National Cyber Security Centre
Advice for users of Huawei enterprise equipment
This guide explains implications of US action against Huawei, its US suppliers and affiliates.
It also recommends actions which UK organisations, with Huawei products in use, can take to prepare for and mitigate resulting security concerns, particularly if the current licensing regime is not renewed.
On Wednesday 15 May 2019, the United States of America’s Commerce Department placed Huawei and 70 affiliates on its “Entity List”. This meant that suppliers who normally supply Huawei with US products (including software updates and other technology) were no longer able to do so without a licence from the US Government.
On Monday 20 May 2019, the US Commerce Department issued a temporary general licence (TGL) restoring suppliers’ ability to provide Huawei with what it needs to maintain some existing products.
The NCSC understands that the TGL allows companies (at their discretion) to provide support and services to equipment that was made available to the public before 16 May 2019. The TGL is currently set to expire on 19 August 2019. If it is not extended or replaced, Huawei’s suppliers may be unable to provide future support unless they are granted individual licences from the US government enabling them to do so.
For customers of Huawei enterprise equipment, this could hamper the ability to obtain new or replacement hardware and receive software updates, including security updates for existing products. This will apply to devices such as routers, switches, wireless access points and compute/storage appliances. Managed services and support contracts are also likely to be impacted.
What should Huawei enterprise IT customers do?
Customers with Huawei equipment currently deployed should continue to use it as normal.
In the short term, it is unlikely that any issues will be encountered obtaining spares and updates. As such, there is currently no need to replace otherwise operational infrastructure.
If equipment that is deployed has not been updated for some time, ensure that current available updates are applied. This will minimise disruption in the event that these updates become unavailable in the future.
You should also seek to understand the extent of your use of this equipment, and ensure you have plans in place should it become unsupportable. This includes how issues arising would be dealt with in your environment. For example, security vulnerabilities that cannot be patched.
If you are currently undergoing a procurement exercise ensure that the potential unavailability of support is taken into account when making decisions on the intended lifetime of equipment, as you usually would.
The NCSC continues to assess the situation and will provide further advice for Huawei customers as appropriate.
Latest News from
National Cyber Security Centre
Foreign Secretary condemns Russia's GRU after NCSC assessment of Georgian cyber attacks21/02/2020 16:15:00
The UK, Georgia and international partners have today exposed the GRU’s responsibility for a number of significant cyber attacks against Georgia last year.
UK condemns Russia's GRU over Georgia cyber-attacks21/02/2020 11:17:00
Foreign Secretary Dominic Raab calls out Russian campaign of unacceptable cyber-attacks against Georgia.
NCSC supports Northern Ireland’s push to strengthen cyber security capabilities19/02/2020 12:05:00
The Northern Ireland Cyber Security Centre is open and will work closely with the NCSC going forward.
Girlguiding take on cyber security challenges19/02/2020 10:15:00
The NCSC partners with Girlguiding South West England, as part of the drive to increase female representation in cyber security.
Advisory: Trickbot17/02/2020 10:10:00
How organisations can protect their networks from the ‘Trickbot’ banking trojan.
Schoolgirls across the UK show their cyber skills12/02/2020 16:15:00
Hundreds demonstrated their cyber security know-how during the co-ordinated series of competitions across the UK.
Development days open for CyberFirst Girls12/02/2020 10:43:00
Girls that entered the 2019 and 2020 CyberFirst Girls Competitions are now eligible to attend free Development Days across the UK.
CyberFirst Girls Competition – regional finals this Saturday07/02/2020 15:43:00
Across 18 UK venues, schoolgirls will be taking part in the Girls Competition semi-finals this weekend.