THE KEY

The U.S. risks losing the next generation of telecommunications systems to China if the White House doesn't create a new position to oversee 5G policy, the Senate’s top security leaders are warning. 

The bipartisan group is calling for a unified national strategy as U.S. officials are fighting a rear-guard battle to prevent the Chinese firm Huawei from building super-fast 5G wireless networks across much of the world — which they fear could support a global network for Chinese spying. 

A new 5G coordinator would tackle threats that cross government agencies including the Pentagon, State and Homeland Security departments and Federal Communications Commission, the senators said in a letter to the Trump administration’s national security adviser Robert O’Brien. 

“In our view, the current national level approach to 5G is comprised of a dispersed coalition of common concern, rather than a coordinated, interagency activity,” the senators warn.

The result of that scrambled effort will be “an authoritarian nation lead(ing) the marketplace for telecommunications solutions,” they say. 

The letter was signed by Republican and Democratic leaders from key Senate panels, including the Intelligence Committee's Richard Burr (R-N.C.) and Mark Warner (D-Va.); Homeland Security's Ron Johnson (R-Wis.) and Gary Peters (D-Mich.); Foreign Relations's James Risch (R-Idaho) and Robert Menendez (D-N.J.); and Armed Services's James Inhofe (R-Okla.) and Jack Reed (D-R.I.).

Warner amplified the call on Twitter, saying “I promise you China is taking 5G seriously. We need to step up our efforts and make the creation of a secure American 5G network a top priority.”

“We need a coordinated national strategy to develop 5G telecommunications technology — especially so we don’t fall further behind competitor countries like China,” Inhofe tweeted.

The National Security Council declined to comment. Huawei has consistently denied U.S. charges that it assists Chinese spying and said it would refuse those requests if asked. But U.S. officials have shot back that, under China's Communist Party leadership, the company would have no choice but to comply. 

The situation is especially dire because the United States lacks its own competitor to build 5G networks, which will carry orders of magnitude more data than current networks, and is instead pushing allies toward Finland’s Nokia, Sweden’s Ericsson and South Korea’s Samsung.

And the Trump administration has repeatedly wavered on actions to rein in Huawei’s 5G dominance. President Trump has repeatedly suggested he might reverse the stiffest penalty — a not-yet-imposed ban on U.S. companies selling components to Huawei — as a sweetener to a U.S.-China trade deal.

As Huawei scoops up more and more 5G contracts, U.S. officials are trying to dull the impact by increasing innovation around the software components of those networks where U.S. companies are more competitive. But that will only help so much.

The letter predicts a decades-long effort to reverse the U.S. slide and to rally allies to help combat Chinese dominance. 

“We must shape the future of advanced telecommunications technology by supporting domestic innovation through…a sustained effort over the course of decades, not months,” they warn. “A challenge of this magnitude requires a more ambitious response than traditional agency processes can support.”

The senators’ call echoes a bill the House Commerce Committee is considering that also demands a national 5G strategy.

PINGED, PATCHED, PWNED

PINGED:  Britain’s Labour Party is refusing to upgrade its basic $20-a-month cybersecurity package, despite two attacks by hackers last week that managed to knock its web services offline, according to internal emails reviewed by Jack Stubbs at Reuters. The decision could put the party at increased risk of attacks, experts warn.

The party buys cybersecurity protection from the firm Cloudflare — but at a level much lower than what is recommended for large, high-risk organizations, Jack reports. Instead, it's buying a package recommended for small websites and blogs -- and expressing confidence that it sucessfully dealt with last week's back-to-back attacks, which were aimed at flooding its websites with phony traffic to knock them offline. 

“We are confident that the Labour party took the necessary steps to deal with the attack. The attack was not successful,” a spokeswoman for Britain’s National Cyber Security Centre told Reuters.

Britain's Conservative Party was also hit with a denial of service attack last week, but a spokeswoman did not respond to Reuters's questions about what cybersecurity protection services it used.

The NCSC has not released a final analysis of last week's attacks and say its investigation is still ongoing.

