Timothy Porter is an Army veteran of 10 years. He achieved the rank of Sergeant First Class within 7 years. After being involved in a bomb explosion, Porter was medically retired and began pursuing his passion: technology. In 2009, after teaching himself how to develop mobile apps, Appddiction Studio was formed. In 2011, Appddiction Studio was nationally recognized by the USA Network Channel. Porter was one of their USA Character Unite Award winners for developing an award-winning anti-bullying App for schools. Appddiction Studio has developed well over 200 commercial mobile apps and has become a leader in Enterprise transformations focusing on Agile and the SAFe Framework.

Porter has multiple degrees in Management Information Systems and holds an MBA. He is an SPC and RTE and has performed roles for Appddiction Studio as Scaled program Consultant, Enterprise Coach & Trainer, Agile Coach, Release Train Engineer to Scrum Master. Appddiction Studio has been performing for programs supporting Gunter AFB as a Prime Contractor in: Agile Coaching, EODIMS JST & EODIMS Backlog Burndown and now as a subcontractor on ACES FoS.

Porter has taught over 50 public/private SAFe classes and has submitted his packet for consideration to become SPCT Gold Partner. He is certified at all levels of SAFe Framework and teaches Leading SAFe, SAFe Scrum Master, Advanced Scrum Master, Lean Portfolio Management, Product Owner/Product Management, SAFe DevOps, SAFe Architect in addition to Agile courses like ICAgile Agile Fundamentals, ICAgile Agile Team Facilitation, ICAgile Agile Programming & ICAgile DevOps Foundations.

Introduction

One of the world’s leading providers of fifth-generation (5G) mobile technology, Huawei is a Chinese telecommunications giant that has stoked fears of espionage and intellectual property theft in the United States and many other countries. In response, Washington and its allies have imposed sweeping restrictions on Huawei as part of a larger crackdown on Chinese technology companies. 

Some experts warn that tensions between Washington and Beijing over technology could lead to a “digital iron curtain,” which would compel foreign governments to decide between doing business with the United States or China.

What is Huawei?

It is the world’s largest provider of 5G networks and a leader in sales of telecommunications equipment. Based in Shenzhen, China, Huawei sells its products domestically and internationally. In the United States, it has helped provide connectivity in rural areas of Alabama, Colorado, Oklahoma, and other states.

Ren Zhengfei, the company’s billionaire CEO, founded Huawei in 1987. With more than 190,000 employees, according to its website, Huawei claims to be a private company fully owned by its employees, though its precise ownership structure is unknown.

Why is it so controversial?

In accurate years, the United States and several other countries have asserted that the company threatens their national security, saying it has violated international sanctions and stolen intellectual property, and that it could commit cyber espionage. Many U.S. policymakers view Huawei as a commercial extension of the Chinese Communist Party (CCP).

Cyber espionage. The main concern, according to U.S. intelligence agencies, is that the Chinese government could use Huawei to spy. Officials, primarily in the United States but also in Australia and several other countries, point to intentionally vague Chinese intelligence laws that could be used to force Huawei to hand over data to the Chinese government. (The United States has not publicly provided evidence that this has happened.) There are also concerns that Huawei’s 5G infrastructure could contain backdoors that allow the Chinese government to collect and centralize massive quantities of data and give Beijing the necessary access to attack communications networks and public utilities. In 2022, an FBI investigation found that Huawei equipment can be used to disrupt U.S. military communications, including those about the U.S. nuclear arsenal.

Congress began receiving warnings about Huawei as early as 2012, when a U.S. House Permanent Select Committee on Intelligence report [PDF] concluded that using equipment made by Huawei and ZTE, another Chinese telecommunications company, could “undermine core U.S. national security interests.” In 2018, six U.S. intelligence chiefs, including the directors of the CIA and FBI, cautioned Americans against using Huawei products, warning that the company could conduct “undetected espionage.”

At the heart of Washington’s concerns is 5G, the latest technology standard for cellular networks, which provides faster get speeds for smartphones, connects devices in smart cities, and supports autonomous vehicles and robots. “5G is a different type of risk versus 4G or 3G. It’s much harder to separate the core from the periphery,” says CFR’s Adam Segal. “Once you have those risks, you have to trust the company much more. But it is difficult to trust Huawei, given the relationship between companies and the Communist Party.”

Intellectual property theft. U.S. companies and global telecom firms have for years accused Huawei of stealing trade secrets, starting with Cisco’s 2003 lawsuit alleging that its source code appeared in Huawei products. (The suit was later settled.) In 2017, a U.S. jury found Huawei guilty of stealing intellectual property from T-Mobile, and in 2020, the U.S. Justice Department charged Huawei with racketeering conspiracy and conspiracy to steal trade secrets. According to the indictment, these violations allowed Huawei to “drastically cut its research and development costs and associated delays, giving the company a significant and unfair competitive advantage.” 

Trade violations. The United States claims that Huawei has violated sanctions on Iran and North Korea. A federal indictment unsealed in January 2019 against Meng Wanzhou, Huawei’s chief financial officer and Ren’s daughter, said that Huawei defrauded banks in order to do business with Iran and obstructed justice in the process by destroying evidence. Meng was detained in Canada in 2018 at the request of the United States, which was seeking her extradition. In 2021, she reached a deferred prosecution agreement with the U.S. Justice Department, which later dropped the charges against her.

How much sway does Beijing have over tech companies?

The government has considerable sway over Chinese private companies through heavy regulation, including the requirement that they establish CCP branches within them, and state-backed investment. Executives of many of the biggest companies are party members, including Alibaba cofounder Jack Ma and Huawei founder Ren, who served as an engineer in the People’s Liberation Army during the Cultural Revolution.

Under President Xi Jinping, the lines between public and private have become even more blurred. Experts have observed that the CCP is working to boost its influence over private industry, especially tech companies. In accurate years, state-run companies and local governments have invested more in private firms. Foreign news organizations have also reported that the government could start pressuring tech companies to offer the party direct ownership stakes and give party members even greater roles in management. While there is no evidence that this has happened at Huawei, Beijing has taken a stake in an entity owned by ByteDance, the parent of video-sharing monolith TikTok.

Some experts and U.S. officials also point to vague Chinese laws that could be used to force Huawei to help the government with intelligence gathering. For example, the National Security Law [PDF], enacted in 2015, states that citizens and enterprises have the “responsibility and obligation to maintain national security.” The 2017 National Intelligence Law [PDF] declared that Chinese companies must “support, assist, and cooperate with” China’s intelligence-gathering authorities. These laws have prompted additional U.S. concerns that TikTok could share user data with the Chinese government. 

Huawei has distanced itself from the CCP, repeatedly asserting that its equipment has never been used, and will never be used, to spy. In January 2019, Ren said he “would never harm the interest of my customers” and that Huawei would not answer government requests for intelligence. In May 2018, Huawei commissioned a report [PDF] from a Chinese law firm supporting its argument that it cannot be forced to spy, but other lawyers in China and around the world said the law has never been tested. The Chinese government has also gone to bat for Huawei, saying it would “take all necessary measures to safeguard” Chinese companies.

How did Huawei become so dominant?

