Cyber Week In Review: January 11, 2019

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

Turns out the shutdown isn't good for cyber. As the government shutdown enters its 20th day, experts worry that federal cybersecurity might end up as collateral damage of Washington gridlock. Among the 40,000 federal workers currently furloughed because of the shutdown are employees at several critical agencies, including the National Institute of Standards and Technology (NIST) and the Department of Homeland Security’s newly established Cybersecurity and Infrastructure Security Agency. While essential employees are still defending federal networks—meaning the shutdown will likely not produce a “cyber catastrophe”— the ripple effects could be seen elsewhere. Many .gov websites have become insecure or inaccessible because of expired certificates, which have not been renewed due to the shutdown. NIST will likely miss a deadline to update security standards, which many companies rely on. At a cybersecurity job fair this week, booths for government agencies were conspicuously vacant. The real damage of the shutdown, however, might be long-term: As cybersecurity professionals within government flee for more stable (and lucrative) private sector jobs, the federal government might be faced with an even more dire shortage of top cybersecurity talents to defend its networks.

Setback to China’s chip dreams. This week Taiwanese foundry UMC said it would scale down its involvement in the construction of a state-of-the-art DRAM fab in mainland China, likely because of a U.S. investigation into the company and its Chinese partner, Fujian Jinhua. Semiconductors are central to China’s high-tech ambitions, and the multi-billion dollar Fujian Jinhua-UMC plant was supposed to help reduce China’s dependency on foreign chips. Under the UMC-Fujian Jinhua partnership, UMC agreed to provide key technology for the DRAM operation. In November, the Department of Justice charged UMC and Fujian Jinhua with conspiring to steal intellectual property from U.S. chipmaker Micron Technology. Now with UMC’s exit, the DRAM fab’s future is in limbo, striking another blow to Fujian Jinhua, which is already reeling from being placed on a U.S. export blacklist in November.

UMC's retreat from China is the latest sign that the Trump administration’s multi-front campaign to stymie China's attempts to co-opt western technology has teeth. In Taiwan, several engineers were arrested for attempting to steal technology from German chemical producer BASF on behalf of a Chinese rival. In the United States, Chinese investment in U.S early-stage tech startups—another method of technology transfer frequently cited by the administration—has slowed to a trickle, largely because of Trump administration policy. Also, this week: the administration launched an outreach campaign to push companies to better defend themselves against cyber theft. While the administration's strategy shows signs of success, it's unclear if it'll stop China’s overall advances in technology, or if protecting U.S. technology is worth the cost of tech decoupling.

Another bad week for Huawei, another bad Huawei pun: On Friday, Polish authorities arrested a Huawei executive and a Polish national on spying charges. While details regarding the allegations are sparse, the spying allegations are explosive and, if verified, could solidify the resolve of western government to remove Huawei kits from their telecommunication networks. Poland’s main carrier has long relied on Huawei equipment to power its mobile network, though the carrier has begun moving away from Huawei because of security concerns.

Huawei also faced setbacks elsewhere in the world:

• In the United States, the Commerce Department refused to renew the export license of Huawei’s Silicon Valley outpost, Futurewei, effectively sealing the R&D center off from its global operations.
• According to Reuters, Norway is considering whether to ban Huawei from its 5G networks, becoming the latest western government feeling pressure to choose a side in the U.S.-Huawei 5G fray. 

Facebook runs afoul with Vietnam’s Big Brother. Days after Vietnam’s cybersecurity law went into effect, authorities announced that Facebook has not complied with the law. At issue is Facebook’s failure to take down pages and comments critical of the government. Vietnam has invested heavily in countering anti-government sentiment online in recent years. In 2017, it set up a 10,000-strong cyber unit to identify and counter “wrongful opinions” critical of the one-party government. Under Vietnam’s cybersecurity law, which generated much controversy when it was passed last year, internet companies are required to remove “toxic content.” Failure to comply could result in companies like Facebook being required to localize user data and set up a local office to service takedown requests. For Facebook, the law poses a dilemma in one of the company’s fastest growing market: risk its reputation as a space for free expression or provoke the ire of Vietnam government. Vietnamese activists and government critics, for their part, have moved from Facebook to encrypted services like Minds to skirt government controls.