The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

A plan to strip Huawei from rural telecoms is still short billions

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Placeholder while article actions load

Welcome to The Cybersecurity 202! Congratulations to Canada and Denmark for peacefully ending their 49-year border spat over a barren Arctic island. 

Below: A 2020 election denier is the GOP nominee to lead elections in Nevada, and the White House warns of ‘serious’ security concerns about a U.S. company’s proposal to buy NSO hacking tools.

Protecting U.S. wireless networks from potential Chinese spying is expensive

The Biden administration and Congress are struggling to fulfill one of the main components of their program to protect U.S. telecom systems from Chinese spying — removing Huawei gear from rural wireless networks.  

The big problem: A more than $3 billion funding shortfall.

The Federal Communications Commission is closing in on a $1.9 billion plan for the program, which will deliver funding to dozens of rural telecoms to strip the Chinese tech giant’s components from their 4G wireless networks. The agency has finished its initial review of telecoms' requests for funding and will deliver a projected deadline for making its final decisions to Congress today, an FCC official told me. 

But the agency has received a whopping $5.6 billion in requests from rural telecoms that want to replace their Huawei gear. It’s not clear if Congress is ready to fill that gap — even as concerns about Chinese spying and other digital treachery are reaching a fever pitch.

The project

Some clarity could come today. The House Energy and Commerce Committee will consider legislation during a business meeting today that would commit an additional $3.4 billion to the program — covering most of the shortfall. But there’s still a long way to go before that proposal becomes law. 

The risk: The project is part of a years-long push to restrict Huawei and other Chinese firms from U.S. telecom infrastructure over fears that access could make it far easier for Beijing to spy on or sabotage U.S. communications.

Huawei could theoretically scoop up information that would give Chinese firms an advantage over U.S. competitors or improve the Chinese position in a military conflict with the United States. 

Details

If more funding doesn’t arrive, the FCC will be legally required to mostly allocate funding to the smallest rural telecoms that serve fewer than 2 million people. 

That could risk leaving Huawei gear in some telecom networks where it poses significant national security risks but that serve between 2 million and 10 million customers  — such as telecoms located around military bases or major energy facilities. 

“Many of our most important defense and intelligence assets are located in rural America, and we have to protect those,” Michael Wessel, a member of the U.S.-China Economic and Security Review Commission, told me. 

The concern isn’t so much that Chinese spies will scoop up data directly from U.S. military facilities, which communicate their most sensitive information on classified systems. But they could have a field day with data culled from the personal cellphones of servicemembers and civilian staffers who live near such facilities. 

“The intelligence that could be gathered from all those cellphones is invaluable,” Wessel told me.

China watchers favor a more strategic approach

Ideally, [the U.S. government] would want to rip and replace it all, but if it can't then there should be some prioritization of the networks — is there some critical infrastructure that is nearby that might be impacted,” Council on Foreign Relations cyber and China expert Adam Segal told me. 

Huawei has steadfastly denied that it aids Chinese government spying. U.S. officials have never presented smoking gun evidence of such snooping, but have said the risk the Chinese government could compel Huawei’s cooperation in spying is dangerous enough. 

  • The primary focus of the Huawei fight has been on blocking the company from building next-generation 5G wireless networks that are being built now — a fight U.S. officials have mostly won, with Huawei barred from 5G networks in the United States and most of its closest allies.
  • But U.S. officials are also highly concerned about Huawei gear that’s peppered throughout the United States’ existing 4G systems. And that gear is highly concentrated in rural areas where cash-strapped telecoms picked Huawei’s lower prices for their 4G builds despite security concerns that were already bubbling up in the early 2010s.

“For smaller rural carriers, it’s harder to value security in the same way and cost efficiency sometimes trumps it,” the FCC official told me. The official spoke on the condition of anonymity because he was not authorized to speak on the record about the funding program, which is still in progress.  

U.S. officials argue that Huawei gear is artificially cheap compared to its mostly European competitors because the Chinese government makes up for its losses. 

The FCC received 181 applications from rural telecoms interested in swapping out their Huawei gear — 162 of which it initially found to be eligible.

Telecoms that don’t receive funding will be in a tight spot.

  • The $1.9 billion Congress has allocated so far for rural telecoms to ditch Huawei gear was basically a carrot.
  • The stick was a February 2020 law that blocked those telecoms from using federal money distributed by the FCC — called the Universal Service Fund — to service existing components supplied by Huawei or any other firms deemed national security risks or to replace those components with products from the same companies.

That’s bound to make life very difficult for those telecoms and could prompt them to replace the gear on their own dime.

The keys

A 2020 election denier will lead elections in Nevada

Former Nevada state Assemblymember Jim Marchant won the state’s GOP primary for secretary of state last night. Marchant has said he would not have certified Biden’s victory and has pledged to dump Nevada’s voting machines in favor of hand-counted ballots.

Marchant is effectively the third 2020 election denier to win a GOP primary to lead a state’s election so far this year. The trend is sounding alarms for election security advocates who fear those candidates could intentionally degrade the security of election machines, launch shoddy, partisan audits and generally rig the system to aid their preferred candidate’s election.

