awareness Month. Electronic Frontier Foundation Director of Cybersecurity Eva Galperin says domstic abuse victims can often be the targets of stealth software. “Most people who are being spied on in their lives are not being spied on by governments or law enforcement. They are being spied on by stalkers or by exes or by people with whom they are currently in an abusive relationship,” Galperin said. 

The U.S. government has been pressing allies to ban Huawei from their 5G networks, but the National Counterintelligence and Security Center’s William Evanina says the problem is much bigger than Huawei. “If Huawei goes away, there's another company that's going to facilitate that role of the Communist Party of China and Xi Jinping's effort to be the global supplier of telecommunications, and I think that's the threat we face,” he said. 

Last year, more than 18 million tips reporting evidence of child sex abuse were sent to the National Center for Missing and Exploited Children and the vast majority of those tips came from Facebook. Sujit Raman, the associate deputy attorney general for the Justice Department, says 75 percent of those tips will “go dark” if social media companies follow through with plans to initiate end-to-end encryption.

PATCHED: Russian President Vladimir Putin joked yesterday that Russia would “definitely” interfere in the 2020 U.S. elections, making light of U.S. intelligence agencies’ unanimous conclusion the country interfered in the 2016 U.S. elections. “Just don't tell anyone,” he told an audience at a Russian energy conference, Nathan Hodge, Olga Pavlova and Mary Ilyushina at CNN report.

The Russian leader also came to Trump's defense as the president faces an impeachment investigation for a controversial call in which he seemingly pressed the leader of Ukraine to investigate former vice president Joe Biden and his family. 

“Based on what we know from the call, there was nothing wrong there,” Putin told reporters. “Trump asked his colleague to investigate possible corruption schemes of previous administrations.”

Putin compared the scandal around the call to similar concerns with a conversation between Trump and the Russian leader in 2018. He said that in that instance it was the White House, not Russia, that objected to releasing the call. “We directly told the administration to just publish it. If somebody wants to know something — just publish it, we don't mind.”

PWNED: Researchers found the tax records of more than 20 million Russian citizens exposed in an online database, Charlie Osborne at ZDNet reports. The unprotected servers contained addresses, residency status, passport numbers, phone numbers, tax IDs, employer names and telephone numbers from 2009 to 2016.

The majority of the records belong to people from Moscow and the surrounding regions, researchers say. It's unclear whether hackers stole the exposed data and why the Ukraine-based server owner had the trove of data in the first place. The owner locked down the two servers containing the data after researchers contacted them in September.

The report follows two similar discoveries of unprotected servers based in Miami and Germany that each contained the personal information of roughly the entire population of Ecuador.


— Cybersecurity news from the public sector:


Verizon is joining the Cyber Threat Alliance, a nonprofit threat-sharing organization led by former Obama administration White House cybersecurity coordinator Michael Daniel, the group announced this morning. K7 Computing and Scitum have also joined.

— More cybersecurity news from the private sector:


— Cybersecurity news from abroad:


— Coming Up:

  • The Department of Justice will host a Lawful Access Summit on warrant-proof encryption and its impact on child exploitation cases on Friday.