The Cybersecurity 202: Biden’s plan to boost U.S. chip production finds an ally in banned Chinese firm Huawei

“It seemed like Huawei was a distraction while the U.S. wasn’t doing enough to address real cybersecurity supply-chain risk … and, and not doing enough to make sure America can build the competitive lead that America has over China and technology innovation,” Andy Purdy, Huawei’s U.S. chief security officer, told me. 

Biden’s order, issued yesterday, launches a 100-day government review into potential vulnerabilities in the U.S. supply chain for critical items, including chips used by manufacturers including the automobile industry. Biden is also working with the House and Senate to secure $37 billion in funding to boost the domestic chip industry.

While the administration says the order is not aimed at China, officials acknowledged it will evaluate reliance on “strategic competitor nations,” David J. Lynch reports. The order, which has already garnered industry and congressional praise could offer an important early glimpse at how Biden will handle ongoing competition and security concerns with Chinese technology. 

And Senate Majority Leader Charles E. Schumer (D-N.Y.) announced plans yesterday to introduce legislation alongside the executive order to help enable that funding and create American jobs for the chip industry.

Purdy says that order shows that the Biden administration is moving towards addressing those issues head on “which is good if the United States ever wants to have a more nuanced approach to issues that affect us.” The company’s total spending on the U.S. supply chain totaled $18.7 billion in 2019 before being cut off by the trade policies. 

Former president Donald Trump’s ban on the sales of chips made with U.S. technologies to Huawei last year added to a growing number of restrictions against the company’s business with the United States – and is believed by some industry analysts to have led to stockpiling that fueled the current chip shortage. The Trump administration frequently accused the company of providing a back door to U.S. customers to the Chinese government for espionage, a claim that the company denies. 

Purdy and the company frequently accused the Trump administration of taking security issues and lumping them in with economic issues to create a geopolitical bargaining chip with China. Purdy also criticized the United State’s fraud charges against the company’s chief financial officer Meng Wanzhou, who is currently being held under arrest in Canada while fighting extradition to the United States.

“We’re hoping that there will be a disaggregation, a focus on individual issues, looking at it in terms of what’s in the best interest of the United States,” says Purdy. “We’re hoping that Ms. Meng can be freed, hoping that American companies might be able to sell to Huawei, which we believe is in the best interest of the United States.” 

The Biden administration has so far declined to say whether it will uphold the Trump administration’s Huawei policies, instead citing the need to evaluate the Trump policies first.

Purdy’s grand plans are a long shot – at least in the near term. There are a number of actions that would need to take place before Huawei could again sell to American companies, starting with the Commerce Department determining that Huawei isn’t a threat. Democrats and Republicans who have already pressured the White House to uphold bans of the company will also have to be convinced to usher in legislative changes. 

Correction: This article has been updated to correct a quote from Purdy. Purdy wishes the company’s chief financial officer would be freed. 

Harris wants to make cybersecurity, technology and global health the top priorities of her office, CBS News’s Tim Perry reports. Harris has a track record in cybersecurity issues, with her office taking the lead on investigations into California data breaches when she was the state’s attorney general. She also sponsored or co-sponsored nearly every major piece of election security legislation during her time in the Senate.

Harris has already been an integral part of the administration’s efforts to reach out to international partners, which will be key in addressing these issues.

“You can’t do all of the other issues of interest without partners, and that is the theme of this administration,” a top White House official told CBS. “Global health, cyber security, China, climate, the regional issues: you can’t do them unless you have strong partners. And I think that’s the way the vice president is thinking about it and why she’s putting a priority on doing her part to repair those ties.”

William J. Burns called the Russian hacking campaign that hit government agencies and private companies “a very harsh wake-up call” on supply-chain vulnerabilities at his Senate confirmation hearing on Wednesday. He called for the United States to work to with allies to build “rules of the road” that “certain kinds of critical infrastructure are off-limits for those kinds of cyberattacks.”

Burns also called for the CIA to invest in cyber capabilities. The “CIA will need to relentlessly sharpen its capabilities to understand how rivals use cyber and other technological tools; anticipate, detect, and deter their use; and keep an edge in developing them ourselves,” Burns said.

Senators focused on intelligence concerns stemming from China and Russia during the confirmation hearing, Shane Harris reports. Burns told Sen. Ron Wyden (D-Ore.) that he shares Director of National Intelligence Avril Haines’s “view that it would be very valuable to lay out a framework that makes clear to the American people the guidelines and legal boundaries” of data purchasing through private brokers, a move the senator praised.

