Subscriber Discussion

Hikvision Canada Cybersecurity Road Show 2017 / USA 2018 / Europe 2019

DR
Dennis Ruban
Nov 14, 2017

We have discussed a lot about Hik and vulnerabilities. I just found that they're conducting an event in Canada: Cybersecurity Myths and Facts

(1)
Avatar
Sean Nelson
Nov 14, 2017
Nelly's Security

This is amazing. Getting right to business and tackling this thing head on. 

(3)
(2)
Avatar
Brian Karas
Nov 14, 2017
IPVM

I voted disagree. Hikvision's responses have been along the lines of claiming these vulnerabilities have been over-hyped and/or that Hikvision is no different than other manufacturers when it comes to security. These claims are of course false.

Unless Hikvision plans to reverse their stance on "myths" at this event, it has a high probability of being more spin than education.

(8)
Avatar
Sean Nelson
Nov 14, 2017
Nelly's Security

I voted disagree.

 

Of course you did :) 

Given IPVM's extreme interest in Hikvisions Cyber Security, i am curious if an IPVM employee will be attending one of these road shows.

(1)
(1)
Avatar
Sean Nelson
Nov 14, 2017
Nelly's Security

not to get off topic but I have been noticing lately that when I reply to specific people, it doesnt actually reply under their name and sometimes posts as a new post.

JH
John Honovich
Nov 14, 2017
IPVM

Note: I changed the title to "Hikvision Canada Cybersecurity Road Show 2017" since it is not a single 'event' but a series of them.

Also, on Hikvision's blog, they say "Hikvision will host a US cybersecurity road show that will take place in 2018."

I am curious to see what they present and, more importantly, what else they say publicly outside of these individual events/meetings.

UM
Undisclosed Manufacturer #1
Nov 15, 2017

My guess is that it will be similar to the webinars they ran on their own and with other where they did talk about some of the recent issues and best practices. However, many of the best practices were obvious or not really best practice (change ports, etc.). Also, when discussing their issues, they claimed to have responded and fixed the issues in a few days, when in reality it took months for global firmware vs domestic Chinese to be released, and the OEMs had no idea if/when they would get their fixes.

But it is at least a start to be talking about it, but it needs to be more than just spin or PR control.

I wonder if they are offering accredited continuing education credits for the event.

U
Undisclosed #2
Nov 16, 2017

Why has Chuck not responded to the WSJ article?

This road show 'series' he is doing (as the only speaker in attendance) is 4 shows all in 1 week.

So I am sure he is actively engaged in preparing for that week in December, but as the Director of Cyber Security at Hikvision USA, one would think that he would be the one leading their response to this article.

So far, not...

 

JH
John Honovich
Nov 16, 2017
IPVM

Why has Chuck not responded to the WSJ article?... leading their response to this article.

In fairness to him, this is a Hikvision board of director / communist party decision (see their 'exclusive' 'interview' with the Chinese government news). I assume eventually they will authorize him to speak publicly but the issue is too big to let overseas staff immediately respond.

(1)
U
Undisclosed #2
Nov 16, 2017

I agree with you that this is exactly what is happening.

In fairness to him, and his newly-minted position, Hikvision China should've already provided him the appropriate response so that he could lead the NA response to a NA major newspaper story relating specifically to his newly-minted position's title.  

JH
John Honovich
Nov 16, 2017
IPVM

The confounding factor is the Chinese government ownership issue. If the WSJ article was just about cybersecurity, I doubt the Hikvision high command would be that concerned.

It's the coverage of the government ownership and, worse, relating it to their cybersecurity problems.

The most likely outcome is that they order Davis to simply repeat the party line about government ownership but that's a sensitive topic beyond cybersecurity.

UI
Undisclosed Integrator #3
Nov 16, 2017

Some "road show" with a whopping total of FOUR cities they're hitting...

JH
John Honovich
Nov 17, 2017
IPVM

whopping total of FOUR cities

In fairness, Hikvision says they are doing another cybersecurity roadshow series in the US in 2018.

I believe it simply because Hikvision has shown a willingness to spend a lot on these type of events even before the whole government/cybersecurity crisis. I suspect the Canada one is sort of a dry run to figure out the messaging, attendance feedback, etc.