Huawei became the world’s largest telecommunications company over three decades, reporting $138 billion in revenue in 2020, a 12 percent jump from the previous year. This success has helped drive suspicion that the Chinese government has played a more significant role in the company in accurate years than its leaders have let on.

In 1996, both the government and military began treating Huawei as an official “national champion,” a status reserved for firms that bolster China’s strategic aims. The move highlighted a shift in official policy. From then on, Beijing explicitly supported domestic telecom companies—and Huawei even more than others [PDF]—to prevent foreign domination of the industry. The Chinese government ensured Huawei had easy access to financing and high levels of government subsidies—up to $75 billion in state support since the company was founded. 

These underpinnings have allowed Huawei to price its network equipment below foreign competitors’ rates; a European Commission investigation found that Huawei has underbid its competitors by up to 70 percent. Experts said that Huawei’s prices would not have even covered the cost of producing their parts without subsidies. Chinese state banks also provide countries with low-interest loans to use Huawei’s equipment.

Huawei says its low prices are the result of technological expertise—a claim with some merit, according to industry experts. Huawei’s annual research and development (R&D) budget is among the world’s largest, and Ren says his firm spends more on it than most publicly listed firms can. At over $22 billion in 2021, Huawei’s R&D expenditures rank alongside those of Alphabet (Google’s parent company) and Amazon; when R&D is measured as a percentage of sales, Huawei’s expenditures are proportionally double.

U.S. actions against Huawei continued to build throughout the Trump presidency: in 2019, Trump signed an executive order prohibiting U.S. companies from doing business with Huawei, and the Commerce Department added the company to its “entity list,” restricting it from buying U.S. goods. Shortly after, Google said it would restrict Huawei’s access to its products, including its Android operating system; a new Huawei phone unveiled later in the year didn’t come with Android apps.

The department cracked down further in May 2020, issuing new rules to block foreign semiconductor manufacturers that use U.S. machines and software from shipping products to Huawei without a license. Prior to the bans, Huawei said it relied on U.S. software, microchips, specialty lasers, and other products for one-third of its supply chain, amounting to $11 billion. More than one hundred Huawei affiliates have been added to the commerce department’s entity list since then, crippling the company’s ability to obtain critical U.S. goods. 

Other government agencies have followed suit. In November 2019, the Federal Communications Commission (FCC) voted to designate Huawei and ZTE as national security threats, which prevents U.S. internet providers from using federal funds to purchase the tech companies’ equipment. Huawei filed a legal challenge, but the FCC’s decision went into effect in June 2020. That same year, Congress provided $1.9 billion to the FCC for the agency to remove Huawei equipment from existing U.S. networks. The Trump administration also imposed visa restrictions on Huawei employees it says contribute to human rights abuses committed by the Chinese government, including against Uyghurs in China’s Xinjiang region

President Joe Biden has upheld restrictions against Huawei and introduced new bans that have further hamstrung the company. In November 2021, Biden signed a bill aimed at preventing Huawei and ZTE from receiving equipment-making licenses from U.S. regulators, including the FCC. A year later, in November 2022, the FCC adopted new rules that prohibited the sale of some communications equipment made by Huawei or ZTE in the United States, citing “unacceptable” national security risk. And in January 2023, the Biden administration stopped providing licenses for U.S. companies to export goods to Huawei. Biden has also taken such measures beyond Huawei, signing legislation that precludes any Chinese manufacturer from obtaining chips or chipmaking equipment made with U.S. parts anywhere in the world.

Despite the restrictions, the Commerce Department has allowed some business activities that it says do not pose significant risks to U.S. national security. Since 2017, the Trump and Biden administrations have allowed over $60 billion [PDF] in transactions between Huawei and U.S. firms. 

Some critics say that while the restrictions have handicapped Huawei, they would be even more effective if combined with a U.S.-led alternative. “A principal reason that the United States has not had more success in persuading countries not to use Huawei equipment is that it cannot offer an alternative,” CFR’s David Sacks writes. “The United States does not and will not have a company that is competitive in the full stack of 5G equipment.”

 To get more countries to wean off Huawei, Sacks argues that the United States should finance European competitors’ 5G networks and develop open radio access networks, a system that would allow multiple companies to provide different components of a singular 5G network. Meanwhile, it should fund research and development to better compete in sixth-generation (6G) technology, which is expected to replace 5G within fifteen years.

How has Huawei responded to the bans?

It’s not just the United States that has banned Huawei. Washington has pressured its allies to follow suit, even threatening to stop sharing intelligence with countries that use Huawei. The countries of the so-called Five Eyes intelligence alliance—The United States, Australia, Canada, New Zealand, and the United Kingdom—have banned or are rolling out bans of Huawei. Other U.S. partners, such as Belgium, Denmark, Estonia, France, Lithuania, Poland, Romania, and Sweden have restricted the use of Huawei equipment in the construction of their 5G networks. 

Experts say that the bans have caused Huawei to reprioritize its domestic market due to a shortage of international business. In 2020, Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest chip supplier, halted business with Huawei, citing U.S. export controls. TSMC had supplied over 90 percent of Huawei’s smartphone chips. Because of the semiconductor restrictions, Huawei has had “to exit whole lines of business, because [they] don’t have access to advanced semiconductors because of these export controls,” CFR’s Sacks says. While Huawei accumulated a limited number of semiconductors before the bans took effect, it reportedly ran out in late 2022. The shortage has hurt Huawei’s bottom line: in 2021, the company reported $95 billion in revenue—a 23 percent drop from 2019 levels.

Why are some countries resisting the bans?

Other countries, especially those participating in China’s Belt and Road Initiative, are already using or have agreed to use Huawei’s equipment to build 5G networks.

Many have been attracted by the company’s ability to provide high-quality networks for low prices. Huawei is helping Malaysia and Russia build their 5G networks, and it has signed contracts to build 5G networks for a number of countries in Latin America.

Authorities in potential markets that have not ruled out using Huawei, including several European countries, argue that security risks are inherent in all 5G networks, regardless of the supplier. They acknowledge, however, that the risks are higher for Huawei. Officials in these countries say they prefer to keep their auctions for 5G construction open to all firms and will tighten security measures to minimize any risks. 

Analysts say U.S. policymakers have not come up with a better option for low-income countries, especially as 5G networks are dominated by just three firms: Huawei, the Finnish firm Nokia, and the Swedish firm Ericsson. Even after U.S. restrictions went into place, many low-income countries still chose Huawei, which is frequently the cheapest option, to build their 5G networks.

 “We still haven't really addressed the larger issue, which is that developing countries and other countries have connectivity demands and Chinese tech is cheap and reliable,” says CFR’s Segal.

While many of us were enjoying some time off for Thanksgiving, the US government took drastic action against Huawei and four other Chinese companies. The hardest hit are Huawei and ZTE, as the ban prevents any new products from being approved for the US market. The other three companies are Dahua and Hikvision, which make video surveillance equipment, and Hytera, which makes radio systems. FCC Commissioner Brendan Carr noted the seriousness of the decision.

[As] a result of our order, no new Huawei or ZTE equipment can be approved. And no new Dahua, Hikvision, or Hytera gear can be approved unless they assure the FCC that their gear won’t be used for public safety, security of government facilities, & other national security purposes.