Electronic Frontier Foundation Director of Cybersecurity Eva Galperin speaks at a Washington Post Live event.

PATCHED: Prominent anti-virus companies and nonprofit organizations are teaming up to combat apps that stalkers and abusive partners use to track their victims, CyberScoop's Sean Lyngaas reports. The Coalition Against Stalkerware, unveiled yesterday, stems from efforts by Electronic Frontier Foundation's director of cybersecurity, Eva Galperin, to get the industry to start actively flagging and removing the malicious apps.

Anti-virus software company Kaspersky Lab, one of the initiative's founding partners, launched a feature for flagging stalkerware in Android phones in April, but many other anti-virus companies still fail to flag the apps. And the problem is growing: Kaspersky found a 35 percent jump in cases in the past year, with more than 37,000 of its users affected by the spyware in 2019. 

“It’s my hope that detecting stalkerware will become the new norm in the anti-virus industry,” Galperin told CyberScoop.

The group hopes to expand to include law enforcement agencies and corporations. Its efforts currently focus on educating the public about stalkerware and offering tools for potential victims to help determine whether their devices are compromised.

PWNED: Iran still lags behind the United States, China and Russia when it comes to offensive hacking but has increased its capabilities since the 2010 Stuxnet cyberattack that severely damaged its nuclear program, a report released by the U.S. Defense Intelligence Agency finds

The country is also getting technical cybersecurity help from Russia and China, and Iranian President Hassan Rouahani has pledged to increase the nation’s cyberspace budget, DIA found.

“Iranian cyberactors frequently target aerospace companies, defense contractors, energy and natural resource companies, and telecommunications firms for cyberespionage operations,” the report notes.

The report points to a series of hacking campaign against major U.S. banks and a data-deletion attack on a U.S. casino -- presumably a 2014 attack on the Sands Casino in Las Vegas that cybersecurity firms have attributed to Iran -- as evidence of the country's ability to inflict significant damage on enemies. More recently, Iranian sponsored actors used malware to damage Saudi targets in 2016 and 2017.

PUBLIC KEY

— Cybersecurity news from the public sector:

National Security
U.S. and European officials and human rights groups say the resolution could condone authoritarian states’ control of the Internet.
Ellen Nakashima
U.S. authorities have arrested a 20-year-old Chicago man for allegedly writing computer code to help the Islamic State terrorist group spread propaganda. Thomas Osadzinski, a student at DePaul University, is accused of writing a computer script to make ISIS propaganda more accessible to social media users.
CyberScoop
White House hopeful Andrew Yang released a sweeping plan Tuesday that he says would expand access to the ballot box. 
The Hill
A bipartisan pair of senators are pressing Facebook over its location tracking policies, questioning whether the social media giant continues to track users even when they've said they don't want Facebook to do so.
The Hill
After years of on-and-off debate over nearly snoop-proof security, the industry is girding for new pressure from law enforcement around the world.
New York Times

PRIVATE KEY

— Cybersecurity news from the private sector:

For the second time in as many years, Macy’s customers have been hit by a data breach involving countless numbers of credit cards.
TechCrunch
GetMonero.com delivers Linux and Windows binaries that steal users' funds.
Ars Technica
Security researchers found a flaw through Android's voice commands that allowed for eavesdropping and location tracking.
CNET

THE NEW WILD WEST

— Cybersecurity news from abroad:

The Indian government said on Tuesday that it is “empowered” to intercept, monitor, or decrypt any digital communication “generated, transmitted, received, or stored” on a citizen’s device in the country in the interest of national security or to maintain friendly relations with foreign states.
TechCrunch
A Swedish prosecutor dropped a rape investigation against WikiLeaks founder Juli...
Reuters

ZERO DAYBOOK

— Coming up:

  • The House Financial Services Committee will host a hearing on the role of big data in financial services on Thursday at 9:30 a.m.
  • The 2019 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 18-20 Nov 2019 in at the Crystal Gateway Marriott in Arlington, VA.
  • CYBERWARCON takes place on Thursday in Arlington, Va.