U
Undisclosed #4
Nov 17, 2017
IPVMU Certified

I suspect the Canada one is sort of a dry run to figure out the messaging, attendance feedback, etc.

Agreed, but they best have their story straight before they consider going on to Mexico...

(1)
UM
Undisclosed Manufacturer #5
Nov 17, 2017

Propaganda...that's what it will be, nothing else...

JH
John Honovich
Mar 02, 2018
IPVM

2018 Hikvision cybersecurity US tour first date announced - LA March 27th.

Other cities with planned stops include Miami, Las Vegas, Boston, Chicago, Washington DC, Atlanta, Philadelphia, St. Louis, Houston, Phoenix and New York City, dates not yet disclosed.

Avatar
Sean Nelson
Mar 02, 2018
Nelly's Security

Im curious, since IPVM is heavily invested in this topic, if IPVM will be attending?

(1)
(1)
JH
John Honovich
Mar 02, 2018
IPVM

I am not sure they will allow us in but we would be open to going.

(2)
JH
John Honovich
Mar 22, 2018
IPVM

USA dates released:

UI
Undisclosed Integrator #6
Mar 22, 2018

Sean, they appear to be skipping your region.  Still aboard the trunkslammer train or did it derail?

Avatar
Sean Nelson
Mar 22, 2018
Nelly's Security

No need to waste time in "common sense country"

JH
John Honovich
Mar 22, 2018
IPVM

In Oklahoma, they love China Communist Party made cameras! wait what...

(1)
Avatar
Sean Nelson
Mar 23, 2018
Nelly's Security

How dare you insult my man Brian Rhodes like that.

(2)
Avatar
Michael Budalich
Mar 23, 2018
Genetec

John H: You should go to the philly one may 15th :)

MM
Michael Miller
Mar 23, 2018

I'll even share an Uber with John :)

JH
John Honovich
Sep 13, 2019
IPVM

New: Hikvision has announced a 7 city European cybersecurity roadshow:

7 stops total:

The roadshow will kick off in Frankfurt, Germany on September 18th and travel to seven cities in September and October, including Oslo, Copenhagen, Helsinki, and four cities in the Netherlands.

The US cybersecurity roadshows ended quite a while ago, it might be nearly a year since the last one. However, Hikvision’s Director of Cybersecurity for North America, Chuck Davis, is going to Europe for this series.

Not having these in the US is understandable, as after the US government ban, these would be awkward, at best.

These events likely indicate Hikvision is feeling some effects from the US, e.g., Hikvision has recently been scrutinized In the Netherlands, where 4 of these sessions will be taking place.

It is not clear how much these roadshows help Hikvision. Their message is simultaneously sound yet besides the point - yes, there are ways that should be taken to improve cybersecurity but if an organization is not trusted (e.g., owned by the Chinese government), this tends to negate basic cybersecurity advice about passwords, etc.

(1)
Avatar
Carlo Kuijer
Sep 14, 2019

Their lobby is on, they claim in an official dutch Hikvision statement that the are privately owned ?

Source: " Hikvision is sinds 2010 een beursgenoteerd bedrijf op de Shenzhen Stock Exchange en is voor 58% in particulier bezit. De medeoprichter en hoofdinvesteerder van het bedrijf is een inwoner van Hong Kong. Om deze reden, in tegenstelling tot wat Nieuwsuur heeft verteld, is het Hikvision volgende de Chinese wet niet toegestaan om onderzoek en ontwikkeling uit te voeren voor het Chinese leger. "

The google translation: "Hikvision has been a listed company on the Shenzhen Stock Exchange since 2010 and is 58% privately owned. The co-founder and main investor of the company is a resident of Hong Kong. For this reason, contrary to what Nieuwsuur has told, Hikvision is not allowed under Chinese law to conduct research and development for the Chinese army."

Source: Hikvision start Europese Cyber Security Tour - BeveiligingNieuws

The Roadshow is led by Chuck Davis, Hikvision’s Director of Cybersecurity for North America, “Cybersecurity and Video Surveillance: Presented by Hikvision" roadshows will consist of a 90-minute interactive education session about cybersecurity, cyber threats and vulnerabilities, myths about the video surveillance industry, and best practices to mitigate those threats and vulnerabilities. He is going to teach the Dutch ! Right !

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions