Chinese Peril

Chinese-made Metro car could spy on us
By Robert McCartney and Faiz Siddiqui

Metro tests out its 7000-series subway cars in 2014 at the Shady Grove station in Maryland. 

The warnings sound like the plot of a Hollywood spy thriller: The Chinese hide malware in a Metro rail car’s security camera system that allows surveillance of Pentagon or White House officials as they ride the Blue Line — sending images back to Beijing.
And sensors on the train secretly record the officials’ conversations. 

Or a flaw in the software that controls the train — inserted during the manufacturing process — allows it to be hacked by Chinese agents and terrorists to cause a crash.
Congress, the Pentagon and industry experts have taken the warnings seriously, and now Metro will do the same. 

The transit agency recently decided to add cybersecurity safeguards to specifications for a contract it will award later this year for its next-generation rail cars following warnings that China’s state-owned rail car manufacturer could win the deal by undercutting other bidders.
Metro’s move to modify its bid specifications after they had been issued comes amid China’s push to dominate the multibillion-dollar U.S. transit rail car market. 

The state-owned China Railway Rolling Stock Corp., or CRRC, has used bargain prices to win four of five large U.S. transit rail car contracts awarded since 2014. 

The company is expected to be a strong contender for a Metro contract likely to exceed $1 billion for between 256 and 800 of the agency’s newest series of rail cars.
CRRC’s success has raised concerns about national security and China’s growing footprint in the U.S. industrial supply chain and infrastructure.
“This is part of a larger conversation about this country and China, and domination of industries,” said Robert J. Puentes, president of the Eno Center for Transportation. 

“We don’t want to get trapped into a xenophobic conversation . . . but we also don’t want to be naive.”
No U.S. company makes subway cars, so China competes in that market against companies from Asia, Europe and Canada. 

But U.S. companies build freight rail cars, such as boxcars and tank cars, and they fear China will target them next.
That could cost U.S. manufacturing jobs. 

It also could increase the risk of a cyberattack that cripples domestic rail transportation in a military confrontation or other national emergency.
“China’s attack on our rail system is insidious and ingenious,” retired Army Brig. Gen. John Adams wrote in an October report distributed by the Rail Security Alliance, a U.S. industry group. “We must retain the know-how and technology to . . . safeguard against disruption of this strategically vital sector of our economy.”
China makes no secret of its desire to dominate the global rail car industry. 

Its “Made in China 2025” economic strategy proposes to seek competitive advantage in that sector, among others.
Both the U.S. Senate and House have sought to block further Chinese penetration of the transit vehicle market. 

Each chamber has inserted language in annual transportation appropriations bills to impose a one-year ban on new purchases of mass transit rail cars or buses from Chinese-owned companies if the procurement uses federal funding. 

The ban is not yet law, as final action has been put off until this year.
Sen. John Cornyn (R-Tex.) sponsored the Senate ban. 

His spokeswoman said it reflected his “concern over China’s market distorting practices and their whole government effort to dominate industries sensitive to our national security.” 

Texas is home to Trinity Industries, a leading U.S. rail car company.
A ban on purchases from China could penalize financially pressed transit systems such as Metro, which may want to take advantage of CRRC’s low prices. 

The Chinese company is able to underbid competitors because of state subsidies. 

CRRC did not respond to emails requesting comment.
Rep. Gerald E. Connolly (D-Va.) said Metro should be willing to pay extra if necessary.
“Saving a buck isn’t worth compromising security in the nation’s capital,” Connolly said. 

“If there are valid security concerns about sourcing rail cars from a Chinese state-owned company, then find another option.”

New requirement
In picking the winner of the contract, Metro is legally required to follow guidelines it set in a lengthy request for proposals, or RFP, which it issued in September and will now revise to include the cybersecurity safeguards. 

The changes are expected to require the winning bidder get its hardware and software certified as safe by a third-party vendor cleared by the federal government.
“We are working on amended language right now that will require certain security assurances,” said Kyle Malo, Metro’s chief information security officer. 

He declined to single out China as a threat but noted, “There are countries that are far more aggressive with cyberattacks than others.”
Bids for the Metro contract are due April 4. 

The original deadline, in late January, was extended because Metro received more than 300 questions from potential bidders.
Metro decided to revise the RFP after questions were raised by board member David Horner, who represents the federal government and is a former U.S. deputy assistant secretary of transportation.
“My concern is that state-sponsored enterprises can serve as platforms for conducting cyberespionage against the United States,” Horner said. 

