The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Biden will sign an executive order to fuel the U.S. semiconductor industry

Placeholder while article actions load

with Aaron Schaffer

President Biden will sign an executive order in the coming weeks to address a shortage of semiconductor chips used by U.S. industries, White House press secretary Jen Psaki told reporters yesterday. 

The decision comes amid the broader White House review of former president Donald Trump's China trade policies, which cracked down on Chinese technology for national security reasons. Some industry officials say the actions led to the shortage of chips currently stalling production by U.S. manufacturers in the automotive and other industries.

The Trump administration last year cut off the supply of semiconductor chips made with U.S. technology to Chinese telecommunications company Huawei, which the government has blacklisted because of claims it gives the Chinese government a back door for spying on U.S. customers. The Trump administration also added a top Chinese chip manufacturer, Semiconductor Manufacturing International Corporation, to a list of companies who can't receive U.S. exports without preapproval in December.

Psaki declined to provide any details about whether Biden will roll back Trump-era regulations accelerating the chip shortage, noting there will be more details when the executive order is actually signed. The order is expected to help identify the causes of the chip shortage and work with industry and trade partners to address it. Industry officials and some lawmakers also hope more funding is on the table.

Semiconductor industry members say funding is essential to the economy and national security.

“Semiconductors are critical to the U.S. economy, American technology leadership, and our national security,” members of the Semiconductor Industry Association, including IBM and NVIDIA, wrote in a letter to the president. “We therefore urge you to include in your recovery and infrastructure plan substantial funding for incentives for semiconductor manufacturing.”

Member of both parties in Congress have expressed strong support for helping out the industry financially. The defense budget authorization bill signed into law last month included bipartisan legislation authorizing the federal government to provide incentives to semiconductor manufacturers and researchers.

A funding push could be a major step toward giving the United States a competitive edge in the emerging technologies industry, which will set security norms for everything from 5G to artificial intelligence.

It's unclear whether the impending executive order will include any incentives to encourage companies to set up chip-making plants in the United States.

Biden is also reviewing other controversial Chinese technology decisions by Trump.

The Justice Department this week asked separate federal appeals courts to pause appeals by the Trump administration to overturn lower court rulings barring efforts to block Chinese-owned apps WeChat and TikTok. DOJ told the courts it intends to review whether the apps pose the national security threat alleged by Trump administration. 

Executive orders from Trump banning the apps determined “the apps capture vast swaths of information from U.S. users, leaving the data vulnerable to [Communist Party of China] access for nefarious purposes” including espionage and censorship.

Both experts and trade groups have pushed Biden to address the China emerging technology threat by collaborating with allies. Trump frequently faced criticism for pushing to ban Huawei and TikTok without major international allies signing on first.

Biden's measured response to the threat of Chinese technology has sparked tensions with Republicans.

The Biden administration has already drawn heat from Republicans for refusing to affirm that Huawei will stay on the banned entities list. The conflict has delayed the confirmation of his Commerce Department nominee Gina Raimondo, who will play a major role in shaping Biden's China trade policies.

“I currently have no reason to believe that entities on those lists should not be there. If confirmed, I look forward to a briefing on these entities and others of concern, she said in written answers to Republicans following the hearing, Bloomberg News reported.

The keys

A hacked Florida water treatment facility reused passwords, investigators found.
A hacker accessed the computer system at the Oldsmar, Fla., water treatment facility on Feb. 5, and attempted to poison the drinking water with lye. (Video: The Washington Post)

All of the computers at the Oldsmar, Fla facility used a single password to an installed system that plant officials say is no longer used, Brian Fung and Alex Marquadt at CNN report. Hackers appeared to gain accessed through the aging remote management software though it's unclear if the poor cybersecurity hygiene was a factor in the attack. 

The attempted poisoning of the town's water supply by a hacker has served as a wake-up call for other industrial facilities. CISA officials yesterday urged operators to adopt strong passwords and upgrade any software that is no longer actively supported with updates to patch vulnerabilities.

Proofpoint sued Facebook for refusing to allow it to use fake domains for security tests.

The cybersecurity company is suing the social media giant in federal court for five web addresses it registered in 2018 to train customers on how to not get tricked into clicking suspicious links.

The cybersecurity firm takes issue with an international copyright panel’s January decision to order the transfer of the domain names — which include instagrarn.net and facbook-login.com — to Instagram and its parent, Facebook. The one-person panel concluded that the websites are “confusingly similar” to Facebook and Instagram trademarks, and that it is “uncontroverted that [Proofpoint] had [Facebook and Instagram’s] famous trademarks in mind when registering the Domain Names.”

Proofpoint wants a judge to declare that its “registration, ownership and use” of the domains is legal. It also is asking for the judge to order the domains “to be unlocked and reactivated with full ownership and use restored to” Proofpoint. Neither Facebook nor Proofpoint responded to a request for comment.

Regulators highlight record numbers of romance scams ahead of Valentine’s Day.

The Federal Trade Commission says dollar losses and reports of the scams, which fool online romance seekers, have skyrocketed since 2016. The losses were up 50 percent in 2020 from 2019.

Several U.S. government agencies, including the Cybersecurity and Infrastructure Security Agency and the FBI, are warning Internet users to be on high alert for the scams ahead of Valentine’s Day, which is Feb. 14.

“Once your heart is hooked on hope, they turn the tables,” a message from CISA reads. “The scammer with the illusive identity will ask for money, making promises of phony matrimony, as they finagle funds from you as a fake fiancée.” The FBI also released a video advising lovesick Internet users to be cautious.

Industry report

Surveillance company rebranded after reports on CEO.

Banjo rebranded as safeXai after its then-CEO, Damien Patton, was identified as having links to the Ku Klux Klan and the company’s future appeared to be in peril, OneZero’s Matt Stroud reports. The rebrand casts doubts on conclusions that the scandal would kill the company, which had a $20.7 million contract with Utah’s department of public safety that dried up. SafeXai’s messaging about the company and its products has been low-key.

“Damien resigned in May 2020 and is not an officer, board member, or affiliated in any way with the day-to-day operations” of the company, safeXai chief strategy officer T.J. Marchetti said. Marchetti also said that despite Patton’s status of inventor of safeXai’s patents, he is not their owner and his “rights to IP were and remain nonexistent.” Former FBI chief technology officer Justin R. Lindsey is the CEO of the company.

Contracts with Utah, a high-profile Banjo customer, appear to be up in the air, with state officials waiting for guidance on how to proceed with its suspended contract with the company after an audit. Marchetti said that “despite confidence in our past technology and protections of personal privacy,” safeXai would not “pursue prior contracts even after the state’s audit was complete.”

Chat room

We asked for your best cybersecurity-themed Valentine's Day messages. Here are some of your responses:

In case you need a last-minute gift idea:

Loading...