U.S. to Tap $60 Billion War Chest in Boon for Huawei Rivals / New Iranian wiper discovered in attacks on Middle Eastern companies / Japan joins NATO cybersecurity drills to counter Chinese hackers

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

• A new agency, called the U.S. International Development Finance Corporation, plans to tap some of its $60 billion budget to help developing countries and businesses purchase equipment from other companies. Bloomberg
  
  

• IBM X-Force, the company's security unit, has published a report of a new form of "wiper" malware connected to threat groups in Iran and used in a destructive attack against companies in the Middle East. Ars Technica

• Japan became a full-fledged participant Monday in NATO's cybersecurity war games, as Tokyo and Western nations eye potential hacking threats from China. Asian Nikkei Review
  
  

ASPI ICPC

How China’s 5G ascent could herald the end of US big tech
The Strategist
@michael_aspi
5G is not just a huge issue for governments. An alternative to Chinese 5G is essential to the future of Alphabet, Apple, Amazon, Facebook and Microsoft as global businesses. If they already know this, it'd be good to start having them show it.

Johanna Weaver @_JohannaWeaver

We talk a lot about #cyber norms, but what are they? EVERY country in the world has endorsed the norms in this clip. The #UNCyberGGE & #UNCyberOEWG sld now prioritise clear guidance and practical support to ensure ALL countries implement ALL of these norms ALL the time!

December 3rd 2019

29 Retweets61 Likes

Johanna Weaver @_JohannaWeaver

Thanks again to @BartHoogeveen from @ASPI_ICPC for developing the norms icons and for working with @dfat to produce these videos 🙏

December 3rd 2019

4 Likes

China

Huawei Bolsters Public-Relations Blitz With Legal Action
WSJ
@DanStrumpf & Drew Hinshaw
Huawei Technologies Co. has been on a public-relations blitz to convince the world that it isn’t a bad actor. Now Huawei’s intensified defense of its image is also being waged on a legal front. The Chinese telecommunications giant is pursuing legal campaigns against an array of overseas critics large and small.

• How Huawei Lost the Heart of the Chinese Public
  The New York Times
  @LiYuan6
  When an executive wrote about her house arrest in Canada, an outcry about a former employee’s treatment arose on social media.

China demands 'fighting spirit' from diplomats as trade war, Hong Kong protests simmer
Reuters
The government's top diplomat, Wang Yi, prodded officials at a foreign ministry gathering last month to display stronger "fighting spirit" in the face of international challenges, three sources with knowledge of the matter said. While Wang did not give explicit direction at the event, the instructions come after several senior Chinese diplomats set up Twitter accounts, some of which have been used to attack Beijing's critics. This week, the foreign ministry also launched a Twitter account.

Peo­ple’s Daily Warns against “Ma­lig­nant Com­pe­ti­tion” in Blockchain De­vel­op­ment
China Banking News
The flag­ship news­pa­per of the Chi­nese Com­mu­nist Party has pub­lished an ed­i­to­r­ial piece call­ing for greater re­straint and safe­guards when it comes to the pur­suit of blockchain de­vel­op­ment.

US senators want Trump probe of China’s new corporate social credit system
Politico
@ABehsudi
Lawmakers fear programme could be used to coerce US firms to move research activities to China, hand over technology or support Chinese policies.

USA

White House considered kicking Huawei out of US banking system: Sources
Reuters
The Trump administration considered banning China's Huawei from the US financial system earlier this year as part of a host of policy options to thwart the blacklisted telecoms equipment giant, according to three people familiar with the matter. The plan, which was ultimately shelved, called for placing Huawei Technologies Co - the world's second-largest smartphone producer after Samsung - on the Treasury Department's Specially Designated Nationals (SDN) list.

