Wednesday 14 Aug 2019 @ 13:05
National Cyber Security Centre
Printable version

Advice for users of Huawei enterprise equipment

This guide explains implications of US action against Huawei, its US suppliers and affiliates.

It also recommends actions which UK organisations, with Huawei products in use, can take to prepare for and mitigate resulting security concerns, particularly if the current licensing regime is not renewed.

Introduction

On Wednesday 15 May 2019, the United States of America’s Commerce Department placed Huawei and 70 affiliates on its “Entity List”.  This meant that suppliers who normally supply Huawei with US products (including software updates and other technology) were no longer able to do so without a licence from the US Government. 

On Monday 20 May 2019, the US Commerce Department issued a temporary general licence (TGL) restoring suppliers’ ability to provide Huawei with what it needs to maintain some existing products.

The NCSC understands that the TGL allows companies (at their discretion) to provide support and services to equipment that was made available to the public before 16 May 2019. The TGL is currently set to expire on 19 August 2019. If it is not extended or replaced, Huawei’s suppliers may be unable to provide future support unless they are granted individual licences from the US government enabling them to do so.

For customers of Huawei enterprise equipment, this could hamper the ability to obtain new or replacement hardware and receive software updates, including security updates for existing products. This will apply to devices such as routers, switches, wireless access points and compute/storage appliances. Managed services and support contracts are also likely to be impacted.

What should Huawei enterprise IT customers do?

Customers with Huawei equipment currently deployed should continue to use it as normal.

In the short term, it is unlikely that any issues will be encountered obtaining spares and updates. As such, there is currently no need to replace otherwise operational infrastructure.

If equipment that is deployed has not been updated for some time, ensure that current available updates are applied. This will minimise disruption in the event that these updates become unavailable in the future.

You should also seek to understand the extent of your use of this equipment, and ensure you have plans in place should it become unsupportable. This includes how issues arising would be dealt with in your environment. For example, security vulnerabilities that cannot be patched.

If you are currently undergoing a procurement exercise ensure that the potential unavailability of support is taken into account when making decisions on the intended lifetime of equipment, as you usually would.

The NCSC continues to assess the situation and will provide further advice for Huawei customers as appropriate.

Channel website: https://www.ncsc.gov.uk/

Original article link: https://www.ncsc.gov.uk/news/advice-for-users-of-huawei-enterprise-equipment

Share this article

Latest News from
National Cyber Security Centre

UK girls triumph in national cyber skills contest

05/12/2024 10:10:00

Teams of girls from schools across the UK have been crowned cyber security champions

Risk facing UK "widely underestimated", cyber chief to warn in first major speech

03/12/2024 18:14:10

Richard Horne described the cyber risks facing the nation as “widely underestimated” and call for collective action against an increasingly complex array of threats.

UK and allies warn about shift in cyber attackers exploiting zero-day vulnerabilities

14/11/2024 11:05:00

NCSC and international partners share top 15 vulnerabilities that were routinely exploited by cyber attackers last year.

The 4th Republic of Korea-UK Cyber Dialogue held in London

08/11/2024 15:18:00

The 4th Republic of Korea (ROK)-United Kingdom (UK) Cyber Dialogue was held in London on 6 November 2024.

Cyber Essentials scheme marks a decade of boosting businesses’ cyber defences

28/10/2024 16:05:00

Following the 10 successful years of the Cyber Essentials scheme, more businesses urged to strengthen cyber security protections

Exploitation of vulnerability affecting Fortinet FortiManager

25/10/2024 09:20:00

The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability affecting Fortinet FortiManager (CVE-2024-47575) and to follow the latest vendor advice.

NCSC warns of widening gap between cyber threats and defence capabilities

17/10/2024 09:05:00

Dr Richard Horne, CEO NCSC calls for greater global resilience against online security threats at Singapore International Cyber Week.

All UK schools offered free cyber service to protect against online threats

16/10/2024 16:15:00

Following the successful initial roll out of PDNS for Schools last year, all schools in the UK can now benefit from the enhanced cyber resilience service.

Team of British women to take part in international cyber event in Japan

08/10/2024 16:20:00

Being announced on Ada Lovelace Day, a team of CyberFirst Bursary alumni will be representing the UK at the inaugural Kunoichi Cyber Games taking place at the Code Blue cyber security conference in Tokyo.