July 25, 2013

Grassley Breaks New Huawei Bogeyman Ground

Libeling Huawei has become a sport in DC these days. 

Newest entry in the field?

Iowa Republican Senator Grassley who, per the Washington Times, wielded Huawei FUD - marrying last year’s vapid Congressional “Intelligence” Committee report with the more recent slandering of Huawei by PRISM-midwife Mike Hayden in his attempt to subvert competition in Australia – against an Obama nominee for a senior Department of Homeland Security slot, as well as Virginia gubernatorial candidate Terry McAuliffe and, for good measure, Hillary Clinton’s brother.

You just can’t make this shit up.

The hullaballoo is related to some Huawei executive having apparently applied for and been granted an EB-5 immigrant visa.  EB-5 is a special program under which people can invest $500,000 to $1 million in certain U.S. companies in exchange for a Green Card.  The program’s been around for years – under various names – and is akin to similar programs in Canada and across the developed world. 

The “scandal” that Grassley has birthed revolves around the suggestion that the Obama DHS nominee – currently the head of U.S. Citizenship and Immigration Services – somehow influenced the Huawei exec’s visa application, which was associated with an investment (as required by the EB-5 visa class) in a company owned by Secretary Clinton’s brother, a company that also happens to be (per the Times) the fundraising arm of another company founded by would-be Virginia Governor McAuliffe.

If you’re a Republican in today’s ueber-partisan Washington, this is the sort of three-fer you can only dream about, especially when you can wrap in Sinophobia.

Ignoring the fact that immigrant visas are applied for and granted to individuals, not companies, Grassley cavalierly plays the Huawei-bogeyman card, citing, as mentioned above, last year’s vacuous HPSCI report and the more recent utterly-unsubstantiated comments made by has-been spook Hayden as reasons to question the issuance of the visa to the Huawei executive.



July 21, 2013

Recapping: From Snowden to Hayden

For regular readers, you are well aware that this blog has evolved since it was created in 2005 - from the wistful or proud musings of a father too-often on the road, to the hopeful hype of a mobile tech geek, to the more recent focus on cyber-hysteria, and the related American-inspired travails experienced by my employer Huawei Technologies.

With respect to the latter area of focus, things have reached a fever pitch.

Three-plus years ago, when I joined Huawei, the blackballing of the company by the U.S. Government was relatively easy – black and white – China bad, everything else okay.  There was no need for rules, regulations or transparency – indeed, the protectionist machinations in use at the time were generally ham-handed, what one might have expected from a tin-pot regime, not the leader of the free world.

But over the last year, we have seen a shift towards more rational dialogue, towards more potentially fair and open policy - until recently, at least.

The conclusion of last years’ House Permanent Select Committee on Intelligence (HPSCI) “investigation” (hardly) of Huawei was a report which is broadly viewed as redefining the word vapid.  The Economist  perhaps captured it best: The report appeared “to have been written for vegetarians…not much meat in it.”

That was a turning point.  The politics were exposed for what they were. 

Indeed, When HPSCI Chairman Rogers and Ranking Member Ruppersberger jabbed fingers at Huawei executives demanding “If you want to do business in our country then you tell your government to stop hacking our networks,” it was rather clear that their agenda was geopolitical, not truly driven by any legitimate concern about Huawei.  After all, when it came to Huawei, after a years’ “investigation,” they revealed that they had turned up exactly squat.

Meanwhile, in the world of facts and rational thought, debate had turned to real challenges: Given that the information and communications technology (ICT) industry had evolved into a state of transnationalism, so too had cyber threats become borderless, and there was growing recognition that only real and global solutions would be effective at addressing such challenges (see related blog post from April 2012 or, for a deeper review, my blog post from July 2011).

The tide was indeed turning.

In February 2013, President Obama issued an Executive Order focused on Improving Critical Infrastructure Cybersecurity.  A key element of his Order was the establishment of a Cybersecurity Framework which would be “technology neutral and that enables critical infrastructure sectors to benefit from a competitive market for products and services that meet the standards, methodologies, procedures, and processes developed to address cyber risks.” 

Good stuff.  Right direction.

Another major inflection point was the late March passing of the Continuing Resolution that would fund the U.S. Government through the end of the fiscal year in September.  Late in the process, with a Government shut-down imminent, a brief paragraph (Section 516) was slipped into the hundreds-of-pages long document which would ban some federal purchases of networked equipment “produced, manufactured or assembled” by any group with a strong connection to China (“owned, directed or subsidized”). 


