The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: U.K. is set to bar Huawei in a major U.S. victory


with Tonya Riley

The United Kingdom is expected to today announce plans to bar Huawei from its 5G telecom networks, marking a major victory for the Trump administration in its years-long war to rein in the Chinese firm.

That’s a huge about-face from just a few months ago, when the U.K. was ready to allow Huawei to build less-sensitive parts of its next-generation networks despite U.S. warnings that the firm posed unacceptable risks of Chinese spying. 

The decision could also prompt European nations that are on the fence about Huawei to limit or ban the company from their 5G networks, Ellen Nakashima and William Booth report.

“The writing’s on the wall in Europe,” Paul Triolo, who heads the Eurasia Group’s global technology policy practice, told my colleagues. “There’s no way that Huawei will remain a big supplier there.”

But the move also underscores the immense costs for Western nations turning away from Huawei, which is among the most prominent and cheapest suppliers of 5G gear.

The British telecoms Vodafone and BT have estimated it would take years and “single-figure billions” of dollars to rid their networks of Huawei equipment. They’re calling for a five-year transition to limit the disruption for customers. 

Huawei officials, meanwhile, are warning that the U.K. might be abandoning its chance to be a leader in 5G, which is expected to be much faster and more efficient than current telecom networks and capable of carrying exponentially more data. 

“This is a once-in-a-lifetime opportunity for the U.K.,” Huawei Global Vice President Victor Zhang warned. 

Some U.S. companies are also sounding alarms about the difficulty of transitioning away from Huawei. 

A slew of industry groups, including the U.S. Chamber of Commerce, the Aerospace Industries Association and the Computing Technology Industry Association, are pushing for a one-year delay on a Trump administration ban on government contractors using Huawei, as Inside Cybersecurity reports. The ban is expected to be finalized shortly.

They say there’s not enough time to implement the ban and contractors need to focus on weathering the coronavirus pandemic. 

“An extension of the deadline would actually strengthen U.S. security by ensuring better planning and execution of the statutory prohibitions,” David Berteau, chief executive of the Professional Services Council, a coalition of government contractors, told Defense News

Those calls are unlikely to gain much traction from the White House or in Congress, where Republicans and Democrats are largely united in getting tough on China — and on Huawei, in particular.

The fact that allies are turning against Huawei despite those costs is a feather in the cap for the Trump administration’s foreign policy. 

It comes after months during which allies questioned why the administration couldn't produce a “smoking gun” showing that Huawei posed a spying danger. They were also highly skeptical of President Trump for seeming to use U.S. efforts against Huawei as a bargaining chip in U.S.-China trade negotiations. 

The turn is partly due to increasingly stringent U.S. restrictions

The harshest move came in May, when the Commerce Department effectively hobbled Huawei’s supply chain by banning foreign firms selling computer chips within the United States from also working with the Chinese firm. 

The shift was helped along by global anger over China’s lack of transparency during the early days of the coronavirus pandemic and its crackdown in Hong Kong. 

Finally, U.S. officials changed their strategy from arguing Huawei itself was guilty of spying to arguing that the company simply couldn’t refuse to aid spying by Beijing under China’s communist system. 

“We really pivoted that discussion over time,” said Robert Strayer, deputy assistant secretary for cyber and international communications and information policy in the State Department. “If you fully understand the Chinese Communist Party’s intent in the way the system works in China, there’s not autonomy for those companies.” 

The U.S. argument has worked with many allies, but it won’t put Huawei out of business. 

The U.K.’s decision effectively means Huawei will be cut off from 5G networks across the United States and all four of its closest intelligence-sharing partners — the U.K., Canada, Australia and New Zealand.

Numerous other nations have also banned Huawei from their networks, including Poland, Estonia, the Czech Republic and Japan. India, which has not yet built any 5G system, nevertheless barred two state-run firms from using Chinese gear after security clashes along its border with China.

But Huawei and another Chinese telecom, ZTE, control about 90 percent of the 5G market in China, which accounts for about half the global market. And they’re pushing to control the 5G markets in Latin America and Africa when they develop.

That has many analysts fearing a future in which the world is effectively bisected between regions that rely on Western technology and those in which Chinese technology is ascendant.

The keys

The spyware firm NSO Group can continue to sell its tools internationally, an Israeli court ruled.

The judge rejected a request by Amnesty International and other groups to revoke NSO's export license on the basis that it had facilitated human rights violations. The groups failed to provide adequate evidence for their claim that the company attempted to hack the phone of an Amnesty International activist, the judge said.

The ruling was a blow to cybersecurity and privacy groups that accuse NSO of helping authoritarian governments spy on activists, journalists and political dissidents. 

“The ruling of the court flies in the face of the mountains of evidence of NSO Group’s spyware being used to target human rights defenders from Saudi Arabia to Mexico, Danna Ingleton, acting co-director of Amnesty Tech, said in a statement.

NSO, meanwhile, applauded the decision. The judgment is irrefutable evidence that the regulatory framework in which we operate in is of the highest international standard, it said in a statement.

WhatsApp is also suing NSO for allegedly helping to hack at least 100 of its users across 20 countries.

At least 65,000 mail-in ballots have been rejected in primaries held during the pandemic so far.

The ballots arrived after election deadlines but often through no fault of the voter, according to an NPR analysis reported by Pam Fessler and Elena Moore. The rejected ballots make up a small percentage of total ballots in most states but they're enough to make a difference in a close election. 

In some states the figure is higher. Virginia, for example, rejected nearly 6 percent of mail-in ballots. And even a small percentage of rejected ballots is likely to undermine people's faith that their vote will be counted. 

Even more concerning, people voting by mail for the first time are more likely to have their ballots rejected, Charles Stewart, a political scientist at the Massachusetts Institute of Technology, told NPR. That could cause chaos, with an influx of voters switching to mail voting because of the coronavirus pandemic. 

Democrats and advocacy groups have filed lawsuits trying to force several states to count all mail votes as long as they’re postmarked before Election Day. Republicans argue that it would create too much confusion to continue to count votes after Election Day.

Trump confirmed a U.S. cyberattack against a Russian troll farm ahead of the 2018 midterms. 

The president made the confirmation during an interview with Washington Post columnist Marc Thiessen. 

The Post first reported on the U.S. Cyber Command operation last year, but White House and military officials had not previously acknowledged it, Ellen reports. The operation was a prime example of Trump administration efforts to aggressively punch back against adversaries in cyberspace. The White House expanded Cybercom’s authority to launch offensive attacks in 2018.

The confirmation marked a rare acknowledgment by the president of Russian efforts to sow discord in U.S. elections. The intelligence community warns that Russia is likely to interfere again in the 2020 election.

Cybercom also carried out an attack against computer systems used by IranIslamic Revolutionary Guard Corps to target oil tankers in the Persian Gulf last August. The strike was in retaliation for the destruction of a U.S. surveillance drone.

Government scan

The White House's top tech official will take on a new acting role at the Pentagon.  

Michael Kratsios joined the White House in 2017. He is best known for spearheading initiatives in artificial intelligence, quantum computing and 5G communications technology. He has also led the White Houses private-public partnership to use supercomputers to combat the coronavirus pandemic.

“In seeking to fill this position we wanted someone with experience in identifying and developing new technologies and working closely with a wide range of industry partners,” Defense Secretary Mark T. Esper said in a statement.

Kratsios formerly served as chief of staff to Peter Thiel, one of Trumps most prominent Silicon Valley supporters and a co-founder of Palantir, which has more than $60 million worth of military contracts.

More government and political news:

U.S. Secret Service merges electronic and financial crimes task forces (Reuters)

DNC issues fresh warning on TikTok, citing data security risks (CyberScoop)

House Republican introduces legislation to strengthen federal cybersecurity (The Hill)

Industry report

Tech giants backed a lawsuit against a Trump administration rule that could force out international students. 

Facebook, Google and Microsoft joined a brief filed by the U.S. Chamber of Commerce on Monday in support of a lawsuit brought against Immigration and Customs Enforcement, Ashley Gold reported for Axios.  

The tech companies are asking a federal judge to halt or slow the enforcement of the new guidance that would prevent foreign students from staying in the United States if their academic institutions dont offer in-person classes. They argue that the administration failed to properly consider the consequences of the move on the U.S. business community. 

More industry news:

A hacker is selling details of 142 million MGM hotel guests on the dark web (ZDNet)

Google Meet adds zoombombing protection for education customers (ZDNet)

Cyber insecurity

Researchers say a popular router has failed to fix severe security flaws.

They flagged the vulnerabilities to manufacturer Tenda more than six months ago and the company has yet to fix them, Motherboard reports.

More hacking news:

Inside America’s Secretive $2 Billion Research Hub Collecting Fingerprints From Facebook, Hacking Smartwatches And Fighting Covid-19 (Forbes)

iPhone Hackers Grayshift Sell 'Mobile' GrayKey (Vice)

Chat room

Cybersecurity pro tip: Wrapping your phone in tin foil won't prevent surveillance. Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation:


  • The House Oversight Committee will hold a hearing to examine U.S. cybersecurity preparedness and the National Cyber Director Act on Wednesday at 12 p.m.
  • The House Budget Committee will hold a hearing on the need for federal investments in technology in light of the coronavirus pandemic Wednesday at 2 p.m.
  • The Center for Democracy and Technology will host an event, A Shared Responsibility: Protecting Consumer Health Data Privacy in an Increasingly Connected Worldon Wednesday at 4 p.m.
  • The Aspen Institute will host a discussion about U.S. election security in the shadow of the coronavirus on Thursday at 1 p.m.
  • The House Homeland Security Committee will hold a hearing evaluating the Cyberspace Solarium Commission recommendations on Friday at 12:30 p.m.
  • The House Administration Committee will hold a hearing on the security of remote voting in the House on Friday at 1 p.m.
  • The Center for Strategic and International Studies will host a discussion with former Google chairman and chief executive Eric Schmidt about technology, data and innovation policy on Friday at 4 p.m.
  • The Senate Rules Committee will hold a hearing on general election preparations on July 22 at 10:30 a.m.

Secure log off

Tweet us your cybersecurity-themed names for Washington’s football team: