China is shaping up to be the Biden administration’s biggest cybersecurity headache. 

In nearly every sphere of digital conflict, China will pose the greatest challenge during the next four years, from its efforts to steal reams of intellectual property from U.S. companies to the espionage threat posed by Chinese firms that could be co-opted by Beijing and are dotted throughout the supply chains of U.S. companies.  

The president-elect also will inherit a global struggle to keep Chinese companies including Huawei and ZTE from dominating the future of telecommunications, which officials say could be disastrous for cybersecurity. 

And the threats probably will increase as China grows into a world superpower and the greatest U.S. military and economic rival

“The Chinese have a long game compared to all the other countries the U.S. deals with in cyberspace,” Adam Segal, a China and cybersecurity expert at the Council on Foreign Relations, told me. “Russian hackers may be more dangerous or more skilled, but Chinese hackers sit inside a larger framework focused on building Chinese power and influence.”

Indeed, President Trump’s former top cybersecurity adviser Rob Joyce often compared the Russian cybersecurity threat to a hurricane that came through fast and caused chaos. The Chinese threat, by contrast, was like climate change, he said — a slow, painful struggle likely to last generations. 

On one of the largest challenges, Biden probably will be in lockstep with Trump. 

That’s the threat posed by Huawei.

Trump officials crisscrossed the globe urging allies to block the Chinese telecom giant from building its next-generation 5G wireless networks out of fear Beijing could use the company’s infrastructure to supercharge global spying. 

They also placed increasingly severe restrictions on the company, most prominently by barring foreign firms that sell computer chips within the United States from also working with Huawei.  

Biden is likely to tweak the Trump approach but to largely maintain the hard line, Jeanne Whalen reports

The president-elect is expected to aim for a more consistent Huawei policy as opposed to Trump, who frequently undermined his own administration’s efforts by talking tough one day and offering to make concessions the next as part of a broader trade deal. 

Biden is likely to work more closely with allies on building rationales for where and why Chinese firms should be restricted, for example. He’s also expected to pursue more funding for basic research to make U.S. firms more competitive in 5G, Jeanne reports. 

But there’s no indication he’ll let up on the harsh export restrictions or on the pressure campaign to keep Huawei out of U.S. allies’ 5G networks.

After a rocky start, those efforts appear to be paying off

The United Kingdom, which initially planned to allow Huawei a limited role in its 5G construction, reversed course and now may fine telecom operators that work with the company. A number of other European nations also have agreed to ban Huawei from their 5G networks as have other U.S. allies including Australia, New Zealand and Japan. 

Biden is also likely to keep up the stream of indictments against Chinese government hackers. 

The Obama administration issued the first such indictments against hackers linked to China’s People’s Liberation Army in 2014. 

The move came after years of increasingly brazen Chinese data theft from U.S. companies and marked the first-ever indictments against hackers linked to any national government.

Since then, the Obama and Trump administrations have released a string of such indictments against Chinese government-linked hackers. They've also publicly accused China of hacks targeting an array of industries including coronavirus vaccine research

Biden might break with the Trump administration, however, in trying to reinvigorate direct talks with China on cybersecurity. 

The Trump administration eschewed such talks, preferring to talk tough about imposing consequences on Chinese hackers until they backed off. 

Biden is likely to keep up the tough talk but may try to reinvigorate diplomacy on a few areas of common agreement. 

China may have a common interest with the United States in reducing transnational cybercrime, for example, or in international understandings that bar nations from hacking highly dangerous targets such as nuclear facilities. 

“Steps need to be taken before you reach that dialogue stage. You don’t jump right back in. But important work needs to be done,” Suzanne Spaulding, who led the Department of Homeland Security’s cybersecurity operations during the Obama administration, told me. 

There’s not a strong track record for such diplomacy.

China bolted an early round of cybersecurity talks after the Obama indictments in 2014. Chinese President Xi Jinping agreed with President Barack Obama to dramatically limit hacking for economic gain in 2015 but China has almost entirely ignored that pledge since 2017, intelligence officials say.  

Biden may also have less room to maneuver because of Republican critics.

Top Republican senators are already using China to attack the president-elect, Felicia Sonmez and Mike DeBonis report

Sen. Marco Rubio (R-Fla.), a China hawk with presidential aspirations, accused Biden’s early Cabinet picks of being soft on Beijing yesterday, declaring “I have no interest in returning to the ‘normal’ that left us dependent on China.”

Sen. Tom Cotton (R-Ark.), another potential 2024 presidential contender, tweeted that Biden is “surrounding himself with panda huggers who will only reinforce his instincts to go soft on China.”

At the very least, that could delay a large diplomatic initiative.

“I do think they’ll have discussions about the broad rules for cyber conflict, but their first impulse will be to not talk with China and work with allies instead,” Segal told me. “It’s something they may come to later on. They’re going to be sensitive to criticism from both the left and the right that they can’t be doing China any favors by coming to the table.” 

PROGRAMMING NOTE: We won't be publishing tomorrow and Friday in honor of Thanksgiving. Have a safe and happy holiday and we'll be back in your inboxes on Monday.

The keys

Democrats are pushing social media firms to crack down on disinformation before the Georgia runoffs. 

The senators are asking for detailed plans about how Facebook, Twitter and YouTube plan to combat disinformation — especially in Spanish — before the Jan. 5 contests that could determine party control of the U.S. Senate. 

The letters from Sen. Richard Blumenthal (D-Conn.) and four colleagues come after tech CEOs committed to improve content moderation in Spanish during a Senate Judiciary Committee hearing, Rebecca Klar reports for the Hill

The lawmakers are particularly concerned that YouTube is home to an “onslaught of videos aiming to undermine the legitimacy of the election,’” Shannon Vavra reports for CyberScoop

“We urge you to immediately remove all election outcome misinformation and take aggressive steps to implement prohibitions, as other social media companies have done, regarding outcomes in future elections,” the senators wrote in the letter to YouTube CEO Susan Wojcicki.

YouTube videos that contain false claims about the 2020 election results have gained millions of followers in recent days, including one that repeated unfounded claims about voter fraud in Michigan that was viewed more than 5 million times, Shannon reports. 

The letters were also signed by Sens. Amy Klobuchar (D-Minn.), Bernie Sanders (I-Vt.), Mazie Hirono (D-Hawaii) and Gary Peters (D-Mich.).

But Facebook employees and executives are at odds over how to balance limiting misinformation as the company grows.

Employees are arguing that some of the steps Facebook took to limit misinformation during the contentious presidential election should become permanent, according to Kevin Roose, Mike Isaac and Sheera Frenkel of the New York Times. 

While Trump was promoting baseless claims about election fraud and falsely claiming victory, Facebook employees proposed an emergency change to the company's algorithm to surface news sources Facebook deemed more authoritative using an internal ranking. The change resulted in more content from mainstream publishers such as CNN, the New York Times and NPR, and less from hyperpartisan outlets such as Breitbart and Occupy Democrats. 

Executives, however, feared making the changes permanent could result in people spending less time on Facebook

“The news feed debate illustrates a central tension that some inside Facebook are feeling acutely these days: that the company’s aspirations of improving the world are often at odds with its desire for dominance,” the Times reporters wrote. 

Guy Rosen, an executive who oversees Facebook's integrity division, said on a call with reporters last week that the changes were always meant to be temporary. “There has never been a plan to make these permanent,” he said.

Home Depot will pay $17.5 million to settle claims from a 2014 data breach.

The settlement covers claims from 46 states and Washington, the Associated Press reports. Home Depot also agreed to hire a chief information security officer. 

The 2014 breach was among the most significant to ever hit retailers, affecting about 50 million credit card numbers. The hackers compromised the company’s point of sale system and installed malicious software that harvested customers’ credit card information. 

More cybersecurity news:

Chat Room

Chris Krebs, the former director of DHS's Cybersecurity and Infrastructure Security Agency, bids farewell. Trump fired Krebs for disputing his unfounded claims the election results were fraudulent.


Secure log off

Happy Thanksgiving!