Ban of Dahua and Hikvision Is Now US Gov Law
By John Honovich, Published Aug 13, 2018, 05:24pm EDTThe US President has signed the 2019 NDAA into law, banning the use of Dahua and Hikvision (and their OEMs) for the US government, for US government-funded contracts and possibly for 'critical infrastructure' and 'national security' usage.
This completes the legal process that started in May with the US House passing the bill with the ban and the August 1st Senate passing of the bill.
Direct Impact - Stop Purchasing and Removals
The ban technically starts one year after signing into law, which will be August 13, 2019. However, since the ban includes both purchasing and using existing equipment, it effectively starts immediately since it would make little practical sense to buy equipment today to have to remove it in 12 months.
The removal of Dahua and Hikvision branded equipment will be relatively straightforward since US government agencies can simply read the label on the devices. However, OEMs, which are included under the 'produced' for 'affiliates' clause, will also have to be removed.
For help, see our Dahua OEM Directory and Hikvision OEM Directory.
Broader Indirect Impact - Branding
Since the US government is effectively blacklisting Dahua and Hikvsion products, this will have a severe branding and consequentially purchasing impact. Many buyers will be concerned about:
- What security risks those products pose for them
- What problems might occur if they want to integrate with public / government systems
- What future legislation at the state or local level might ban usage of such systems
Indeed, one prominent Hikvision partner has acknowledged the impact even before the bill became law:
One of my top 10s said that one of his bank jobs said that they cant do hikvision because they were put on a watch list. He is also concerned about a hospital job he has coming.
The impact outside of the US could be significant as well since many countries and organizations will see this as a negative signal about the security and trustworthiness of these products.
Background
The following reports provide background about Hikvision and Dahua:
- Hikvision Chinese Government Origin And Control
- Hikvision: Chinese Government "Exert Significant Influence Over Our Business"
- Hikvision Chairman Joins China National Government (NPC)
- Hikvision Backdoor Exploit
- Dahua Ban Response: Not Chinese Government Owned
- Dahua Backdoor Uncovered
Update: Podcast Released
IPVM has released a podcast discussion on this. Download the 28 minute podcast here or listen to it embedded below:
73 reports cite this report:
Comments (58)
Note: I left out some screencaps / details of the law since we covered it 2 weeks ago here. However, for completeness, they are copied below:
The full text of the bill is here (note: it is 1,360 pages long with the relevant sections of page 322 - 323).
The ADI 60% off “Banned by the Government” sale starts tomorrow.
Make video surveillance great again.... okay it doesn't have the same ring, but this is definitely helping the industry, especially the premium brands with high end products. This will really hit home when local integrators who have been fiercely loyal to Hik begin to switch.
Get your popcorn ready.
Although federally illegal, at least Hikua is still legal recreationally in every state. Cannabis, on the other hand, might very well become legal federally with some type of federal policy or regulation mandated. I know there is a ton of Hikua and their OEMs in that space.
What about government housing, etc? Hikua needs to do major damage control so concern doesnt spill into SLED.
From the FB discussion of this post:
Could it be that Nelly's (Surplus) is going to win both ways? ;)
In all seriousness, it is an interesting questioning of what becomes of the gear. We will check for any government recommendations.
I was onsite with a client who has advised that local and state governments are also adopting the same position in several instances that if the Federal government deems it unsafe for their projects, it's not safe for theirs either and removing from future consideration and reviewing previous projects. I guess the upside is that any removals may constitute new sales opportunities? Soon the message will be to commercial customers, "those products are illegal." Everyone is scrambling!
One of the best bills in modern history. As security professionals we have a duty to take our nation's security serious. This is NOT just a 'Red Scare'.
Some judge in New York will sue to get them allowed just because.
Does IPVM have a list of manufacturers (or by item) that meet made in america? and meet the government treaty guidelines for purchases?
Does anyone have any thoughts/ideas on what will happen to Dahua and Hikvision DIY OEM's (LaView, Amcrest, Qsee, Night Owl and competitors) mainly in the consumer space?