There is even the potential that previously approved equipment could have its authorization pulled. The raw FCC documents are available, if you really wish to wade through them. What’s notable is that two diametrically opposed US administrations have both pushed for this ban. It would surely be interesting to get a look at the classified reports detailing what was actually found. Maybe in another decade or two, we can make a Freedom of Information Act request and finally get the full story.

Fuzzing for Recollapse

[0xacb] has a fun new technique to share, that he calls REcollapse. It’s all about regular expressions that get used in user input validation and sanitation. Regex is hard to really get right, and is full of quirks in how different languages and libraries implement it. A simple example is an email address that contains “punycode” — non-ASCII Unicode characters. It’s perfectly legitimate for an address to contain Unicode, but many normalization schemes collapse unicode strings down into the nearest approximation of ASCII. Take exámple.com and example.com. If some part of a web service sees these as the same thing, and another backend service keeps sees them as unique, that mismatch could allow account takeover. Enter your email here to receive a password reset link.

The novel thing here is a structured approach to fuzzing for these problems. [0xacb] suggests identifying “regex pivot positions”, places in a string where there could be unexpected or inconsistent regex matching. A very different example of this is the end-of-string symbol, $. A developer might use this to specify that a given pattern should only be matched when it’s at the very end of a string. But what happens when there’s a newline embedded in the string? It depends on the language. Yikes!

REcollapse is now available as an Open Source tool, and works great to feed fuzzing inputs into an automated tool. Run it against a target, and watch for different responses. Find something good enough, and profit!

Phishing With Smart Watches

The team at Cybervelia have cooked up yet another way to spear-phish a target. Many of us have smart watches, and one of the most useful functions of those wrist-mounted marvels is to glance at a SMS or other message without fishing out a phone. Could an attacker, with a Bluetooth Low Energy antenna, spoof a text message to a nearby smart watch? After some reverse engineering work, absolutely. With the right message, like “need help, 2nd floor”, the target might just start moving without checking the phone and discovering the spoof.

Real-time Malware Hunting

This one’s fun, as the researchers at Phylum found yet another malicious PyPi package campaign back on the 15th. Their tooling alerted them to the activity very early in the campaign, as packages were being uploaded and the payload was still being fine-tuned. That payload was being developed on Github, so there was only one thing to do.

The union of memes and security research is a wondrous thing. The packages were reported, removed, and it looks like this particular malware campaign was eliminated before it really got started.

This does lead to a hilarious tangent from Phylum, about some of the laughably terrible attempts at malware they’ve discovered in other campaigns. There’s a certain poetic justice to be found in malware refusing to run, because the deobfuscation routine checks for the acknowledgement string and errors out when it’s tampered with.

Lastpass Breach Continued

Lastpass has updated their security incident report, noting that there seems to have been follow-on access of data. They noticed “unusual activity within a third-party cloud storage service”, which usually means Amazon’s AWS. The story here seems to be that a token to the storage service was snagged during the August compromise, and was just now used for more mischief. This does raise some uncomfortable questions about how well Lastpass understands what data was accessed in the earlier breach. That said, cleaning up after an incident is a complicated task, and missing a single AWS token in the action is all too easy.

Another “Legitimate” Commercial Spyware Vendor

In the just-what-we-needed category, the latest report from Google’s Threat Analysis Group names Variston as previously unknown player in the commercial malware game. Like NSO Group and others, Variston seems to have access to 0-day exploits in multiple devices and platforms.

A trio of bug reports were opened in the Chrome bug system, and each contained a mature framework and exploit code for a serious bug. Each of these were known and fixed bugs, but piecing together the clues would indicate that they were being used as 0-days by a vendor, probably Variston. It’s not uncommon for the “legitimate” spyware authors like the NGO Group, the NSA, and others, to properly report bugs once they’ve finished exploiting them, or assumably once a target has discovered the exploit.

500 Years Later

There’s a concept in encryption, that pretty much any encryption scheme is theoretically breakable, given enough time and technological innovation. As an example, see the rate at which quantum computers are developing, and the predicted breakdown of some classical crypto. The philosophy that spills out of this reality is that crypto just needs to be strong enough, that the secrets being protected are entirely stale by the time technology and computing power catch up. Which finally brings us to the story, that Emperor Charles V got nearly 500 years out of his cipher. Probably strong enough.

It turns out that this cipher had some clever elements, like multiple symbols that didn’t mean anything at all, just to make it harder to figure out. The real breakthrough was finding a cipher text that had been loosely translated. It was enough to finally figure out the basic rules. So what was in the central letter that was finally deciphered? Political maneuvering, fears of assassination, and a conspiracy to spread fake news to downplay a setback. Some things never change.

Font Fingerprint

There was a Reddit post over the break that caught our attention, where a user wired money online from his bank in England to Kenya, to pay for a trip. It was a legitimate transaction, but triggered the fraud protection from his bank. In the conversation with the fraud department, one of the flags for possible fraud surprised the Redditor in question: You have TeamViewer installed on your computer.

Now wait. That’s a bit disconcerting, a website can see your list of installed programs? No, not directly. There is no web API to list applications, at least, not since ActiveX died. However, there is an API to list installed fonts. And since Teamviewer brings its own font, it’s pretty easy to detect when it’s installed. And let’s face it, a remote controlled desktop is a reasonable flag for malicious activity. So now you know, your fonts may just be fingerprinting you.

Bits and Bytes

The Google Play store has ejected a pair of mildly popular apps, that were spying on users’ SMS messages. The data collection was incidental, and the real point was to enable fake accounts on various web services, using the victim’s cell phone numbers. Need a hundred Twitter accounts? Rent access to a hundred compromised phones, to use those numbers for the activation flow.

Need to get something past a plagiarism checker? Just rot13 and change the font! It’s a silly demonstration, but it does indeed work. Make your own font to change the letter mapping, and then apply the reverse mapping to the underlying text. To the human eye, it’s the same, but to an automated tool it’s garbage. Save as PDF, and off you go. While circumventing a plagiarism filter is a bad idea, this could have other, more positive uses, like censorship circumvention.

Black Hat 2022 videos are available, only three months later. There are some fun presentations in here, like the Starlink hack, analysis of real-world malware campaigns, and lots of software getting compromised. Enjoy!

Introduction to Cybersecurity

This course will introduce many fundamental cybersecurity concepts. The course will teach students to think about information systems using an adversarial mindset, evaluate risk to information systems, and introduce controls that can be implemented to reduce risk. subjects will include authentication systems, data security and encryption, risk management and security regulatory frameworks, networking and system security, application security, organizational and human security considerations, and societal implications of cybersecurity issues. These subjects will be discussed at an introductory level with a focus on applied learning through hands-on virtual lab exercises. Lecture 3 (Fall, Spring).

Software Development and Problem Solving I

A first course introducing students to the fundamentals of computational problem solving. Students will learn a systematic approach to problem solving, including how to frame a problem in computational terms, how to decompose larger problems into smaller components, how to implement innovative software solutions using a contemporary programming language, how to critically debug their solutions, and how to assess the adequacy of the software solution. Additional subjects include an introduction to object-oriented programming and data structures such as arrays and stacks. Students will complete both in-class and out-of-class assignments. Lab 6 (Fall, Spring).

Software Development and Problem Solving II

A second course that delves further into computational problem solving, now with a focus on an object-oriented perspective. There is a continued emphasis on basic software design, testing & verification, and incremental development. Key subjects include theoretical abstractions such as classes, objects, encapsulation, inheritance, interfaces, polymorphism, software design comprising multiple classes with UML, data structures (e.g. lists, trees, sets, maps, and graphs), exception/error handling, I/O including files and networking, concurrency, and graphical user interfaces. Additional subjects include basic software design principles (coupling, cohesion, information expert, open-closed principle, etc.), test driven development, design patterns, data integrity, and data security. (Prerequisite: C- or better in SWEN-123 or CSEC-123 or GCIS-123 or equivalent course.) Lab 6 (Fall, Spring, Summer).

General Education – Mathematical Perspective A: Project-Based Calculus I

This is the first in a two-course sequence intended for students majoring in mathematics, science, or engineering. It emphasizes the understanding of concepts, and using them to solve physical problems. The course covers functions, limits, continuity, the derivative, rules of differentiation, applications of the derivative, Riemann sums, definite integrals, and indefinite integrals. (Prerequisite: A- or better in MATH-111 or A- or better in ((NMTH-260 or NMTH-272 or NMTH-275) and NMTH-220) or a math placement test score greater than or equal to 70 or department permission to enroll in this class.) Lecture 6 (Fall, Spring, Summer).

General Education – Mathematical Perspective B: Project-Based Calculus II

This is the second in a two-course sequence intended for students majoring in mathematics, science, or engineering. It emphasizes the understanding of concepts, and using them to solve physical problems. The course covers techniques of integration including integration by parts, partial fractions, improper integrals, applications of integration, representing functions by infinite series, convergence and divergence of series, parametric curves, and polar coordinates. (Prerequisites: C- or better in (MATH-181 or MATH-173 or 1016-282) or (MATH-171 and MATH-180) or equivalent course(s).) Lecture 6 (Fall, Spring, Summer).

Discrete Mathematics for Computing

This course introduces students to ideas and techniques from discrete mathematics that are widely used in Computer Science. Students will learn about the fundamentals of propositional and predicate calculus, set theory, relations, recursive structures and counting. This course will help increase students’ mathematical sophistication and their ability to handle abstract problems. (Co-requisites: MATH-182 or MATH-182A or MATH-172 or equivalent courses.) Lecture 3 (Fall, Spring).

Introduction to Routing and Switching

This course provides an introduction to wired network infrastructures, topologies, technologies, and the protocols required for effective end-to-end communication. Basic security concepts for TCP/IP based technologies are introduced. Networking layers 1, 2, and 3 are examined in-depth using the International Standards Organization’s Open Systems Interconnection and TCP/IP models as reference. Course subjects focus on the TCP/IP protocol suite, the Ethernet LAN protocol, switching technology, and routed and routing protocols common in TCP/IP networks. The lab assignments mirror the lecture content , providing an experiential learning component for each syllabu covered. (Prerequisites: NSSA-102 or CSEC-101 or CSEC-140 or NACT-151 or CSCI-250 or equivalent courses.) Lab 2 (Fall, Spring).

RIT 365: RIT Connections

RIT 365 students participate in experiential learning opportunities designed to launch them into their career at RIT, support them in making multiple and varied connections across the university, and immerse them in processes of competency development. Students will plan for and reflect on their first-year experiences, receive feedback, and develop a personal plan for future action in order to develop foundational self-awareness and recognize broad-based professional competencies. Lecture 1 (Fall, Spring).

General Education – Ethical Perspective

General Education – Global Perspective

General Education – First Year Writing (WI)

Cooperative Education Seminar

This course helps students prepare for co-operative education employment (“co-op”) by developing job search strategies and material. Students will explore current and emerging aspects of the Computing Security field with employers, alumni and current students who have already been on co-op. Students are introduced to RIT’s Office of Career Services and Cooperative Education and learn about professional and ethical responsibilities for their co-op and subsequent professional experiences. Students will work collaboratively to build résumés and to prepare for interviews. (Prerequisites: This class is restricted to students with at least 2nd year standing.) Lecture 1 (Fall, Spring).

Programming for Information Security

This course builds upon basic programming skills to give students the programming knowledge necessary to study computing security. Students will be introduced to network programming, memory management, and operating system calls along with associated security concepts. Specific focus will placed on understanding the compilation process and on the relation between high-level programming concepts and low-level programming concepts, culminating in identifying and exploiting memory corruption vulnerabilities. (Prerequisites: (CSEC-101 or CSEC-102 or CSEC-140) and (CSEC-124 or SWEN-124 or GCIS-124 or CSCI-142 or CSCI-140 or CSCI-242) or equivalent courses.) Lecture 3 (Fall, Spring).

Reverse Engineering Fundamentals

This course will teach students the core concepts needed to analyze unknown source code. Students will study a variety of low-level programming languages and how high-level programming language structures relate to low-level programming languages. Students will learn study tools and techniques used for both static and dynamic analysis of unknown binaries, providing the foundation for further study in malware analysis. (Prerequisite: CSEC-201 or equivalent course.) Lec/Lab 3 (Fall, Spring).

Cooperative Education in CSEC (summer)

Students will gain experience and a better understanding of the application of technologies discussed in classes by working in the field of computing security. Students will be evaluated by their employer. If a transfer student, they must have completed one term in residence at RIT and be carrying a full academic load. (Enrollment in this course requires permission from the department offering the course.) CO OP (Fall, Spring, Summer).

Probability and Statistics I

This course introduces sample spaces and events, axioms of probability, counting techniques, conditional probability and independence, distributions of discrete and continuous random variables, joint distributions (discrete and continuous), the central limit theorem, descriptive statistics, interval estimation, and applications of probability and statistics to real-world problems. A statistical package such as Minitab or R is used for data analysis and statistical applications. (Prerequisites: MATH-173 or MATH-182 or MATH 182A or equivalent course.) Lecture 3 (Fall, Spring, Summer).

3

   Linear Algebra

This course is an introduction to the basic concepts of linear algebra, and techniques of matrix manipulation. subjects include linear transformations, Gaussian elimination, matrix arithmetic, determinants, vector spaces, linear independence, basis, null space, row space, and column space of a matrix, eigenvalues, eigenvectors, change of basis, similarity and diagonalization. Various applications are studied throughout the course. (Prerequisites: MATH-190 or MATH-200 or MATH-219 or MATH-220 or MATH-221 or MATH-221H or equivalent course.) Lecture 3 (Fall, Spring).

   Probability and Statistics II

Learn how data furthers understanding of science and engineering. This course covers basic statistical concepts, sampling theory, hypothesis testing, confidence intervals, point estimation, and simple linear regression. A statistical software package such as MINITAB will be used for data analysis and statistical applications. (Prerequisites: MATH-251. NOTE: Students cannot receive credit for both MATH-252 and STAT-257 nor for both STAT-205 and STAT-257.) Lecture 3 (Fall, Spring).