In other election news: Katie Arrington, a former Trump Pentagon cyber official, lost a GOP congressional primary fight in South Carolina to incumbent Rep. Nancy Mace. Mace had attacked Arrington for allegedly having her security clearance pulled after sharing classified information with a Pentagon contractor. Arrington said she hadn’t shared information improperly.

White House has ‘serious’ security concerns about possible NSO hacking tool sale to U.S. company

A potential deal by NSO Group to sell its hacking code to U.S. defense firm L3Harris raises “serious” security issues and the White House is “deeply concerned,” according to a senior White House official who spoke on the condition of anonymity because of the sensitivity of the matter. The sale, which hasn’t been announced, would include NSO’s hacking code and access to its developers, Ellen Nakashima and Craig Timberg report.

The transaction appears to be an attempt to salvage some utility from the embattled spyware firm. NSO has come under fire following reports by The Post and other publications that its government clients routinely used its hacking tools to target journalists and dissidents. 

L3Harris said it would restrict its sales of the tools to the U.S. government and some allies.

  • The Biden administration restricted NSO’s ability to receive U.S. technologies last year, saying that its tools were used by foreign governments to “maliciously target” activists, government officials and journalists. That restriction would not necessarily be lifted just because NSO’s tools are acquired by a U.S. firm, the White House official said.
  • The government would also launch an “intensive review” of the deal’s counterintelligence risks and human rights implications, the official said.

L3Harris declined to comment on the existence of talks with NSO. “We are constantly evaluating our customers’ national security needs,” an L3Harris spokesperson said. NSO declined to comment. The talks were first reported by digital publication Intelligence Online.

Belarusian hacktivists say they’ve released wiretapped conversations from Russian Embassy

The Belarusian Cyber Partisans group is touting the alleged wiretaps as evidence that Belarus spied on its ally Russia, CyberScoop’s AJ Vicens reports

It appears to be an attempt by the hacktivists to drive a wedge between Russian President Vladimir Putin and Belarus President Alexander Lukashenko.

“The ‘brotherly’ state turns out to be not so brotherly after all,” the group wrote on YouTube.

The Cyber Partisans are a group of pro-democracy opposition advocates who oppose Lukashenko. For months, they have released records like tapped calls and sensitive documents. The group also claimed responsibility for breaching the country’s railroad system to disrupt Russian troops’ movements to the front lines of the war in Ukraine.

Government scan

A U.S. marshal used a phone-tracking tool for personal use, prosecutors say

Deputy U.S. Marshal Adrian Pena is accused of using Securus Technologies's phone-tracking tool to check the locations of people he knew, Devlin Barrett reports. He’s also accused of lying to investigators when they asked him about it in 2017.

Officials wouldn’t comment on why it took nearly five years to charge Pena, who has apparently been a paid Marshals Service employee in that time. Pena said he had done “tests on my phone” and used the software “to find either a phone that’s been lost or misplaced,” according to the indictment. He also said he hadn’t used the system to track family members, friends or ex-girlfriends.

Pena didn’t respond to a request for comment. The Marshals Service didn’t immediately comment.

Securus said it shut down the tracking system more than four years ago. The tool was only available to law enforcement, and the company “relied on the integrity of law enforcement to operate it ethically,” it said. 

Securing the ballot

Cyber Ninjas' emails touch on irony, deceit, challenge coins (Arizona Republic)

Global cyberspace

Iran arrests suspect allegedly involved in Tehran hacking (By Associated Press)

Ukraine Has Begun Moving Sensitive Data Outside Its Borders (Wall Street Journal)

New Canadian bill would compel key industries to bolster cyber security — or pay a price (CBC News)

Cyber insecurity

Children are targets for ID theft. Here’s what parents need to know. (By Tatum Hunter)

Hacker advertises ‘crappy’ ransomware on Instagram (Motherboard)

Wave of Discord hacks is making the crypto crash more painful for investors (Motherboard)

Industry report

Microsoft to acquire foreign cyberthreat analysis vendor Miburo (ZDNet)

Daybook

  • Carole House, the National Security Council’s director for cybersecurity and secure digital innovation, speaks at an Atlantic Council event on cybersecurity challenges with central bank digital currencies Wednesday at 12:30 p.m.
  • Assistant secretary for cyber, infrastructure, risk and resilience Iranga Kahangama and Eric Mill, a senior adviser to Federal Chief Information Officer Clare Martorana, speak at a Billington CyberSecurity event Thursday at 8 a.m.
  • The Center for Strategic and International Studies hosts an event on obstacles to implementing the federal government’s cybersecurity efforts Thursday at 2:30 p.m.
  • CISA Director Jen Easterly and energy executives discuss cybersecurity at the EEI 2022 conference Tuesday.
  • Third Way hosts an event on China and the digital world order Tuesday at 11 a.m.

Secure log off

“The groundwork for peaceful resolution was laid with the semi-regular exchange of alcohol. On decamping, the Canadian military would leave behind a bottle of whiskey and the Danes would reciprocate with schnapps.” Thanks for reading. See you tomorrow.

Loading...