Huawei Users At Risk As U.S. Blacklist Cuts Access To Shared Data On New Cyber Threats
Somewhat ironically, Huawei—under heavy fire from the U.S. government over alleged information security issues, has been (temporarily) suspended from the quietly competent global trade body responsible for promoting cross-industry information security. As a result, Huawei will be (officially) excluded from shared information on new threats to security platforms and technologies, theoretically slowing down its ability to address or patch those issues for its own products.
Membership of the Forum of Incident Response and Security Teams (FIRST) has its privileges. Its members, or teams as the cybersecurity trade body calls them, reads like a who’s who of the technology and telecoms industries. With those teams accessing shared cybersecurity incident reports, response support, access to best practice tools and techniques, and regular participation in global discussion groups dedicated to promoting improvements to information security.
FIRST also brings industry representatives together with government agencies —including experts from the U.S. Department of Homeland Security and the U.K.’s GCHQ spy agency.
As reported by the Wall Street Journal, Huawei’s suspension followed “legal advice provided to the group” given after the U.S. temporarily extended and significantly expanded the U.S. blacklist restricting Huawei’s access to U.S. suppliers and technology.
The WSJ reports that the suspension “effectively freezes Huawei out of discussions… over matters such as software glitches, that could slow the company’s ability to patch or fix holes in its own systems.” Huawei will also lose access to Special Interest Groups sharing information on vulnerabilities and “an automated platform for sharing information on malware.”
FIRST’s members were informed by email that the safety-first measure was being taken given some of the U.S. sourced technical information shared between members. But that FIRST was working with U.S. officials to seek clarity. This has echoes of similar action taken (and later reversed) by the trade and standardization bodies for Bluetooth, WiFi and even SD memory cards.
The WSJ cited a FIRST spokesperson explaining that the measure had been taken “after extensive consultation and review,” with the forum “regretting ending up in a position where we had to suspend Huawei’s membership.”
Huawei has not commented, but has pointed to its recent allegations that the U.S. will stop at nothing to disrupt its business operations, claiming a relentless campaign that has, it says, included cyberattacks, harassment and spurious legal action.
In a public statement earlier this month, Huawei claimed that the U.S. government and its law enforcement agencies had “threatened, coerced and enticed” the company’s existing and former employees, even resorting to “cyberattacks to infiltrate Huawei’s intranet and internal information systems.”
It is almost certain that Huawei will be reinstated to FIRST in fairly short order—there is no advantage in exposing millions of consumers around the world to technology risk simply to make a point. With nearly 500 members in almost 100 countries, FIRST is not a secretive operation. There is no value in delaying the delivery of security warnings and support to China’s largest telecoms equipment manufacturer.
In the meantime, though, the irony still resonates. And the impact on Huawei’s participation in the global technology ecosystem yet again points towards a separation with the U.S. grip on global technical standards and controls being loosened.