Huawei’s Legal Problems Continue in the United States

huawei's legal problems
huaweis legal problems

Huawei’s Legal Problems in the United States

Huawei’s Legal Problems in the United States continue on multiple fronts.  The Chinese tech giant has been the target of the U.S. Senate, The Department of Justice, and has had a case against U.S. Government contracts ban dismissed before going to court.

Department of Justice Actions

In an ongoing indictment the U.S alleges that Huawei participated in a fraudulent scheme to export banned U.S. goods and technologies for its business in Iran.  Although Huawei has denied these allegations, Reuters has reported that recently released company records show that the company was directly involved in these actions.  This could lead to Huawei’s chief financial officer, Meng Wanzhou’s extradition from Canada where she is being held on bank fraud and other allegations.

US Senate Actions

The U.S. Senate approved a bill that would replace Huawei Technology Co. telecom equipment in rural areas.  The bill would provide $ 1 billion in funding for approximately 40 rural carriers to replace equipment that could be used by the Chinese government to spy on communications routed through their equipment.  The bill will now move on to President Trump who will likely sign it into law.  Telecommunications Industry Association chief executive David Stehlin commented that the legislation was “a critical step in securing our network and ensuring the integrity of the telecommunications supply chain as we usher in the 5G era.” 

Case Dismissed

A lawsuit that challenged a U.S. law barring the government from using Huawei equipment, was dismissed in a federal court in Texas before going to trial.  This ban further underlines the U.S. governments security concerns of using the company’s products.  These concern has been very strong among lawmakers in both parties in light of continued cyberattacks and intellectual property theft by agents of the Chinese government. 

What This Means for U.S. Businesses

Businesses will have to exercise increased vigilance regarding the security of intellectual properties and technologies.  This will involve developing and improving processes involving export compliance and cyber securityCVG Strategy has the expertise to help businesses of all sizes meet these challenges.  Contact Us today to see how we can help.

 

NSO Group Under Investigation by the FBI

NSO Group Under Investigation
NSO Group Under Investigation

The FBI is Investigating NSO Group for Personal and Government Hacks

The Israeli based NSO Group is under investigation concerning possible attacks on United States citizens and companies by the FBI.   Reuters reported on January 30, 2020 that the probe, which has been active since 2017, concerns the infection of smartphones.  NSO Group creates products for government intelligence and law enforcement agencies for use against crime and terror.  A spokesperson for the NSO Group stated “We have not been contacted by any U.S. law enforcement at all about any such matters,” and the FBI will neither confirm or deny the existence of any investigations.

Pegasus Product of Special Concern

The NSO Group‘s Pegasus product is a software tool that can capture data on a phone including encrypted messages and audio.  Allegations have been raised that Pegasus might have been used in a hack against Amazon’s Jeff Bezos.  The FBI has met with Bezos and has reported that if US citizens are being hacked that it considered both the company supplying the software and the criminals using those tools responsible.  In a quote an FBI official said “Whether you do that as a company or you do that as an individual, it’s an illegal activity”.

Where to Draw the Line

As with any tool, the ultimate benefit or harm in its use lays in the hands of the person or agency employing it.  While few would argue that fighting crime and terror are not noble goals, care must be taken in providing those tools to appropriate people or agencies.  Furthermore continued oversight by those agencies empowered by such tools must be maintained to make sure rogue individuals within an organization do not use them maliciously.   Perhaps of greater concern is that once the technologies are obtained by nefarious players there is no way to reestablish control of them, placing all of us at risk.

Smartphone Cyber Vulnerabilities for Businesses

Smartphones are of special concern to businesses because of the ability of users to inadvertently place proprietary data at risk.  The costs of such data breaches is difficult to ascertain because of the shared risk with suppliers, vendors, and customers.  Adequate mitigation requires a flexible strategic program that can adapt to threats as they evolve.  This is best provided by an Information Security Management System (ISMS).  An ISMS is a management system based on risk assessment to establish, implement, operate, monitor, maintain and improve information security.  CVG Strategy can help you achieve ISMS Certification.   Contact us to learn more.