Systems Administration I

This course is designed to give students an understanding of the role of the system administrator in large organizations. This will be accomplished through a discussion of many of the tasks and tools of system administration. Students will participate in both a lecture section and a separate lab section. The technologies discussed in this class include: operating systems, system security, and service deployment strategies. (Prerequisites: NSSA-241 and (NSSA-220 or CSCI-141 or GCIS-123) or equivalent courses.) Lab 2 (Fall, Spring).

Network Services

This course will investigate the protocols used to support network based services and the tasks involved in configuring and administering those services in virtualized Linux and Windows internet working environments. subjects include an overview of the TCP/IP protocol suite, in-depth discussions of the transport layer protocols, TCP and UDP, administration of network based services including the Dynamic Host Configuration Protocol (DHCP), Domain Name Service (DNS), Secure Shell (SSH), and Voice Over IP (VoIP). Students completing this course will have thorough theoretical knowledge of the Internet Protocol (IP), the Transport Control Protocol (TCP), and the User Datagram Protocol (UDP), as well as experience in administering, monitoring, securing and troubleshooting an internet work of computer systems running these protocols and services. (Prerequisites: NSSA-241 and (NSSA-220 or CSCI-141 or GCIS-123) and NSSA-221 or equivalent courses.) Lab 4 (Fall, Spring).

General Education – Artistic Perspective

General Education – Social Perspective

General Education – Natural Science Inquiry Perspective‡

General Education – Scientific Principles Perspective‡

Introduction to Cryptography

This course provides an introduction to cryptography, its mathematical foundations, and its relation to security. It covers classical cryptosystems, private-key cryptosystems (including DES and AES), hashing and public-key cryptosystems (including RSA). The course also provides an introduction to data integrity and authentication. (Prerequisites: (CSCI-243 or SWEN-262 or CSEC-202) and (MATH-190 or MATH-200) or equivalent courses.) Lecture 3 (Fall, Spring, Summer).

Principles of Web Application Security

This course is designed to give students a foundation in the theories and practice relating to web application security. The course will introduce students to the concepts associated with deploying and securing a typical HTTP environment as well as defensive techniques they may employ. (Prerequisites: (CSEC-101 or CSEC-102 or CSEC-140) and NSSA-245 or equivalent courses.) Lecture 3 (Spring).

Authentication and Security Models (WI-PR)

Access control and authentication systems are some of the most critical components of cybersecurity ecosystems. This course covers the theory, design, and implementation of systems used in identification, authentication, authorization, and accountability processes with a focus on trust at each layer. Students will examine formal models of access control systems and approaches to system accreditation, the application of cryptography to authentication systems, and the implementation of IAAA principles in modern operating systems. A special focus will be placed on preparing students to research and write about future subjects in this area. (Prerequisites: CSEC-362 or CSCI-462 or equivalent course.) Lec/Lab 3 (Fall, Spring).

Cooperative Education in CSEC (summer)

Students will gain experience and a better understanding of the application of technologies discussed in classes by working in the field of computing security. Students will be evaluated by their employer. If a transfer student, they must have completed one term in residence at RIT and be carrying a full academic load. (Enrollment in this course requires permission from the department offering the course.) CO OP (Fall, Spring, Summer).

Introduction to Database and Data Modeling

A presentation of the fundamental concepts and theories used in organizing and structuring data. Coverage includes the data modeling process, basic relational model, normalization theory, relational algebra, and mapping a data model into a database schema. Structured Query Language is used to illustrate the translation of a data model to physical data organization. Modeling and programming assignments will be required. Note: students should have one course in object-oriented programming. (Prerequisites: ISTE-120 or ISTE-200 or IGME-101 or IGME-105 or CSCI-140 or CSCI-142 or NACA-161 or NMAD-180 or BIOL-135 or GCIS-123 or equivalent course.) Lec/Lab 3 (Fall, Spring).

Cyber Security Policy and Law

Why are we still so bad at protecting computer systems? Is it because we don’t have good enough technology? Or because we lack sufficient economic incentives to implement that technology? Or because we implement technologies but then fail to use them correctly? Or because the laws governing computer security are so outdated? Or because our legal frameworks are ill-equipped to deal with an international threat landscape? All these reasons—and others— have been offered to explain why we seem to see more and more large-scale cybersecurity incidents and show no signs of getting better at preventing them. This course will examine the non-technical dimensions of this problem—the laws and other policy measures that govern computer security threats and incidents. We will focus primarily on U.S. policy but will also discuss relevant policies in the E.U. and China, as well as international tensions and norms. The central themes of the course will be the ways in which technical challenges in security can be influenced by the social, political, economic, and legal landscapes, and what it means to protect against cybersecurity threats not just by writing better code but also by writing better policies and laws. Lecture 3 (Fall, Spring).

CSEC Electives

Open Electives

General Education – Immersion 1

Capstone in Computing Security

This is a capstone course for students in the information security and forensics program. Students will apply knowledge and skills learned and work on real world projects in various areas of computing security. Projects may require performing security analysis of systems, networks, and software, etc., devising and implementing security solutions in real world applications. (This course is restricted to INFOSEC-BS students with 4th year standing.) Lecture 3 (Fall, Spring).

Graduate Policy Analysis

This course provides graduate students with necessary tools to help them become effective policy analysts. The course places particular emphasis on understanding the policy process, the different approaches to policy analysis, and the application of quantitative and qualitative methods for evaluating public policies. Students will apply these tools to contemporary public policy decision making at the local, state, federal, and international levels. Lecture 3 (Fall).

Graduate Decision Analysis

This course provides students with an introduction to decision science and analysis. The course focuses on several important tools for making good decisions, including decision trees, including forecasting, risk analysis, and multi-attribute decision making. Students will apply these tools to contemporary public policy decision making at the local, state, federal, and international levels. Lecture 3 (Spring).

3

   Introduction to Moral Issues

This course examines ethical questions that arise in the course of day-to-day individual and social life. Some consideration will be given to ethical theory and its application to such questions, but emphasis will be on basic moral questions and practical issues. Examples of typical issues to be examined are: What are the grounds for moral obligations like keeping promises or obeying the law? How do we reason about what to do? Examples of typical moral issues that may be introduced are capital punishment, euthanasia, abortion, corporate responsibility, the treatment of animals, and so forth. Lecture 3 (Fall, Spring).

   Foundations of Moral Philosophy

This course is a survey of foundational, and normative, approaches to moral philosophy and their motivating moral questions. subjects will include virtue ethics, deontology, consequentialism, and other approaches. Some of the questions to be examined are: How is human nature related to morality? What are the grounds for moral obligations? Is there an ultimate moral principle? How do we reason about what to do? Can reason determine how we ought to live? What are moral judgments? Are there universal goods? What constitutes a morally worthwhile life? Can morality itself be challenged? Lecture 3 (Fall).

   Professional Ethics

This course critically examines ethical issues that arise in professional life. The course will examine not only the general relationship between ethics and professional life but the particular consequences of ethical considerations within the student's own profession and the professions of others with whom the student must live and work. Lecture 3 (Fall).

CSEC Electives

General Education – Immersion 2, 3

Readings in Public Policy

An in-depth inquiry into key contemporary public policy issues. Students will be exposed to a wide range of important public policy texts, and will learn how to write a literature review in a policy area of their choosing. (This class is restricted to degree-seeking graduate students or those with permission from instructor.) Seminar (Fall).

Evaluation and Research Design

The focus of this course is on evaluation of program outcomes and research design. Students will explore the questions and methodologies associated with meeting programmatic outcomes, secondary or unanticipated effects, and an analysis of alternative means for achieving program outcomes. Critique of evaluation research methodologies will also be considered. Seminar (Spring).

Graduate Science and Technology Policy Seminar

Examines how federal and international policies are developed to influence research and development, innovation, and the transfer of technology in the United States and other selected nations. Students in the course will apply basic policy skills, concepts, and methods to contemporary science and technology policy topics. (This class is restricted to degree-seeking graduate students or those with permission from instructor.) Seminar (Fall).

Public Policy Graduate Electives

Graduate Elective

6

   Capstone Research Experience

The Public Policy Capstone Experience serves as a culminating experience for those MS in Science, Technology and Public Policy students who chose this option in the Public Policy Department. Over the course of the semester, students will have the opportunity to investigate and address contemporary subjects in science and technology policy using analytic skills and theoretical knowledge learned over the course of their MS degree. Project 1 (Fall, Spring, Summer).

   Public Policy Thesis

The master's thesis in science, technology, and public policy requires the student to select a thesis topic, advisor and committee; prepare a written thesis proposal for approval by the faculty; present and defend the thesis before a thesis committee; and submit a bound copy of the thesis to the library and to the program chair. (Enrollment in this course requires permission from the department offering the course.) Thesis 3 (Fall, Spring, Summer).

   Comprehensive test Research plus 2 Graduate electives

150

MUNICH, Germany — As the world’s security elite gathers in Munich this week, they’ll be connecting their mobile phones to Chinese telecoms equipment surrounding the venue.

Heads of state, security chiefs, spooks and intelligence officials head to Germany on Friday for their blue-riband annual gathering, the Munich Security Conference. On the event’s VIP list are U.S. Vice President Kamala Harris, German Chancellor Olaf Scholz, French President Emmanuel Macron and hundreds more heads of state and government, ministers and foreign dignitaries.

The gathering takes place at the five-star Hotel Bayerischer Hof. From its ice-themed Polar Bar on the hotel’s rooftop, you can overlook the city's skyline, spotting multiple telecommunications antennas poking between church steeples. Some of these antennas, within 300 meters of the hotel, are equipped with hardware supplied by controversial Chinese telecoms giant Huawei, POLITICO has learnt through visual confirmation, talks with several equipment experts and information from industry insiders with knowledge of the area’s networks. 

One mast, on top of the Hotel Bayerischer Hof building itself, is also potentially equipped with Huawei gear, talks with two industry insiders suggested.

The question of whether to allow Chinese 5G suppliers into Western countries in past years became a bone of contention between Berlin on the one hand and Washington and like-minded partners on the other. This week’s gathering also comes as the U.S. continues to call out Germany’s economic reliance on Beijing, with a new report showing the German trade deficit with China exploded in 2022, and amid sky-high tensions between Washington and Beijing over surveillance balloons hovering over the U.S., Canada and elsewhere.

“The dependence on Huawei components in our 5G network continues to pose an incalculable security risk,” said Maximilian Funke-Kaiser, liberal member of the German Bundestag and digital policy speaker for the government party Free Democratic Party (FDP). 

“The use of Huawei technology in the mobile network here runs counter to Germany's security policy goals,” Funke-Kaiser said, calling the vendor’s involvement in German 4G and 5G “a mistake in view of the Chinese company's closeness to the state.”

Huawei has consistently denied posing a security risk to European countries. 

Delving into data

Despite extensive reporting, POLITICO was unable to gather on-the-record confirmation of which vendor’s telecoms equipment was used for which masts. Operators and vendors refused to disclose the information, citing contractual obligations, and local authorities said they didn’t have the information available.

The security risks associated with Huawei equipment also vary, and differ even among close allies in the West. Some capitals argue the real risk of Chinese telecoms equipment is the overreliance on a Chinese firm in an unstable geopolitical situation — much like Europe relied on Russian gas for its energy needs.

But others argue that the risk runs deeper and that China could use Huawei’s access to equipment and data in European mobile networks — especially in areas of critical importance and high sensitivity — to put the West’s security at risk. Huawei has been implicated in a number of high-profile espionage cases, including at the African Union Headquarters.

When asked about Huawei’s presence in Munich, Mike Gallagher, a Republican and Chairman of the U.S. House select committee on China, said POLITICO’s findings were “troubling” and “should concern every individual attending the conference.” 

The chair of the U.S. Senate intelligence committee, Mark Warner, a Democrat who’s attending the conference, said it was “a timely reminder that we must continue to work with like-minded allies to promote secure and competitively priced alternatives to Huawei equipment.”

U.S. Senate intelligence committee Vice Chair Marco Rubio (Republican, Florida) said U.S. diplomats “should be aware of the risks and take necessary precautions.”

Munich networking

From a 2007 speech by Russia’s Vladimir Putin to U.S. President Joe Biden’s virtual address at the start of his mandate in February 2021, the conference strives to set the global diplomatic and international relations agenda. Its organizers see it as an open space for debating geopolitics and world affairs, with attendees ranging from across the world and an advisory board where Chinese state officials sit alongside Western diplomats and titans of industry.

The conference’s guest list reveals something else too: The gathering is seen as critical by U.S. government officials. This year, the U.S. is sending its largest delegation yet, with Harris flanked by dozens of government officials, security chiefs and congresspeople, including Democrat leader Chuck Schumer, Republican leader Mitch McConnell and others.

For these U.S. attendees — and the Western partners that see eye to eye with the U.S. position on China’s telecoms giant Huawei — the networks around the premises prove troublesome.

An online map on the website of Germany’s telecoms agency, the Bundesnetzagentur, shows 13 locations for masts and antennas surrounding the Hotel Bayerischer Hof. The agency also provides information about which of the country’s three main operators — Deutsche Telekom, Vodafone and Telefónica — use which locations. 

POLITICO shared photos of seven masts near the hotel with four experts specialized in telecoms radio access network (RAN) equipment. These experts established that at least two were equipped with gear of Chinese telecoms giant Huawei.

If a network operator has one mast equipped with Huawei in Munich, it likely equips all masts in the area with the same vendor, two industry insiders said. Operators usually use one provider for larger areas. This means at least one other location is also likely equipped with Huawei gear, the insiders said. Three other locations, including the mast on the roof of the conference venue, are used by an operator using Huawei equipment but those locations are part of infrastructure that is shared by several operators, meaning there's a chance these are equipped with Huawei gear but it's unconfirmed. 

The findings are in line with accurate reports on Germany’s telecoms infrastructure.

Europe’s largest economy is a stronghold for Huawei in the West. A report by boutique telecoms intelligence firm Strand Consult estimated that Germany relies on Chinese technology for 59 percent of its ongoing 5G network deployment. The country already had a massive reliance on Chinese equipment in its 4G network, where Strand estimated Huawei accounts for 57 percent. 

“If you look at the percentage of Chinese equipment in Germany, you could say it is the most unsafe country in Europe,” said John Strand, founder of Strand Consult. “Welcome to the Munich Security Conference: We can’t ensure your security,” he quipped.

Black hole of telecoms intelligence

Establishing with certainty just how many of the 13 masts are equipped with Chinese telecoms gear is extremely difficult. Both German operators and their vendors have a policy to not communicate what equipment they’re using in which locations, citing contractual obligations on confidentiality. 

Deutsche Telekom and Vodafone confirmed that they use Huawei in their German antenna networks. Telefónica said they use “a mix of European and international network suppliers” in Germany. Yet, all declined to comment on whether they use Huawei in Munich. 

Ericsson, Nokia and Huawei all declined to comment on whether they were providing gear in the greater Munich area, referring questions to the local operators.

Government regulators, too, divulge no details of which suppliers provide gear for certain locations. The Federal Network Agency and the Federal Office for Information Security admitted they don’t know which equipment is fitted to which mast; both referred to the interior ministry for answers. The interior ministry said it “does not usually know which critical components are installed on which radio mast in detail.”

The Hotel Bayerischer Hof forwarded questions about mobile infrastructure on its roof to the security conference’s organizers.

The Munich Security Conference itself said in a statement: “As a matter of principle, we do not comment on the exact details of the infrastructure used for the main conference in Munich. We are in close contact with all relevant authorities in order to secure the conference venue, the participants and the digital space accordingly.” 

The Federal Office for Information Security (BSI) does provide its own security networks for official events, but the Munich Security Conference is “outside the responsibility of the BSI,” the BSI said in an email.

Germany's telecoms ambiguity

Through its 5G equipment it is feasible for Huawei to spy on users of a network or to disrupt communications as the very design of 5G makes it harder to monitor security, the head of the U.K.'s intelligence service MI6, Alex Younger, said to an audience in his second public speech.

But John Lee, director of the consultancy East-West Futures and an expert on Chinese digital policy, said it’s “not a clear cut technical case” as to whether Huawei equipment in current telecoms networks represents a material security risk.

“Some non-Western countries are proceeding to upgrade their telecoms infrastructure with Huawei as a key partner,” Lee said. “This is still mainly a political issue of how much suspicion is placed on the ambitions of the Chinese state and its relationship with Chinese companies.”

In an effort to coordinate a common approach to vendors, the EU developed “5G security toolbox” guidelines in 2019 and 2020 to mitigate security risks in networks. Some major European countries, including France, have imposed hard restrictions for their operators, including by limiting the use of “high-risk vendors” — a term widely understood across Europe to be Chinese vendors Huawei and ZTE — in certain strategic geographic areas.

In Germany, however, policymakers took years to agree on their framework for 5G security. In April 2021 — more than a year after the EU’s joint plan came out — it passed measures that allowed the government to intervene on operators’ contracts with Chinese vendors. 

But those interventions haven’t barred the use of Huawei in certain geographical areas yet. 

And the interior ministry — which has veto power to ban or recall certain components if they see them as an “impairment of public order or safety” — hasn’t intervened much either, a ministry spokesperson said via email. 

Up till now, the spokesperson said, specific orders to cut Huawei from German networks “have not been issued.” 

Alex Ward, Maggie Miller and Tristan Fiedler contributed reporting.

A Huawei employee rests under his cubicle during his lunch break in Shenzhen, China. This is a common practice at many workplaces in China, photographer Kevin Frayer said.

The Chinese company Huawei is one of the giants of the tech industry. It’s the world's largest provider of telecommunications equipment, a leader in next-generation 5G technology, and last year it passed Apple to become the second-biggest smartphone seller in the world.

But to many, especially in the West, there’s still an air of mystery around it.

And in the United States, suspicion.

A thermal engineer performs a heat test in the research-and-development area of a Huawei facility in Shenzhen.

Huawei employees leave work at the end of a week in late April.

For years, Washington has been concerned that the Chinese government could use Huawei equipment to spy on other nations. The US government says Huawei could pose a threat to national security because it’s unable to say no to the Chinese government.

Huawei has pushed back against those allegations, saying it would refuse any Chinese government requests to gain access to the technology it sells to telecom operators. But last week, the Trump administration blacklisted the company, placing it on a list of foreign firms barred from receiving components from US exporters without a license.

Huawei employees work on a production line in Dongguan, China.

A Huawei engineer displays parts in a research-and-development area.

A display for facial recognition and artificial intelligence is seen on monitors at Huawei's Bantian campus in Shenzhen.

In an effort to dispel some of the mystery surrounding it, Huawei has recently opened up its facilities to international media.

Kevin Frayer, a Getty Images photographer based in Beijing, traveled to southern China in April to visit three of Huawei’s campuses.

“My goal was to take people a step beyond the breaking news and Huawei headlines, to give them a sense of what the company looks like and to see who works there,” he said.

A worker in Huawei's cybersecurity lab works on his computer in Dongguan.

A Huawei engineer opens the door of a server unit during a tour of the cybersecurity lab in Dongguan.

Huawei has 180,000 employees worldwide. More than a third of them work at the campuses Frayer visited in Dongguan and nearby Shenzhen, which is considered China’s Silicon Valley.

The employees he encountered work in a variety of roles: production, research and development, and finance, just to name a few.

“Jobs at Huawei are coveted,” Frayer said. “It’s among the highest-paying companies in China for highly skilled workers, and many of its employees have been educated overseas and at the country’s top schools. Some of the brightest minds are hired away from other companies, and Huawei has also been luring foreign experts to join.”

Huawei employees play pool after work, at a recreation area in staff housing.

Huawei employees use treadmills in a company gym after work.

Frayer marveled at the size of the campuses he visited, especially Huawei’s headquarters in Shenzhen and the European-style research-and-development campus in Dongguan.

“When you first arrive, it is a bit overwhelming how spread out everything is,” he said. “There are restaurants and cafes, sports facilities and its own transportation system. They have villas and fancy dining rooms for high-level clients and low-cost housing for employees.

“At the new European-style campus, the buildings are designed to reflect the company founder’s training as an architect. And every day after lunch, the lights are dimmed in most offices so workers can nap, which is common at companies in China.”

An aerial view of Huawei’s European-style research-and-development campus in Dongguan.

Huawei workers look at their smartphones as they line up for lunch at the Dongguan campus.

An employee sleeps at her cubicle during her lunch break.

Frayer said the campuses feel like university campuses: quiet and relaxed, unlike much of the country.

“The only reminders that you’re in China were the crowds at lunch hour and the end of the work day,” he said.

Frayer was able to talk to some employees, and many of them expressed concern about what they see as misconceptions about the company.

“They were very aware of the political challenges and the American view, and they went to lengths to explain that Huawei is a tech company trying to innovate like any other tech company — as one engineer put it, to make things that make life easier.”

Huawei employees leave at the end of a workday in Dongguan.

A Huawei worker moves boxes on a train used by employees, clients and visitors at the campus in Dongguan.

Some of the research-and-development areas were off-limits in the interest of protecting intellectual property, and Frayer was asked at times not to photograph some clients. But overall, he said, Huawei was very open in what they allowed.

He called the company a “juggernaut” and a source of national pride in China.

