May 17, 2018

Axios Codebook

Axios

Welcome to Axios Codebook, the only newsletter of any consequence on any subject. Thank goodness it's cybersecurity.

Tips, comments, other such stuff? Feel free to reach out at this email address.

1 big thing: Chinese tech firms dodge ZTE fallout

llustration: Sarah Grillo/Axios

ZTE isn't the only Chinese tech manufacturer trying to navigate a volatile trans-Pacific trade climate. Of course, there's Huawei, another giant that, like ZTE, has long faced charges of assisting Chinese intelligence efforts. Then there's Coolpad, a phone maker that's hoping U.S. consumers won't judge every firm by its nation of origin.

“Those companies are under investigation for business practices, not the location of their headquarters,” said Charlie Parke, senior vice president of sales at Shenzhen-based Coolpad. “The reality is, ZTE was caught breaking the rules.”

ZTE shut down its operations after getting hit by sanctions that cut off its supply of U.S.-made chips. President Trump then threw the case into confusion with a weekend tweet suggesting that he wanted to lift the sanctions to save jobs in China.

“My personal opinion is to every choice there is a consequence and if you make a choice you should be ready to accept the consequences,” said Parke.

Why it matters: Chinese companies are sending a loud "we're not all the same" message to the world. Despite the cloud over ZTE and the looming threat of a wider U.S.-China trade war, Coolpad hopes to break the perception of cheap products made with fealty to Beijing, and insists its business is different.

Parke says Coolpad differs from ZTE by emphasizing transparency to gain consumer trust. “We do our own R&D, all our own manufacturing,” he said, saying that differentiated Coolpad from larger firms that operated on a more contractor by contractor basis.

A ZT-REcap: First ZTE’s phones (along with Huawei's) were banned for sale on military bases for national security concerns. Then the company, charged with breaking trade embargoes on North Korea and Iran, received an effective death penalty from the Department of Justice in the form of a ban on the U.S. microprocessors required to make its phones.

  • Trump's weekend tweet about saving ZTE jobs baffled lawmakers on both sides of the aisle. “My main concern is they’re an arm of the Communist Party and are actively involved in espionage ... It’s not just strictly a trading or jobs issue — there’s more to it than that,” said Sen. John Cornyn (R-Texas).
  • On Wednesday, Trump explained he was using ZTE as a bargaining chip in much wider trade negotiations. “We have not seen China’s demands yet,” he tweeted.
  • Axios’s Jonathan Swan quickly noted that China had actually presented its demands two weeks ago.

Of course, if Coolpad can escape the cloud that hangs over ZTE, it also stands to gain something: market share.

Federal agency CIOs get more clout

An executive order signed by President Trump Tuesday afternoon expands the hiring authority of federal agencies' chief information officers and gives them more power within agency decision-making.

Why it matters: Lawmakers have long lobbied for more agility, power and accountability for agency CIOs, to ensure security issues don't get ignored by agency heads. 

  • Congressmen, including Will Hurd (R-Texas) and Gerry Connolly (D-Virg.), have emphasized the importance of the CIO and the CIO's collaboration with agency heads, in legislation and hearings. Hurd, chair of the Information Technology Subcommittee, has threatened to bring agency heads to the Hill alongside CIOs to promote accountability for ignoring CIO decisions. 
  • When Suzette Kent became the federal government's CIO in January, she set the actions in the executive order as priorities. 
Cyber czar elimination gets poor reviews

National security advisor John Bolton. Photo: Mike Theiler - Pool/Getty Images

The Tuesday decision by the Trump administration to eliminate its top cyber advisor — the cybersecurity coordinator, often called the cyber czar — was met with scathing reviews outside the White House.  A sampling:

Michael Daniel (Obama cyber czar): "This is definitely not the signal you want to send to your allies and your adversaries."

Peter Singer (senior fellow, New America): "This is national security malpractice."

Stephen F. Hayes (Editor in chief, the Weekly Standard): "At a time when the USG ought to be redoubling its efforts on cyber, this is unwise..."

Sen. Mark Warner (D-Virg., Ranking member of the Senate Intelligence Committee): "Mindboggling" [via statement]

Christopher Painter (Former top cyber diplomat for the State Department): "Every study, commission or other review suggested higher not lower placement."

Marietje Schaake (Rep. to E.U. Parliment): "Mismatch with reality is growing further and further [down emoji]."

And two Democrats immediately introduced legislation to guarantee a cyber advisor in the Executive Office of the President. 

Senate panel bucks House, agrees with intel agencies on Russia-Trump

The Senate Intelligence Committee leadership announced Wednesday that the CIA, NSA and FBI were correct in assessing that Russia was hoping its election tampering would bolster then-candidate Donald Trump.

Why it matters: The House Intelligence Committee's majority report, released under partisan clouds a month ago, came to the opposite conclusion. It's already beginning to age badly.

What they're saying: "Committee staff have spent 14 months reviewing the sources, tradecraft, and analytic work, and we see no reason to dispute the conclusions," said Senate Intel. Chairman Richard Burr (R-N.C.).

Controversial mobile tracking service hacked — again

A hacker leaked documents from Securus, a company that aggregates cell phone data for law enforcement, to Motherboard. This is the second breach since 2015 for the company.

Why it matters: The hacker gave Motherboard 2800 different sets of account credentials — usernames, encrypted passwords and contact information — labeled "police." A malicious hacker who gained access to the system could track any cell phone in the United States. Securus tracks cell phones using data cell phone providers collect for marketers without requiring a warrant.

Securus was controversial even before it was found to be insecure. This isn't bound to help.

Odds and ends
Axios

Codebook will return on Tuesday.