The international debate over whether Huawei (and its corporate kid brother ZTE) represents a security threat to 5G networks continues. The dispute has grown particularly pointed in Germany, where, the Washington Post reports, differences threaten to split Chancellor Merkel's ruling coalition. Those attracted by Huawei's low initial costs and the ready availability of the company's good-enough kit are wont, as iTnews says the head of French telecoms giant Orange has done, to dismiss security concerns as so much nonsense. It's not playing that way in the Five Eyes, with the US and Australia taking a particularly hard line toward the Chinese hardware manufacturer. Meritalk describes how funding for a "rip and replace" measure designed to purge Huawei gear from US networks passed the House of Representatives this week, and in general Congress has grown less sanguine, the Washington Post notes, about the possibility of negotiating good security behavior with Beijing.
The US Congress is also taking a tougher line with Russia, inspired largely by concerns over Moscow's evident disposition to interfere in elections. The Senate Foreign Relations Committee passed a bill on to the chamber as a whole that would impose stiff sanctions against Russia. Reuters says that one of the bill's sponsors calls the measure the sanctions "from Hell."
The Cybersecurity and Infrastructure Security Agency's task force on supply chain security has established a working group to address the next phase of its work. That will concentrate on developing "attestation frameworks around various aspects of supply chain risk management best practices." The task force's focus areas are supplier risk, product lifecycle management, business process controls, physical security, data security, and product cybersecurity.