“These risks are today not widely understood, but their significance is becoming apparent very quickly.”
Horner’s concerns were reinforced in a Nov. 16 online article by Andrew Grotto, a former senior director for cybersecurity policy on the National Security Council. 

It warned that Metro’s RFP did not allow the transit agency to reject a bid because of cybersecurity worries.
“The risk of espionage is uniquely high in our nation’s capital,” Grotto, now a fellow at Stanford University’s Center for International Security and Cooperation, said in an email. 

“Malware could divert data collected from the high definition security cameras. An adversary with that data could then use facial recognition algorithms to track riders, potentially right down to the commuting patterns of individual riders.”
The Pentagon also is concerned China could use infrastructure such as rail cars for spying. 

It pointed to recent U.S. charges of the massive, Beijing-backed hacking of business secrets as evidence of the country’s bad practices.
“As illustrated by the Dec. 20 Department of Justice indictment against the Chinese Ministry of State Security, the Chinese Communist Party’s use of predatory economic practices like illegal state-sponsored cybertheft reinforce concerns about Chinese companies playing a role in critical infrastructure — whether it be rail cars or 5G telecommunications networks,” said Air Force Lt. Col. Mike Andrews, a Defense Department spokesman.
China has previously been accused of embedding spying technology in its products. 

In May, the Pentagon directed service members on military bases to stop using phones made by the Chinese companies ZTE and Huawei because of security risks. 

In 2017, the Department of Homeland Security found that Chinese made security cameras had a “back door” loophole that left them vulnerable to hackers. 

The Wall Street Journal reported that that Chinese company’s cameras have been used at a U.S. Army base in Missouri and the U.S. embassy in Afghanistan.

City contracts
CRRC’s first big success in the U.S. subway market came in 2014, when it won a contract to build rail cars for the Boston transit authority. 

In 2016, it landed deals with systems in Chicago, Los Angeles and Philadelphia.
Agencies said CRRC had the most competitive bids — sometimes besting competitors by hundreds of millions of dollars. 

Since then, officials in some cities have complained their rail car costs may rise because of a 25 percent tariff on Chinese-made rail car components imposed by the Trump administration as part of its trade conflict with Beijing. 

Such tariffs could be removed if current U.S.-Chinese trade talks are successful.
The four transit systems said they have taken significant steps to ensure their rail cars are not outfitted with spyware or other suspicious technology. 

Critics questioned whether the safeguards were adequate.
Brian Steele, a spokesman for the Chicago Transit Authority, said the agency received bids from CRRC and Canada-based Bombardier for the construction of 846 rail cars in 2016, along with a $40 million final-assembly facility in Chicago creating 170 jobs.
“The biggest difference in the two proposals was cost,” Steele said. 

He said CRRC’s $1.3 billion bid was $226 million lower than Bombardier’s offer, a difference equivalent to 146 more rail cars.
Steele said none of the rail cars’ computer or software components will be made by a Chinese firm. He said U.S. and Canadian companies are supplying the car’s Ethernet and router components, while the “automatic train control” system will be supplied by a Pennsylvania firm.
The Massachusetts Bay Transportation Authority has awarded more than $840 million for the construction of 404 new subway cars at CRRC’s manufacturing plant in Springfield, Mass. 

That plant, a $95 million facility, comes with 150 jobs, according to media reports. 

CRRC won the initial award with a $567 million bid, which was $154 million lower than the nearest competitor, according to an Eno report.
An MBTA spokesman said none of the new vehicles’ software components are being produced in China.
“The MBTA has robust controls in place to maintain the security of the system,” spokesman Joe Pesaturo said in an email.
Pesaturo said MBTA’s design process for new rail cars includes a cybersecurity analysis based on a U.S. Department of Defense military system safety standard.
Grotto, the former National Security Council official, said the security measures described by the transit agencies were “appropriate” but expressed concern about how they would be implemented.
“Who is responsible and held accountable for seeing these results through? How will monitoring and auditing work?” Grotto said.
Erik Olson, vice president of the Rail Security Alliance, called the assurances “overly simplistic and naive.”
“Do we really want our municipal transit agencies to take these kinds of cyber-risks, knowing that China has deployed some of the most advanced facial recognition technology, has been responsible for hacks into our critical infrastructure, and has laid out a plan to decimate many of our industries by 2025?” Olson said in an email.

China pencil-tip spy chip's ultimate market risk: The profits built on big tech's low-cost global supply chain

• China slipped pencil tip–size spy chips into computer hardware made by an Amazon and Apple supplier, Super Micro, which itself relied on subcontractors in China.
• The biggest U.S. tech companies have led the stock market based on profit models that rely on manufacturing of components in China.
• Famed hedge fund manager David Einhorn said he sold all of his Apple stock on fears of more Chinese retaliation to the trade war.

By Edward McKinley

A report on Thursday that the Chinese government snuck a pencil tip–size spy chip into equipment from an Amazon and Apple component supplier called Super Micro was explosive, but experts say it isn't surprising: U.S. technology CEOs have been concerned about the risk of Chinese cyberespionage for years.
Bloomberg reported that the tiny pieces in American products were manufactured in China and then brought back to the United States, allowing the Chinese government to access secret information from major American tech corporations.
Apple, Amazon, Super Micro and the Chinese government each categorically denied the allegations in the Bloomberg story, but experts say the headline may influence an already tense trade war between the United States and China, at a time when President Donald Trump is broadening a definition of national security to stress the importance of domestic manufacturing.

Visitors walking past stands, including the Super Micro booth, during the Computex Taipei 2014 expo in Taiwan, June 3, 2014.

"It's just another chapter in the book of cybersecurity worries that have come from China," said Dan Ives, managing director of equity research for Wedbush Securities. 

"And I think it keeps a lot of U.S. tech CEOs up at night."
The risks to U.S. tech companies from Chinese cyberespionage have accelerated. 

Tech companies from both countries have been pitted against one another, as an enormous amount of American technology is produced in China due to the cheap costs, Ives said, and competition over who will cash in on the technology of tomorrow — in particular, artificial intelligence — is extremely fierce. 

Security concerns are virtually promised to be an issue for many years to come.
Tom Kellermann, chief cybersecurity officer of the security firm Carbon Black and the former commissioner of Barack Obama's cybersecurity council, told NBC News on Thursday that the Bloomberg article is a small example of China's larger efforts to spy on and disrupt U.S. businesses.
Kellermann said his firm has tracked a threefold increase in destructive cyberattacks coming from China, pushing it past Russia over the summer to be the most active adversary targeting U.S. companies.
Apple, the most profitable company in the world and the first to reach a $1 trillion market cap, like many technology companies has built its business model around a complex global supply chain that includes Chinese manufacturers.
"Look, this is a game of high-stakes poker between the U.S. and China, and this is just another card that's been dealt in this game," Ives said. 

"Wall Street believes the story has credibility, and it has fanned the flames of worry around China hacking the U.S. tech giants, which have a clear bulls-eye on their back, given this threat environment."

"This is a tough situation, because big corporations are never going to admit it. It would be more surprising if the Chinese didn't try to do something like this than if they did."

Derek Scissors, resident scholar and China expert, American Enterprise Institute.

'A tough situation'
China and the United States have competed for years economically, and China is expected to pass the United States in GDP in the coming years to become the world's largest economy. 

An escalating trade war is being fought between the two countries as President Trump wants to eliminate America's trade deficit. 

Further fueling the feud is a deep divide between how China and the United States think about the relationships between government, national security and economic security, said Derek Scissors, resident scholar and China expert at the conservative think tank American Enterprise Institute.
Scissors said he couldn't vouch for the specific details in the Bloomberg report, but it is consistent with the general concerns he has been hearing about for some time. 

"This is a tough situation, because big corporations are never going to admit it," he said, adding, 

"It would be more surprising if the Chinese didn't try to do something like this than if they did."
The American Enterprise Institute China expert said he spoke with administration officials in November 2016 during discussions about the start of an investigation of China's policies for tech transfer and intellectual property, called a Section 301 investigation, and attendees specifically brought up the threat of China using the supply chain to steal trade secrets from American tech companies or importers. 

Chinese trade-secret theft is not new, he said, but the methods outlined in the Bloomberg piece are, though it makes sense, as Chinese methods are growing more complex over time.
"The fundamental clash here between the U.S. and China comes from the fact that China is not a market economy," Scissors said.
The United States draws a sharp distinction between government and business interests, and its people are often deeply skeptical of Uncle Sam interfering with corporations. 

