Huawei Ascend Chip Restrictions - How To Know If You Have Banned Chips In Your Enterprise
Huawei Ascend chip models 910 B, 910 C, and 910 D are the subject of new import, export, and usage restrictions from the U.S. Bureau of Industry and Security. But how can you tell whether you already have these now-restricted chips in your enterprise IT environment? Eclypsium can help inventory your IT assets at the hardware and component level to discover these exact chip models in your environment so you can take action and avoid violating the new rules.
Transcript
Chase Snyder (00:02)
Alright, I’m here with my colleague Wes Dobry and we’re going to talk about some changing rules about the import and export and usage of certain chips from Huawei that may be present in any sort of a device that has any sort of AI acceleration. So there are laws changing and the Bureau of Industry and Security is issuing new requirements that essentially mean that any sort of an organization that has certain models of Huawei chips in their environment, particularly Huawei ascend 910B, 910C, and 910D models. Those are prohibited now, so you gotta get them out of there. You’re not allowed to buy them or use them, finance them. Wes, tell me what’s happening here and what the implications there are of this rule change.
Wes Dobry (00:49)
Yeah, so it’s actually quite interesting because what we actually first saw was during the Biden administration, there was a ⁓ ruling that ⁓ was issued to say a heavy pause on moving of exports of any AI type of devices. And there was actually, I think it was on less than a week ago, that rule was actually rescinded and it was first taken back, but it was actually replaced by the Bureau of Industry and Security with targeted guidance. And one of the things that they focused on was Huawei related AI chip exports and imports. know, this target focus is quite interesting because if you are a multinational organization, ⁓ part of the controls of this, and this is actually how I heard about this, was one of my financial services customers came to me and said, hey, we need a little bit of help identifying any systems that contain these Huawei chips. ⁓ So, we looked into it and said, ⁓ this is actually something that we already do today.
And we’re helping them do their due diligence to validate that these ships are not within any of their systems.
Chase Snyder (02:10)
Yeah, man, that’s a deep challenge. So asset inventory, already one of the sort of foundational practices of cybersecurity, getting asset inventory down at the chip level or the process level is notoriously difficult. You can get, know, people know what kind of devices or servers or laptops they have in their environments, but what chips are in there is a different challenge entirely that regular, the regular tools don’t really cover. How can organizations get that information? What are their options?
Wes Dobry (02:42)
Yeah, so that’s one of the key things where we’re actually helping this organization with is that they’re already leveraging our Eclipseum supply chain security platform to collect inventory of all their devices and look at them from the risk, threat, vulnerability and change side of things. But as part of this,
we actually generate, they’re basically SBOMs or SPDXs or Cyclone DX style SBOMs, but focused on the firmware and hardware. So HBOMs and my favorite FBOMs. And part of that is actually using that information to go into their centralized C-SCRM solutions that they’re using. And one of the things that we’re looking at doing is how we can actually isolate and identify devices that are export control.
So since we’re already collecting this information, I’ve taken this back to our engineering teams and we can very quickly ⁓ pivot and say, hey, now we’re actually going to ⁓ highlight that these devices have export restricted chips within them and also use that for targeted alerting and notifications within their organization.
In this case, I really want to see us generate something that goes out to things like their SimSore or Asset Management Solution to identify these devices. So they can actually go and collect them or destroy them if necessary, or do whatever their organization requires to meet that export control requirement.
Chase Snyder (04:17)
Incredibly interesting, especially for huge organizations in highly regulated fields like financial services. The implications of this kind of export control is pretty massive. So very cool that we’re able to deliver that kind of a report that can easily show them where in their environment they have what essentially becomes a risk factor at that point, where it’s not like there’s a cybersecurity vulnerability in these things. It’s illegal for you to have that now. You can’t be using those chips anymore.
That’s super interesting. What other types of organizations might be affected by this or what other, what are the broader implications here do you think?
Wes Dobry (04:57)
Yeah, I mean, since this is focused on AI hardware, this is really going to be the organizations that are likely on the upper echelon from a technology adoption curve perspective. So we’re going to see it in financial services. We’re going to see it in things like high tech or in things like data centers and hosting organizations that likely have evaluated these alternative ⁓ manufacturers for use within their organization and maybe still have some of these pieces of devices lying around inside their orgs. So ultimately the idea is we just want to go and provide a transparent perspective so that they can go and take the action that they need to do to be in compliance with these new restrictions.
Chase Snyder (05:44)
Yeah, very interesting. So folks that need, folks that are concerned they might have these Huawei Ascend 910B, 910C, and 910D can reach out to Eclipseum and we can support you in doing the due diligence to make sure that you don’t have these ⁓ newly export controlled chips in your environment. That’s super interesting stuff. Thanks Wes. Any last words before we close it out?
Wes Dobry (06:04)
The only last thing to say is that while these are fairly targeted rules now, there’s nothing precluding these rules from getting to be even more targeted or more broad in the very near future. And as we continue down that path, you know, that’s one of the things that will adapt and pivot to make sure that our customers are properly supported.
Chase Snyder (06:24)
Yes, fantastic. Thanks so much, Wes. And yeah, visit Eclypsium.com and reach out to learn more about how we can support you in doing this hardware level, component level inventory and due diligence. Thanks so much, Wes.