The bill is resurfacing after previous versions were blocked by the Trump administration. The bill, which was reintroduced this week, would create a Bureau of International Cyberspace Policy to address the economic and security aspects of cyber policy.

“I have full confidence that this organizational change will best position the United States to reclaim its role as a global leader in cyber diplomacy — a need that’s particularly urgent given the ever-increasing array of cyber threats and other challenges that we face,” Rep. Jim Langevin (D-R.I.), the chairman of the House Armed Services Committee’s cyber subcommittee, said at an event hosted by the Foundation for Defense of Democracies. 

The company offered the statement after Senate Intelligence Committee Chair Mark R. Warner (D-Va.), Vice Chair Marco Rubio (R-Fla.) and other senators publicly excoriated the company for not sending a representative to a hearing on the hack.

The company did acknowledge that its platform was used by the hackers, CNN’s Brian Fung reports. The cloud computing giant declined to respond to Fung’s question about why it did not appear at the hearing. An Amazon Web Services spokeswoman told The Cybersecurity 202 that it has “provided detailed briefings to government officials, including members of Congress.” (Amazon founder Jeff Bezos owns The Post.) 

Cybersecurity employees are suffering from alert overload, according to a new report by cybersecurity company Critical Start. Nearly half of those surveyed said they turn off high-volume alerts when there are too many to process.

The Ocean Lotus hacking group, which researchers have traced to a Vietnamese company, sent spyware to the activists from 2018 to 2020, Amnesty Tech researchers say. The human rights group called for Vietnamese officials to “undertake an impartial, thorough and independent investigation into the group’s unlawful activities and human rights abuses.” It also said the Vietnamese government should develop surveillance and human rights guidelines.

The spyware in the attack was disguised as important attachments or links in emails, and it worked on both Windows and Mac systems. Once they were opened, hackers could fully view the victim’s computer.

The target of the attack was an Internet portal that Ukrainian government agencies use to share documents, ZDNet’s Catalin Cimpanu reports. Officials said that the cyberattack’s goal was “the mass contamination of information resources of public authorities.” They also said that the cyberattack was conducted by a “hacker spy [group]” in Russia. Russia has a history of cyberattacks against Ukraine, including a notorious 2017 campaign that wiped out Ukrainian organizations including banks, electricity firms and other critical infrastructure.

More global cybersecurity news:

• Microsoft subsidiary GitHub has hired Mike Hanley as its chief security officer. Hanley previously worked as Cisco’s chief information security officer.
• At the end of March, Jerome Lovato will leave the Election Assistance Commission, where he oversaw voting machine testing and certification. The commission’s new chair, Commissioner Donald Palmer, began his year-long term on Wednesday.
• The Klein/Johnson Group registered to lobby for U.S. chip giant Intel effective Jan. 12. Two former aides to Senate Majority Leader Charles E. Schumer (D-N.Y.), Israel Klein and Brian Greer, are registered to lobby on the account along with Matthew Johnson, a former aide to Sen. John Cornyn (R-Texas), and Ian Rayder, Colorado’s former deputy secretary of state.
• Jamie Girard, the former head of trade group SEMI’s Washington office, registered to lobby for Tokyo Electron U.S. Holdings, a subsidiary of Japanese semiconductor company Tokyo Electron, effective Feb. 1. He expects to lobby on “support for domestic semiconductor manufacturing incentives” and legislation that would incentivize U.S. semiconductor manufacturing.

• The House Oversight and Homeland Security Committees hold a joint hearing on the cyberattack on SolarWinds and other companies on Friday at 9 a.m.
• Former Secretary of Defense and CIA director Robert Gates speaks at a Washington Post Live event on Friday at 2 p.m.
• The Center for Strategic and International Studies holds the second event in its series on the cyberattack on SolarWinds and other software on Friday at noon. 
• The Atlantic Council hosts a cybersecurity event with industry leaders on March 4 at 1 p.m.
• House Armed Services Committee Chairman Adam Smith (D-Wash.) speaks at an event hosted by the Brookings Institution on March 5 at 11 a.m.
• Duke University’s engineering school hosts a seminar on cybersecurity threats amid remote work on March 5 at noon.
• U.S. Cyber Command executive director Dave Frederick speaks at an event hosted by the Intelligence and National Security Alliance on March 10 at 4:30 p.m.

Spoiler alert: This is a parody.