New Geospatial Software Export Restrictions to the EAR

Geospatial Software Export Restrictions
Geospatial Software Export Restrictions

New EAR Export Restrictions of Geospatial Software

The Bureau of Industry and Science placed restriction on the export of geospatial software on January 6, 2020.  This ruling classifies software specially designed to automate the analysis of geospatial imagery, as specified, under the Export Control Classification Number (ECCN) 0Y521 series, specifically under ECCN 0D521.  This ruling which effects exports to all countries except Canada, was determined to be necessary because these items could provide significant military or intelligence advantage to the United States.

What is Geospatial Software?

Geospatial software is a growing field of technology involved with mapping and analysis of the Earth’s surface.  It is a technology used to acquire, manipulate, and store geographic information.  Technologies that utilize geospatial software include Global Positioning Systems (GPS), Geographic Information Systems (GIS), and Internet Mapping.   As an analysis tool it can be used by businesses to understand trends at specific locations by understanding demographics, availability of natural resources, agricultural trends, and environmental conditions.

Because such powerful tools can also be used for a wide variety of intelligence gathering activities by unfriendly nations the new export restrictions were expected.  They will, however, place limitations on a large number of commercial, proprietary, and open source developers of software.  Included on the list of players are some rather large companies like Microsoft and Autodesk.  It will be necessary for these companies to place serious controls over the distribution of their products to prevent non-compliance.

The Need to Stay Aware

As technology develops into new market segments controls on the export of these items must be clarified.  EAR and International Trade in Arms Regulations (ITAR) are therefore a very dynamic.  For companies that are involved in export, keeping in step with these new regulations can be a challenge.  Maintaining an effective export control program for either commercial or military markets requires constant vigilance and education.  CVG Strategy can help with Export Classification, ITAR Training, and Anti-Boycott Regulations. 

Our consultants are premier providers of customized ITAR Consulting and ITAR & Export Compliance Programs and Training that addresses critical U.S. Government regulations, from Export Administration Regulations (EAR), to the International Traffic in Arms Regulations (ITAR) and Office of Foreign Asset Controls (OFAC) and other regulatory agencies and more.

 

Mozilla Firefox Vulnerabilities Show Need for Vigilance

Mozilla Firefox Vulnerabilities
Mozilla Firefox Vulnerabilities

High Profile Alerts Concerning Mozilla Firefox Vulnerabilities

On January 8, 2020 the United States Department of Homeland Defense’s Cybersecurity and Infrastructure Security Agency (CISA) issued an alert concerning Mozilla Firefox vulnerabilities.  These vulnerabilities could allow external control of Mac and Windows computer operating systems by cyberattackers.  Mobile devices are not affected by this problem. 

Mozilla has released versions of Firefox with fixes to these problems.  Versions that contain fixes are:

  • Firefox 72.0.1
  • Firefox ESR 68.4.1

Mozilla Firefox Not Alone

Mozilla Firefox, a favorite browser with privacy minded users since 2004 is not alone with issues however.  Juniper, Interpeak IPnet, and Cisco vulnerabilities were also mentioned this month.  These vulnerabilities illustrate a continuing trend in products and systems that are less secure than required to protect the information systems they serve.  The causes for these continuing problems lay at the heart of the software industry where product complexity and fast paced release cycles outstrip the abilities of product testing to ensure quality.

What Can Be Done?

The core issues concerning the causes of cyber vulnerabilities are probably not going away in the near future.  These vulnerabilities effect data security, the performance capabilities of infrastructure, and the reliability of health and safety centered systems.  These are very real concerns for businesses and addressing these concerns effectively is essential.  

Effective cybersecurity for businesses requires risk management approaches that include tools, policies, security safeguards, guidelines, and training.  Development of an Information Security Management System (ISMS) such as ISO/IEC 27001:2013 is an excellent method that establishes these tools and their implementation into the daily operation of a company.  Because it includes constant improvement as a part of a management review process, it can remain adaptive to the dynamic cyber-threat environment and provide an accredited solution to your company and its customers.

CVG Strategy Can Help

CVG Strategy can help your organization create and implement an effective ISMS.  Our experts are certified Exemplar Global Lead Auditors in ISO/IEC 27001:2013 and understand the varying requirements for businesses of all sizes.