Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime

Huawei Gets 90-Day Reprieve on Ban

U.S. Commerce Department Will Grant Some Temporary Exemptions to Component Ban
Huawei Gets 90-Day Reprieve on Ban

The U.S. Commerce Department will offer a 90-day reprieve to a handful of companies that conduct business with Huawei before the Trump administration's ban on the use of the Chinese company's technologies fully kicks in, the Wall Street Journal reports.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

The news had an almost immediate effect. Alphabet, the parent company of Google, reversed an earlier decision and announced Tuesday that it would continue to work with Huawei for now by providing services and technology, which includes access to the full version of Android, according to news media reports. On Sunday, Alphabet had announced that it would no longer share hardware, software and technical services with Huawei, except for what's available through open source licensing (see: Google Restricts Huawei's Access to Android).

Several chip makers, including Infineon, Micron Technology, Western Digital, Broadcom, STMicroelectronics and Xilin, announced earlier this week they had either stopped sharing components and other technologies with Huawei or were in the process of reviewing their options, according to news media reports. It remains to be seen whether those companies, too, will now put their plans on hold.

Last week, President Donald Trump issued an executive order giving the government the ability to ban any telecommunications equipment "that poses an undue risk of sabotage to or subversion of the design." While Huawei is not specifically mentioned in the order, the Chinese telecom giant is expected to bear the brunt of the ban (see: Trump Signs Executive Order That Could Ban Huawei).

The three-month exemption from the ban, which is schedule to run through August 19, is designed to allow Huawei's partners and customers to complete any pending deals or negotiations before the ban goes into full effect. It's also seen as a way to ease some tensions as the trade war between China and the U.S. heats up, the Journal reports.

The Commerce Department, which is leading U.S. efforts to ban Huawei gear, is expected to publish the exemption list on Wednesday.

For several months, the U.S. has been trying to get its allies to abandon Huawei and its equipment, especially in the build-out of 5G networks. The concern is that the company is too closely tied to the Chinese government and the gear would act a backdoor for that country's intelligence services. The telecom firm has always denied those allegations (see: Huawei's Role in 5G Networks: A Matter of Trust).

Global Effect

The president's executive order followed a Commerce Department memo that placed Huawei and 68 of its non-U.S. affiliates on the so-called "entity list," which prohibits them from procuring U.S. goods or services without an export license.

With so many companies involved in its international supply chain, the ban against Huawei could not only disrupt the company's operations, but those of numerous other businesses throughout the world as well. One reason for the 90-day reprieve is to get U.S. allies to abandon Huawei gear within their networks while allowing the global supply chain to continue without major disruptions for now, the Journal reports.

"The Temporary General License grants operators time to make other arrangements and the [Commerce] Department space to determine the appropriate long-term measures for Americans and foreign telecommunications providers that currently rely on Huawei equipment for critical services," Commerce Secretary Wilbur Ross said, according to the Journal.

Concerns Over Android

If the ban does take place, consumers could feel the effects of the actions against Huawei.

For example, Huawei, which is the world's second largest maker of smartphones, will likely build its own version of Android based on the available open source code and without the influence of Google and its engineers, Bill Buchanan, a computer science professor at the University of Napier in Edinburgh, Scotland, has argued on Medium.

This, in turn, could produce a host of security issues for Huawei smartphone users because they will be using a possible unsecured operating system without the benefits that come from Google's security expertise, says Priscilla Moriuchi, the director of strategic threat development at Recorded Future, a security vendor.

"Based on the patterns of behaviors demonstrated by Huawei, we believe Google pulling Huawei's Android license will result in issues and delays for Huawei users, especially should Huawei use the open source version of Android," Moriuchi notes. "In addition to the inability to use Google Play store and Google applications, many users would be forced to 'side-load' or download applications that have not been security-reviewed by Google, outside of the Play store's construct. This is a recipe for disaster; it would unquestionably decrease the integrity of those user's devices and likely result in user data theft or device compromise."

Security Concerns

Huawei's cybersecurity standards for its equipment and software have also drawn scrutiny from the U.K.'s signal intelligence agency, the National Cyber Security Center. On Tuesday, a spokesperson for the agency said in a statement that Huawei customers should continue to update their devices and other gear as normal over the next several months.

"Customers should continue to update their devices as normal, in line with existing NCSC advice," according to the statement. "Our advice will be updated if we become aware of any security concerns."

Huawei Reacts

In the past several days, Huawei CEO Ren Zhengfei has sounded a defiant tone in interviews with media outlets.

He told the Chinese state broadcaster CCTV that the U.S. ban is "not a very big deal" and that the company has been stockpiling components from its suppliers, according to the Journal.


About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the GovInfoSecurity.com media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.