Historically, Scissors said, the United States has looked at national and economic security as separate domains, and there's no incentive or even mechanism by which the government would take action to help American businesses or hurt foreign competitors.
"We've always thought if you're spying on their government or their military, that's normal, but spying on their companies — oh, that's cheating," Scissors said.
For China, on the other hand, anything goes.
"Their government works hand in hand with their companies all the time," he said. 

"That's absolutely standard practice in China, and it would be bizarre if they didn't do that."

Specific examples of China spying on U.S. companies rarely become public knowledge, because corporations are worried if they acknowledge them, it will hurt their stock prices, Scissors said, adding that even so, this kind of thing happens regularly.
Shares of Super Micro, which has been trading as an over-the-counter stock since it was delisted in late August for failing to file financial reports, were down by close to 50 percent on Thursday. 

Apple and Amazon were both down sharply on Thursday, though their losses came amid a broad U.S. tech sector sell-off of around 2 percent, and higher Treasury yields were cited as a reason for a risk-off day in the stock market. 

J.P. Morgan released a report predicting a full-on trade war between the U.S. and China was its base-case scenario for 2019, though it predicted dire consequences for China's stock market.
Tech stocks continued to lead stock losses on Friday in another down day for the markets as rates ticked up again. 

Famed hedge fund manager David Einhorn said on Friday that he'd sold all of his Apple stock based on fears China would retaliate more against U.S. as a result of the trade war.
Because of the ties between Chinese government and the country's businesses, the world's most populous country sees no difference between what's good for Chinese businesses and what's in the interest of Chinese national security, Scissors said. 

China sets out to damage foreign corporations not because they're American, but just because they're competing against Chinese companies. 

Using the military or intelligence services to spy on private companies is totally acceptable in their view. 

Furthermore, many Chinese people are deeply suspicious of the United States and think imported American products already spy on them, so many see it as just desserts.
America's longstanding norms of separation seem to be thawing, as the Trump administration is inching toward China's approach by slapping tariffs on foreign steel and cars saying it is in America's national security interest.

Either way, the U.S. is still nowhere close to China's total singularity of the two domains, he added.
Within the past two years, the Trump administration also has been preceding on several fronts specifically to protect against Chinese technology threats, with multiple investigations about Chinese intellectual property abuses through the Committee on Foreign Investment in the U.S., known as CFIUS, and at the highest levels of U.S. government, warnings have been issued to American consumers about buying smartphones from two of China's largest cell phone makers, ZTE and Huawei.
The threat that ZTE, viewed by some skeptics as an arm of the Chinese government, could build key future telecom infrastructure in the U.S. has been a concern for years. 

ZTE was on the verge of bankruptcy earlier this year based on U.S. policy moves to bar it from the market, until Trump personally stepped in to alleviate some pressure. 

The Trump administration blocked a merger between Broadcom and Qualcomm, citing national security and the companies' role in the rollout of key 5G telecom technology.
"So yes. We have taken a step in China's direction, and people complain about that both here and around the world, but there's a giant gap remaining," Scissors said. 

"The CIA and military are absolutely not going to take action to spy on Chinese companies for the sake of American companies. But the Chinese absolutely are."

How the US will respond
Experts expect responses to come from two levels: the government in the short run and businesses in the long run.
For the government, "This is a ready-made excuse on a platter to say, 'We need to do X' because look at the terrible things the Chinese are doing," Scissors said. 

"If the president gets angry, we could have more tariffs tomorrow, but I don't think we'll see that before the midterms."
"The thing is, you're running out of space to hurt the Chinese economically without hurting the U.S., too. You can hurt the Chinese more, but the thing is people don't vote on that. They don't say, 'Well, he hurt me economically but he hurt the Chinese more,'" Scissors said.
On Thursday night Vice President Mike Pence delivered a highly critical speech about China and its efforts to undermine President Trump, which immediately led to recriminations from Chinese officials.
There are two non-tariff steps that Scissor thinks are likely instead. 