Eleven major U.S. industry associations – ranging from the Chamber of Commerce to the Information Technology Industry Council – wrote an April 4 letter to Congressional leadership expressing dire concern that a ban on federal purchases from China could make the US government vulnerable by restricting access to the latest security technology and could invite reciprocity in terms of the Chinese government screening technology from the U.S. in the same way. 

Per the U.S. industry associations’ letter: “Geographic-based restrictions run the risk of creating a false sense of security when it comes to advancing our national cybersecurity interests. At a time when greater global cooperation and collaboration is essential to improve cybersecurity, geographic-based restrictions in any form risk undermining the advancement of global best practices and standards on cybersecurity.”

Remarkable words of reason.

While the President had already signed the bill into law (at least until the end of the fiscal year when a new budget bill will be considered), a White House spokesperson was quoted in The Hill the day after the industry letter was written: “The undefined terms of this provision will make implementation challenging,” adding “It could prove highly disruptive without significantly enhancing the affected agencies’ cybersecurity.”

More good stuff.

Shortly thereafter, the Government Accountability Office (GAO) – the investigative arm of the US Congress – issued an unrelated study titled “Communications Networks: Outcome-Based Measures Would Assist DHS in Assessing Effectiveness of Cybersecurity Efforts” which found that “No cyber-related incidents affecting core and access networks have been recently reported to FCC and DHS through established mechanisms…of the over 35,000 outages reported to FCC during this time period , none were related to traditional cyber threats (e.g., botnets, spyware, viruses, and worms).”  See my overly-snarky blog post on this particular development, a reflection of facts yet further trumping fiction.

Mere days later, U.S. Secretary of State Kerry met with Chinese counterparts where both sides committed to cooperating on cyber-security issues, a reflection of yet more rational thought breaking out, and a concept about which I had pondered in a March 2012 post.

That same week, the world-renowned and respected Brookings Institution issued a remarkably thoughtful and balanced White Paper titled “Twelve Ways to Build Trust in the ICT Global Supply Chain.”  

The Brookings paper acknowledged the realities of today’s globalized ICT industry: “As trade grows more globalized, the supply chain has become more complex and challenging. Contemporary commerce involves hundreds of individuals, organizations, technologies, and processes across continents,” and went on to propose rational, non-political solutions towards addressing the related challenges, suggesting that “developing agreed-upon standards, using independent evaluators, setting up systems for certification and accreditation, and having trusted delivery systems will build confidence in the global supply chain as well as the public and private sector networks that sustain them.”

Yes, indeed, the tide was turning…

And then along came Snowden. 

We’ve all read the same stories, but, for anyone interested in some perhaps novel flavor, see my flurry of posts following his initial revelations, in which I have been perhaps more concerned about the potential fragmentation of the Internet than any impact on my employer: “Through the Looking Glass” (June 6), “PRISM and Internet Balkanization” (June 7), “PRISMs and Mirrors and Cyber (Oh my)” (June 9), “Politics, Intelligence and Lies – Get a Clue(train)” (June 11), “Internet Balkanization Yet More Likely – PRISM+” (June 14), “A Thickening Plot – A Devil’s Bargain?” (June 19). 

Since Snowden, having utterly lost the cyber high ground, various and sundry U.S. Government authorities have scrambled – stumbling, fudging, lying – to rebuild trust, both at home and abroad, as often as not, with attempts to divert attention elsewhere.

A seemingly key element of the strategy has been to ratchet up the China cyber-threat (which is very real, mind you, as are the cyber threats from virtually every other country on the planet), and, specifically, to differentiate U.S. espionage from Chinese espionage on the grounds that the U.S. focuses on national security intelligence while China steals commercial secrets.

The differentiation strategy kinda fell apart on July 9 when the media began broadcasting Snowden’s latest revelation: The NSA had in fact been conducting commercial espionage across key Latin American markets focused on the oil and energy sectors.

It would appear, however, that some in the U.S. had a slight heads-up on this particular leak, and tried to get out in front of it with some distracting chaff.

One day earlier, on July 8, HPSCI Chairman Rogers re-emerged from his Huawei-bashing hibernation, appearing on BBC 4 Radio, and, for the first time ever, suggesting that he had “proof” of Huawei ties to the PRC and instances of corporate espionage.  Yet again, however, he provided not a whit of substance (link to detailed blog post). 

That same day, PBS Newshour ran a program titled “U.S. Government, Industry Fed Up With China Cyber Theft” featuring another noted China-hawk, James Mulvenon.  Mulvenon was one of the principle authors of the 2005 RAND Report which was only recently revealed to have clumsily featured patently false information about Huawei.

Mulvenon, notwithstanding a remarkably impressive pedigree, took the lateral from Roger’s BBC script and graduated from a past record of innuendo to out-and-out lying, stating, in reference to Huawei: “There's a well-documented record of them stealing core technology from Cisco and from Nortel…I think that Huawei has directly benefited from being able to take core R&D from other people.”  What Mulvenon may “think” doesn’t make it fact, and his reference to “well-documented records” is nothing but a flat-out lie.

Thus, with the media appropriately fluffed, it was time to trot out yet bigger guns.  Next up to twirl a bright and shiny object to distract attention from the increasingly damning revelations about U.S. espionage activities, including in the commercial realm, was none other than former NSA and CIA Director Mike Hayden, one of the midwives of PRISM.

In a July 19 interview with the Australian Financial Review which covered a wide range of cyber issues, General Hayden took Mulvenon’s handoff and ran for what he must have hoped would be a touchdown. 

Asked whether Huawei represents “an unambiguous national security threat to the US and Australia, the General replied “Yes, I believe it does.”  Asked if there was hard evidence of Huawei having engaged in espionage on behalf of the Chinese state, Hayden evaded the tackle with a linguistic summersault, stating “Yes, I have no reason to question the belief that’s the case,” and then, of course, added “as the former director of the NSA, I cannot comment on specific instances of espionage or any operational matters.”  He then went on to cite last years’ utterly empty HPSCI report as some sort of substantive proof point.

Talk about circular bullshit… 

(And, never one to be left out, CSIS’s resident cyber flak – a Huawei-bashing cheerleader who never fails to put out for the team – chimed in meaninglessly in a UPI report: "Officials within several agencies have privately told me that Huawei is a national security threat."  Why does anyone listen to this guy?).

So, what next?

From an industry-wide perspective, in the wake of HPSCI having blown its insignificant load last Fall, and until the Snowden hullabaloo, there had been quite positive momentum towards the establishment of commercially rational and effective worldwide standards and disciplines to better secure networks and information. 

The U.S. Government, caught with its cyber slip showing, is to some extent derailing the process with mis-directing rhetoric. 

Deal with it guys.  Enough with the bright and shiny distractions.  Enough with the Huawei bashing.  You got issues with China, then manage them.   But enough maligning of innocent companies that are otherwise world-proven and trusted. 

You got something on Huawei – show it.  You don’t – and if you did, you’d have ponied up by now – then stow it.

July 09, 2013

Bright and Shiny Objects: Really Chairman Rogers?

Yesterday, July 8, 2013, BBC Radio 4 broadcast the second program in a three part series on cyber security.  Among others, BBC security correspondent Gordon Corera interviewed Mike Rogers, Chairman of the U.S. House of Representatives Permanent Select Committee on Intelligence (HPSCI).

In 2012, Rogers and HPSCI conducted a year-long “investigation” of my employer Huawei Technologies, concluding with a Report which, in redefining the word vapid (“for vegetarians,” per The Economist), suggested - without a whit of substance - that Huawei represents a threat to U.S. national security.

Rogers’ motivation for his unfounded corporate slander seemed a combination of misguided protectionism, Sinophobic jingoism, and cyber-scaremongering, the latter to drive support for his cyber information-sharing legislation which, we have recently learned, would legalize practices seemingly already well-underway in the context of the U.S. Government’s PRISM and related programs.

In the wake of the public unveiling of deep and broad U.S. espionage and surveillance activities - at home and abroad - it seems that the Chairman has extended his maligning of Huawei (one of many distracting “bright and shiny objects” being deployed) in attempts to draw attention away from those programs.

In yesterday’s BBC interview, Rogers broke new and libelous grounds.  Rather than hints, suggestions and innuendo, the Chairman graduated to out-and-out, um, lies.  To wit:

“I can tell you sitting here that I have a high degree of confidence that Huawei is connected to the Chinese Government, it uses it to exfiltrate information from wherever it’s operating back to China for illicit purposes.”

Asked “Is there actually any evidence of Huawei doing anything,” Rogers replied: “I have no doubt and no qualms about saying that Huawei is using its equipment to exfiltrate information that they have no right to have and they're using that in furtherance of their economic espionage activities.”

Asked “What's your view of the U.K. allowing Huawei into Britain's telecoms infrastructure?,” Rogers demonstrated either utter ignorance or remarkable disingenuity (given that as HPSCI Chairman he has full understanding of how PRISM works agnostic to infrastructure pipes), responding “…it allows them to control the pipes basically, where that information flows through.”

Someone other than me want to call this guy out?  

He’s got nothing.  He is a thoroughly naked would-be emperor (HCA reference).  There is, in short, absolutely no “there” there, and he knows it.  Ask him.  C’mon.  He’s got squat.  Could be fun…