Cyber Week in Review: May 15, 2020

U.S. Government Agencies Accuse China of Targeting COVID-19 Research

On Wednesday, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) released a public service announcement [PDF] accusing Chinese hackers of targeting American universities, pharmaceutical companies, and health-care organizations to steal intellectual property related to coronavirus treatments and vaccines. The announcement also warns that the targeting of U.S. research has jeopardized the delivery of treatment. It is unusual for the U.S. government to formally blame another country for cyber activity so quickly after an attack is identified, and U.S. officials declined to publicize the evidence that led them to their conclusions. However, the decision to publicly call out China is part of both the global race among countries to become the first to develop a vaccine to the coronavirus and the increasingly contentious bilateral relationship.

TSMC to Build Chip Factory in Arizona

On Thursday, Taiwan Semiconductor Manufacturing Co. (TSMC), the world’s largest contract manufacturer of silicon chips, said it would spend $12 billion to build a chip factory in Arizona. Although the announcement is a political win for President Trump, who has been campaigning to bring chip manufacturing stateside, TSMC’s estimate of the plant’s output is roughly one-fifth of the size of the company’s largest chip manufacturing plants in Taiwan. Moreover, the Arizona factory would likely not be at the cutting-edge of chip-making technology by the time it begins production in 2024; it plans to make 5-nanometer chips, even though TSMC expects to produce 3-nanometer transistors and smaller in the next three years. TSMC had been in talks with U.S. officials about building a U.S. factory for some time, but the conversation gained momentum recently amid fears of fragile supply chains highlighted by the coronavirus pandemic.

On Friday, the Trump administration tightened export controls targeting Huawei. The restrictions stop foreign semiconductor manufacturers who use U.S. software and technology from shipping products to Huawei without getting a license and will significantly impact TSMC. HiSilicon, Huawei’s semiconductor design arm, made up 14 percent of TSMC’s total sales last year. The move received strong support from Senator Ben Sasse (R-NE), who told the Financial Times, “The United States needs to strangle Huawei. Modern wars are fought with semiconductors, and we were letting Huawei use our American designs.”

Huawei Struggles Internationally Without Google Apps

While Huawei phones can still run Google’s Android operating system because it is open-source, Google’s smartphone apps, such as Google Play, Gmail, and Chrome, have been missing from the company’s devices since the U.S. Department of Commerce banned it from purchasing U.S. technology last May. This has contributed to a disastrous drop of 35 percent in Huawei smartphone shipments outside of China in the first quarter of 2020, more than two and four times the declines experienced during the coronavirus pandemic by rivals Samsung and Apple, respectively. The company has also dropped from second to third place in smartphone market share in Western Europe. Although Huawei has tried to introduce its own versions of these apps, smartphone users complain that they feel limited without Google’s. Industry experts argue that these complaints and the disappointing new sales data highlight the possibility that Huawei’s smartphone business will shrink and become China-centric due to the Trump administration’s restrictions.

Cyberattack Targets Iranian Port

After initial denials, Iran has acknowledged a cyberattack that damaged several systems at the Shahid Rajaei port in southern Iran. While it is unclear who was behind the attack, Iranian officials have alleged that it was carried out by a “foreign entity.” Iran claims that it has thwarted millions of cyberattacks against the country since 2019, thanks to its “Digital Fortress,” or national firewall. It also announced this month that its national intranet system, referred to as the National Information Network (NIN), is 80 percent complete. The NIN aims to cut Iran’s domestic internet infrastructure off from the global internet in order to prevent cyberattacks launched from abroad. Research organizations like Citizen Lab warn that the NIN will only further empower the government to prevent Iranians from accessing content hosted beyond the country’s borders.

U.S. Department of Justice Charges Scientists With Wire Fraud

This week, the U.S. Department of Justice charged Simon Ang, a University of Arkansas electrical engineering professor, and Qing Wang, a former researcher at the Cleveland Clinic, for failing to disclose their ties to China when receiving federal grant money. Both Ang and Wang provided their services to Chinese universities and received funding as part of China’s Thousand Talents program. At the University of Arkansas, Ang researched power grid security and led the Density Electronics Center, which created technology for the International Space Station and was founded with U.S. Department of Defense funding. Meanwhile, Wang received more than $3.6 million in grants from the U.S. National Institutes of Health (NIH). The charges come as the U.S. Department of Justice, FBI, and NIH strengthen their efforts to limit foreign influence at U.S. universities and prevent sensitive U.S.-government funded research from being transferred to China.