• U.S. to Tap $60 Billion War Chest in Boon for Huawei Rivals
  Bloomberg
  @alistairmbarr
  The U.S. has been warning other countries not to buy telecommunications gear from China’s Huawei Technologies Co. and ZTE Corp. The government will soon put real money behind the effort. A new agency, called the U.S. International Development Finance Corporation, plans to tap some of its $60 billion budget to help developing countries and businesses purchase equipment from other companies.

The US can’t use Cold War tactics to engage with China, says former NSA head Michael Rogers
CNBC
Rogers discussed the multi-faceted problems facing the U.S. over China technology in an interview that aired Tuesday on the cybersecurity podcast Task Force 7 Radio. He said China’s main goal is to achieve 21st century technological dominance, and he explained some of the tactics that are hard to counter, such as IP theft, government subsidies of tech companies, and linking corporate interests to education and government research. He also offered some concrete suggestions on how to counter China’s efforts while maintaining an American business philosophy.

• The podcast

NSA to Issue Updated Cloud Security Guidance
WSJ
@JimRundle @catstupp
The National Security Agency plans to issue updated guidance to companies on cybersecurity in the cloud, a senior official said, amid a series of attacks that have targeted service providers in recent months. Anne Neuberger, director of the NSA’s Cybersecurity Directorate, said that one of her division’s goals is to produce advisories for businesses and other organizations. The advisories will describe attack methods used by nation-state and advanced hackers and will lay out methods to counter them.

2020 U.S. census plagued by hacking threats, cost overruns
Reuters
@NickPBrown
In 2016, the U.S. Census Bureau faced a pivotal choice in its plan to digitize the nation’s once-a-decade population count: build a system for collecting and processing data in-house, or buy one from an outside contractor.

Congress Is Finally Tackling Privacy! Now Let’s Do Cybersecurity.
Slate
@jkosseff
A national privacy law is long overdue. But the intense focus on privacy has overshadowed cybersecurity.

DHS wants to expand airport face recognition scans to include US citizens
TechCrunch
@zackwhittaker
Homeland Security wants to expand facial recognition checks for travelers arriving to and departing from the U.S. to also include citizens, which had previously been exempt from the mandatory checks.

‘FUCK CRIME:’ Inside Ring’s Quest to Become Law Enforcement’s Best Friend
Motherboard
@carolineha_ @liakantro
Amazon's surveillance company has seeped into hundreds of American communities by throwing parties for police and giving them free devices.

North Asia

Japan joins NATO cybersecurity drills to counter Chinese hackers
Asian Nikkei Review
Rieko Miki
Japan became a full-fledged participant Monday in NATO's cybersecurity war games, as Tokyo and Western nations eye potential hacking threats from China.

Southeast Asia

This Man's Post Was The First To Be "Corrected" By Facebook Under Singapore's Fake News Law
BuzzFeed News
@cameronwilson
Alex Tan heard the news secondhand that the Singaporean government was using its fake news law against him. A friend contacted Tan over Messenger on Nov. 28 to tell him Singaporean media outlets were reporting one of his Facebook posts had been determined as fake news, and that he had been issued with a "correction direction". The direction, which ordered Tan to edit the post to say it contained false information, is a newly-acquired power for the Singaporean government. It arises from the recently passed Protection From Online Falsehoods And Manipulation (POFMA) Act.

A screenshot of Facebook's notice on Alex Tan's State Times Review Facebook page. Strait Times / Via straitstimes.com

Europe

China Sets Sights on Europe for Its Burgeoning ‘Smart City’ Industry
Caixin
While the technologies touted for use in smart city projects are roughly the same, such as artificial intelligence and internet of things (IoT), there are some key differences between the Chinese and European governments in terms of their approaches to development and areas of focus. In China, smart city projects are more focused on public security and digitalization of government services, such as using mobile apps to make services more convenient to citizens, said Lu Hongfeng, deputy director at the Shenzhen Institute of Standards and Technology. In Europe, by contrast, governments are more interested in sustainability and environmental projects, such as deploying intelligent water meters.

• Doomed by data, our new Trojan Horse
  Standpoint
  Charles Parton
  The fall of Troy is an unsettling parallel. The Greeks did not force their way in. Rather the Trojans welcomed the horse inside. The CCP has a similar strategy: “Smart Cities”.

NATO Should Count Spending on Secure 5G Towards Its 2% Goals
Defense One
@lindsaypgorman
The agenda at NATO’s London summit reportedly includes talk about the future of internet security — that is, establishing rules and roles for next-generation 5G gear. This is both a vital issue and a bellwether. If done right, moving to secure 5G systems can rejuvenate the alliance around its central mission: protecting democratic states from authoritarian incursion. Botch it, and the rift will only increase.

Dutch politician faces three years in prison for hacking iCloud accounts and leaking nudes
ZD Net
@campuscodi
City council member who doubled as a hacker set to be sentenced on Christmas Eve.

Russian Trolls Are Hammering Away at NATO’s Presence in Lithuania
Defense One
@DefTechPat
A broad disinformation campaign of fake news and other tricks aims to turn the Baltic nation’s public against the alliance.

Russia

The U.N. passed a Russia-backed cybercrime resolution. That’s not good news for Internet freedom.
The Washington Post
@jshermcyber @MRaymondonIR
On Nov. 18, a United Nations committee passed a Russia-backed cybercrime resolution by a vote of 88 to 58, with 34 countries abstaining. Russia, Belarus, Cambodia, China, Iran, Myanmar, Nicaragua, Syria and Venezuela sponsored the resolution, titled “Countering the use of information and communications technologies for criminal purposes.” The United States said it is “disappointed with the decision.” The resolution creates a drafting group to create terms of reference for a global “cybercrime” treaty. But the cybercrimes of primary concern here aren’t hacking attacks, privacy violations or identity thefts. Instead, this treaty is intended to create international law that would make it easier for countries to cooperate to repress political dissent. The big takeaway? Russia and China have become better at using international rules and norms to promote their aims.

We need to hold the Kremlin responsible for its 2018 cyberattack on the Olympics
The Washington Post
@a_greenberg
...Almost two years since that unprecedented sabotage attempt, the public response from the global community to hold the hackers responsible has been equally remarkable: There has been none. Russia has faced no new sanctions, no criminal charges, not so much as a strongly worded statement for carrying out the worst cyberattack that has hit the Olympics. That failure to respond has practically invited the Kremlin to strike again at the 2020 Summer Olympics in Tokyo — and it has further eroded any sense of the red lines that protect civilian organizations from state-sponsored cyberattacks.

Middle East

New Iranian wiper discovered in attacks on Middle Eastern companies
Ars Technica
@thepacketrat
IBM X-Force, the company's security unit, has published a report of a new form of "wiper" malware connected to threat groups in Iran and used in a destructive attack against companies in the Middle East. The sample was discovered in a response to an attack on what an IBM spokesperson described as "a new environment in the [Middle East]—not in Saudi Arabia, but another regional rival of Iran."

Misc

Merck Cyberattack’s $1.3 Billion Question: Was It an Act of War?
Bloomberg
@davidvoreacos @k_chiglinsky
In a world where a keyboard can cause more harm than a gunship, a legal dispute between the drug giant and its insurers could determine who pays for cyber damage.

Research

The Global Disinformation Order: 2019 Global Inventory of Organised Social Media Manipulation
The Computational Propaganda Project
@sbradshaww @pnhoward
Over the past three years, we have monitored the global organization of social media manipulation by governments and political parties. Our 2019 report analyses the trends of computational propaganda and the evolving tools, capacities, strategies, and resources.

Jobs

New scholarship for women aspiring to a national security career
ANU National Security College (NSC)
Applications are now open for a major new scholarship opportunity with the ANU National Security College (NSC), supported by the Office of National Intelligence. This scholarship covers full fee tuition for the NSC’s Master of National Security Policy degree from 2020 onwards. Position yourself for a career in an Australian policy or intelligence agency by applying before 19 January 2020.