Huawei’s membership to the Forum of Incident Response and Security Teams (FIRST) has been suspended. The tech giant has been denied its participation in the forum, whose goal is to serve as a first responder to cyber-attacks and security breaches, providing information and advice on how to counter and prevent these type of situations.
This means that the company no longer has access to the information provided by this entity, which could jeopardise its capacity to patch and fix security holes in its own devices, which heavily depend on monthly firmware updates to keep its security up to date.
FIRST is composed of several multinational companies and cybersecurity organisations, among which is the National Cyber Security Centre of the UK.
The suspension also means that the company has lost access to a platform for quickly sharing information on malware.
It isn’t clear yet the reason behind the decision, all we know so far is that the legal team behind the forum advised for the suspension of Huawei be suspended in light of the recent changes concerning U.S export rules.
However, the suspension is a temporary measure and the board is in talks with U.S officials to restore Huawei’s participation in the forum.
FIRST said in a statement:
At FIRST we strongly believe that in order to build a global cybersecurity incident response community, from which every company or user participating in the Internet can benefit, we should all work to limit the impact of sanctions or export regulations on incident responders. This includes being a forum where technology corporations such as Huawei, have the ability to participate the same as others.
The reliability and security of today’s internet is rooted in security professionals around the world, and across industries and companies, cooperating across borders and even between competitors on a daily basis to mitigate the impact of security incidents. When regulation directly affects this ability to cooperate, the stability and security of the Internet can be placed at risk. Key cooperative processes such as the sale of medicine, intellectual property rights protection, search and rescue, and many others, are often explicitly permitted through explicit approvals or licenses, despite sanctions or export regulations being in place. FIRST encourages policymakers to find similar exemptions for cybersecurity, to enable the truly global incident response capability, which we and other organisations represent.
Regarding the suspension FIRST continued,
After extensive consultation and review of changes made to the US Export Administration Regulations (EAR), we regret ending up in a position where we had to suspend Huawei’s membership in order to ensure we meet these evolving regulations. In order to achieve our goals, we intend to work closely with both Huawei and the Bureau of Industry and Security (BIS) to address any concerns related to their participation in FIRST.