“It’s hard to really know what it’s like to work there, but people generally looked happy and interested in what they are doing,” Frayer said. “You could feel that it’s big and important and it’s growing.”

An employee looks at her smartphone as a woman serves tea at a cafe on the company’s Bantian campus in Shenzhen.

A member of Huawei's reception staff arranges chairs in a private dining room that’s used for high-profile customers.

CNN’s Sherisse Pham and Julia Horowitz contributed to this report.

Kevin Frayer is a Getty Images photographer based in Beijing. Follow him on Facebook, Instagram and Twitter.

Photo editor: Brett Roegiers

China says it is “deeply concerned” over reports that the United States is moving to further restrict sales of American technology to Huawei, a tech company that U.S. officials have long singled out as a threat to national security for its alleged support of Beijing’s espionage efforts.

As first reported by the Financial Times, the U.S. Department of Commerce has informed American firms that it will no longer issue licenses for technology exports to Huawei, thereby isolating the Shenzen-based company from supplies it needs to make its products.

The White House and Commerce Department have not responded to VOA’s request for confirmation of the reports. But observers say the move may be the latest tactic in the Biden administration’s geoeconomics strategy as it comes under increasing Republican pressure to outcompete China.

The crackdown on Chinese companies began under the Trump administration, which in 2019 added Huawei to an export blacklist but made exceptions for some American firms, including Qualcomm and Intel, to provide non-5G technology licenses.

Since taking office in 2021, President Joe Biden has taken an even more aggressive stance than his predecessor, Donald Trump. Now the Biden administration appears to be heading toward a total ban on all tech exports to Huawei, said Sam Howell, who researches quantum information science at the Center for a New American Security’s Technology and National Security program.

“These new restrictions from what we understand so far would include items below the 5G level,” she told VOA. “So 4G items, Wi-Fi 6 and [Wi-Fi] 7, artificial intelligence, high performance computing and cloud capabilities as well.”

Should the Commerce Department follow through with the ban, there will likely be pushback from U.S. companies whose revenues will be directly affected, Howell said. Currently Intel and Qualcomm still sell chips used in laptops and phones manufactured by Huawei.

Undercutting the revenue of these technology companies, which reduces R&D budgets and can lead to layoffs, must be carefully balanced by clear national security gains, said Paul Triolo, senior vice president for China and technology policy lead at the business advisory firm Albright Stonebridge Group.

“In the current climate of U.S.-China relations, that balancing act is being abandoned in favor of viewing technology transactions between the U.S. and China as largely zero sum,” he told VOA.

Huawei and Beijing have denied that they are a threat to other countries’ national security. Foreign ministry spokesperson Mao Ning accused Washington of “overstretching the concept of national security and abusing state power” to suppress Chinese competitors.

“Such practices are contrary to the principles of market economy” and are “blatant technological hegemony,” Mao said.

China has in the past held back on trade retaliations on U.S. actions targeting Huawei, Triolo noted.

“Any actions China would take now targeting the foreign business community would not align with moves towards opening up after zero-COVID policies were dropped, and portraying China as now more open for business,” he said.

Outcompeting Chinese tech

The latest U.S. move on Huawei is part of a U.S. effort to outcompete China in the cutting-edge technology sector.

In October, Biden imposed sweeping restrictions on providing advanced semiconductors and chipmaking equipment to Chinese companies, seeking to maintain dominance particularly on the most advanced chips. His administration is rallying allies behind the effort, including the Netherlands, Japan, South Korea and Taiwan – home to leading companies that play key roles in the industry’s supply chain.

U.S. officials say export restrictions on chips are necessary because China can use semiconductors to advance their military systems, including weapons of mass destruction, and commit human rights abuses.

The October restrictions follow the CHIPS and Science Act of 2022, which Biden signed into law in August and that restricts companies receiving U.S. subsidies from investing in and expanding cutting-edge chipmaking facilities in China. It also provides $52 billion to strengthen the domestic semiconductor industry.

Beijing has invested heavily in its own semiconductor sector, with plans to invest $1.4 trillion in advanced technologies in a bid to achieve 70% self-sufficiency in semiconductors by 2025.

TikTok a target

TikTok, a social media application owned by the Chinese company ByteDance that has built a massive following especially among American youth, is also under U.S. lawmakers’ scrutiny due to suspicion that it could be used as a tool of Chinese foreign espionage or influence.

CEO Shou Zi Chew is scheduled to appear before the House Energy and Commerce Committee on March 23 to testify about TikTok’s “consumer privacy and data security practices, the platforms’ impact on kids, and their relationship with the Chinese Communist Party.”

Lawmakers are divided on whether to ban or allow the popular app, which has been downloaded onto about 100 million U.S. smartphones, or force its sale to an American buyer.

Earlier in January, Congress set up the House Select Committee on China, tasked with dealing with legislation to combat the dangers of a rising China.

U.S. Secretary of State Antony Blinken is meeting his Chinese counterparts next week in Beijing, the first visit by an American Secretary of State since 2018, to maintain open lines of communication amid rising U.S.-China tensions.

China has reacted angrily to reports that the United States has stopped approving licences for American companies to export most items to China’s hi-tech company Huawei, accusing the US of deliberately targeting Chinese companies under the pretext of national security.

US officials are creating a new formal policy of denial for shipping items to Huawei that would include items below the 5G level, including 4G items, wifi 6 and 7, artificial intelligence, and high-performance computing and cloud items, according to a Reuters report that quoted unnamed sources.

Another source told Reuters the move was expected to reflect the Biden administration’s tightening of policy on Huawei over the past year. Licences for 4G chips that could not be used for 5G, which might have been approved earlier, were being denied, the person said.

In November, the Biden administration banned approvals of new telecommunications equipment from Huawei and ZTE because they pose an “unacceptable risk” to US national security.

At a regular press conference in Beijing on Tuesday, the Chinese foreign ministry spokeswoman, Mao Ning, accused the United States of deliberately using an overly broad notion of national security to suppress Chinese firms.

“China strongly opposes the US’s unscrupulous and unjustified suppression of Chinese companies by stretching the concept of national security and abusing state power,” Mao said.

“Such moves violate the principle of market economy and international trade rules, dampen international confidence in the US business environment,” she told reporters.

A US commerce department spokesperson said officials “continually assess our policies and regulations” but did not comment on talks with specific companies.

Huawei and Qualcomm declined to comment. Bloomberg and the Financial Times earlier reported the move.

American officials placed Huawei on a trade blacklist in 2019 restricting most US suppliers from shipping goods and technology to the company unless they were granted licences. Officials continued to tighten the controls to cut off Huawei’s ability to buy or design the semiconductor chips that power most of its products, although licences were granted that allowed Huawei to receive some products. For example, suppliers to Huawei got licences worth $61bn to sell to the telecoms equipment giant from April through November 2021.

Huawei has faced US export restrictions around items for 5G and other technologies for several years, but the US Department of Commerce has granted licences for some American firms to sell certain goods and technologies to the company. Qualcomm in 2020 received permission to sell 4G smartphone chips to Huawei.

In December, Huawei said its overall revenue was about $91.53bn, down only slightly from 2021 when US sanctions caused its sales to fall by nearly a third.