The first addresses the problem externally by imposing export controls on American businesses that work in China, which is a "very obvious response to this event," while the second works domestically.
"There will be people who want to throw a lot of Chinese workers and students out of the country. I'm not saying that's going to happen, I'm definitely not saying it's a good thing, but there's people in the administration that want to do that, and I think this just made it more likely."
Besides government action, Ives said, tech companies are also likely to take action to protect themselves.
The cost of manufacturing in China is so much less than in the United States that companies are forced to deal with the risk of espionage, Ives said, but as the cyber risk grows, it may change the calculus.
"The whole food chain is built on that premise, and that's what makes it so much more complex than moving a facility from Beijing to Middle America," Ives said. 

"In the near term that's almost an impossibility that it would shift, but over the medium term you'll actually see more manufacturing in the U.S. as a result of a concerted effort," Ives said.
As the cyberespionage fight heats up and President Trump's trade war looks likely to increase, there seems to be no doubt that the world's two largest economies have more conflict to come.
"If you look at U.S. and China tech and then throw 5G in it — look, it's going to be like an MMA battle in the coming years," Ives said.

Rogue Company

U.S. Probing Huawei for Iran Sanctions Violations
BY KAREN FREIFELD and Eric Auchard

Beijing's eyes and ears

NEW YORK/LONDON -- U.S. prosecutors in New York have been investigating whether Chinese tech company Huawei violated U.S. sanctions in relation to Iran, according to sources familiar with the situation.
Since at least 2016, U.S. authorities have been probing Huawei's alleged shipping of U.S.-origin products to Iran and other countries in violation of U.S. export and sanctions laws, two of the sources said.
News of the Justice Department probe follows a series of U.S. actions aimed at stopping or reducing access by Huawei and Chinese smartphone maker ZTE Corp to the U.S. economy amid allegations the companies could be using their technology to spy on Americans.
The Justice Department probe is being run out of the U.S. attorney's office in Brooklyn, the sources said. 

John Marzulli, a spokesman for the prosecutor's office, would neither confirm nor deny the existence of the investigation. 

The probe was first reported by the Wall Street Journal on Wednesday.
The probe of Huawei is similar to one that China's ZTE Corp says is now threatening its survival. 

The United States last week banned American firms from selling parts and software to ZTE for seven years. 

Washington accused ZTE of violating an agreement on punishing employees after the company illegally shipped U.S. goods to Iran.
ZTE, which sells smartphones in the United States, paid $890 million in fines and penalties, with an additional penalty of $300 million that could be imposed.
U.S. authorities have subpoenaed Huawei seeking information related to export and sanctions violations, two sources said. 

The New York Times last April reported the U.S. Treasury's Office of Foreign Assets Control subpoena, issued in December 2016, following a Commerce Department subpoena that summer.
Both companies also have been under scrutiny by U.S. lawmakers over cybersecurity concerns.
In February, Senator Richard Burr, the Republican chairman of the U.S. Senate Intelligence Committee, cited concerns about the spread of Chinese technologies in the United States, which he called "counterintelligence and information security risks that come prepackaged with the goods and services of certain overseas vendors."
Huawei and ZTE have denied these allegations.
Republican Senators Marco Rubio and Tom Cotton have introduced legislation that would block the U.S. government from buying or leasing telecommunications equipment from Huawei or ZTE, citing concern that the Chinese companies would use their access to spy on U.S. officials.
In 2016, the Commerce Department made documents public that showed ZTE's misconduct and also revealed how a second company, identified only as F7, had successfully evaded U.S. export controls.
In a 2016 letter to the Commerce Department, 10 U.S. lawmakers said F7 was believed to be Huawei, citing media reports.
In April 2017, lawmakers sent another letter to Commerce Secretary Wilbur Ross asking for F7 to be publicly identified and fully investigated.
The U.S. government’s investigation into sanctions violations by ZTE followed reports by Reuters https://reut.rs/2H3p0Vl in 2012 that the company had signed contracts to ship millions of dollars’ worth of hardware and software from some of the best known U.S. technology companies to Iran’s largest telecoms carrier.
Reuters also previously reported on suspicious activity related to Huawei. 

In January 2013, Reuters reported https://www.reuters.com/article/uk-huawei-skycom/exclusive-huawei-cfo-linked-to-firm-that-offered-hp-gear-to-iran-idUKBRE90U0CA20130131 that a Hong Kong-based firm that attempted to sell embargoed Hewlett-Packard computer equipment to Iran's largest mobile-phone operator has much closer ties to China's Huawei Technologies than was previously known.

Tweeter-in-chief ready to confront China's 'great firewall'

Associated Press

President Donald Trump, left, leaves a joint news conference with South Korean President Moon Jae-in, right, at the Blue House in Seoul, South Korea, Tuesday, Nov. 7, 2017. President Trump began his two-day Korean peninsula visit Tuesday walking amid weapons of war but voicing optimism for peace. Trump is on a five country trip through Asia traveling to Japan, South Korea, China, Vietnam and the Philippines.

WASHINGTON -- America's tweeter-in-chief is set to face off bit-to-bit against China's "great firewall."
President Donald Trump's arrival in Beijing on Wednesday will serve as a test of reach for his preferred 140-character communications tool.
The White House is declining to comment on the president's ability to tweet in China or the precautions being taken to protect his communications in the heavily monitored state. 

It's about more than cybersecurity. 

Knowing the president's penchant for showmanship, some aides are trying to build up social media suspense before Air Force One is wheels-down in Beijing.
Spoiler alert: The American president will get his way. 

Multiple officials familiar with the procedures in place but unauthorized to discuss them publicly said the president will, in fact, be able to tweet in China.
Twitter is blocked for domestic users in China, but foreigners have had success accessing the social media service while using data roaming services that connect to their home cellular networks.
For an American president, it's not that straightforward. 

Securing the president's communications — and tweets — in China requires satellites, sophisticated electronics and the work of hundreds on multiple continents.
Trump, like his predecessor, has a secure cell phone, though he uses it more for tweeting than phone calls. 

He's sent at least two dozen tweets in the first four days of his trip to Asia. 

Developed in collaboration between the National Security Agency and Secret Service, it has some regular functionality disabled to protect from hacking. 

But China poses a distinct challenge: Merely turning it on there is a security risk, as China's cellular network is entirely compromised by its security services.
Several former administration officials said they did not recall whether President Barack Obama brought his cell phone to China. 

The White House declined to say whether Trump would be bringing his phone on the trip, but tweets sent by him since he's departed Washington are marked as being sent from an iPhone.
Chinese officials appeared to recognize the importance of the medium to their guest. 

Asked whether Trump would be able to tweet from Beijing, Chinese Vice Foreign Minister Zheng Zeguang told reporters on Friday: "We take everything into account on receiving foreign heads of state so you should have no reservations about Mr. President's ability to keep in touch with the outside."
But officials said it would hardly be up to China, as it would be inconceivable for Trump's device to ever reach a Chinese network.
The White House maintains an ever-updating set of policies and regulations for overseas travel. According to current and former White House staffers, officials are issued new devices specifically for foreign trips. 

Their phone numbers and emails are forwarded to the new devices for the duration of the overseas stint, then shifted back to their stateside devices once they return. 

The phones used on the trip are returned to the White House IT office for inspection.
In the event the trip is to a high-risk cyber-espionage location, such as China, Israel or Cuba, aides are given extensive briefings on cybersecurity. 

Among the precautions: Aides are strongly discouraged from turning on their devices in the offending country.
Former White House press secretary Josh Earnest recalled that security protocols changed frequently during the Obama administration, but that aides were encouraged to leave their personal devices on Air Force One.
"While in the country, we were encouraged to bring everything with us whenever we left the room, even for short periods" such as a gym visit, Earnest said. "And, we were told never to use hotel provided Wi-Fi."
But, Earnest added, it "seems reasonable that these safeguards are easy to put in place for Trump's phone."
The White House Communications Agency, a 1,200-person military command, is responsible for the president's global communications needs. 

The primary role is to maintain communications for critical defense purposes, like emergency communications with military commanders. 

In every presidential motorcade, for instance, an armored SUV codenamed Road Runner provides for a connection to an array of military and Secret Service communications networks. 

Abroad, it also enables mundane presidential traffic, like tweets.
On a trip, the WHCA, along with the White House situation room staff, maintains a secure communications suite at the presidential hotel for use by presidential staff. 

It includes both secure and unsecured phones, as well as access to the White House Wi-Fi network. 

It is swept routinely for spying devices and guarded 24/7. 

Overseas, "we'd have to be extra vigilant about confining classified — and even personal — discussions to this suite," recalled Ned Price, a former CIA analyst who worked as a spokesman for Obama's National Security Council.