Will they continue to purchase from Dahua and Hik?
Will these businesses be impacted from this law?
Are they allowed to continue to purchase and import goods from these companies?
Update: IPVM has released a podcast discussion on this. Download the 28 minute podcast here or listen to it embedded below:
First trade magazine with coverage, SSI, is out: U.S. Defense Bill Signed Into Law Bans Dahua, Hikvision Products. Interesting quote from Lynn de Seve, a government contracting specialist:
State and local agencies usually go the way of the Feds. Soon it becomes a trend even with commercial customers.
[Update: SSI has removed this quote with no notice to why it was removed.]
Here comes the price increases.
IPVM could have been a little clearer in stating they forged the photo from an original that related to a $1.5m tax overhaul package and has absolutely nothing to do with the ban.
Putting "IPVM illustration" on the bottom right corner doesn't cut it and just demonstrates how tacky and cheap IPVM has become. Tabloid really is the correct description of this type of "journalism".
Your response typifies the "anti-Hik" lobby in personalising an individual attack - sanctioned by IPVM.
I'm not "anti-Hik", per se, I just happen to believe their products are so severely flawed in terms of cyber security that they are not suitable for use in most commercial deployments. Further, I think that Hik has gone to great lengths to convince people, through blatantly deceptive and fraudulent presentations, that their products are not more or less secure than those of other companies. This is evidenced when I see claims like your following statement:
More recently, Axis and genetic vulnerabilities are airbrushed to see them in some kind of positive light whereby anything at all by HIK/Dahua is trashed into anti-China rhetoric.
My opinion is that you lack the ability to properly evaluate common vulnerabilities and their potential to be exploited and impact a user or their network. My comments are not "personal", but they are in response to your specific statements. If you want to call that some kind of "individual attack", I guess you can, but I would also say you have pretty thin skin.
Not everyone reading the article is from the IPVM community and will indeed believe what they have published in the context of the story.
I would say the average reasonable person reading this would have seen enough Trump photoshops of him holding up altered signs and declarations to recognize the parody/satire element. If not, well, IPVM is catering to an audience that is overall informed and moderately skeptical, they can't dumb and disclaimer every image down to the lowest common denominator. If you read the text under the image, I feel that you get sufficient detail to evaluate the image properly. If you only "read" pictures, well, that is an entirely different issue.
The graphic being misleading is indicative of Johns mission to exaggerate all things Hik
What is truly misleading about the image? Did Trump not in fact sign a bill that bans use of Hytera, Hikvision, and Dahua in government applications?
The facts are that outside of the US the NDAA is meaningless, trivial and entirely irrelevant.
Disagree. Outside of China (where Hik enjoys government preferences and similar bans severely limiting use of foreign surveillance products) North America is the largest market in the security industry. Many manufacturers fund their overseas expansions off of their NA business. Banning Hik and Dahua in the US will make those companies weaker here, and simultaneously strengthen others. That can easily have rolling global impact.
Simply jumping on Johns bandwagon to get "likes" and earn click dollars
I give two shits about who "likes" me, and you can upvote all my comments to infinity and it won't alter my net worth by more than a rounding error. My motivation is not at all related to either of those goals, I am simply trying to share insight and information.
What is harder to do is to enter into reasoned debate
Just so I can keep track, are you the pot or the kettle in the above statement?
But hey - if school yard insults is your thing - then so be it.
At least you are consistent, taking a throw-away image or a throw-away statement and somehow coming away with the understanding that is the whole story.
I was at an ADI expo yesterday and couldn’t help but overhear a Hik employee on the phone (talking quite loud) to who I would assume was his boss, talking about, ‘losing orders for five military bases due to the ban’. Thought it was interesting. Their booth still had quite a bit of traffic, as you might imagine. They had quite the setup.
Just read an entire article on the NDAA 2019. I find the following exert funny as Hik nor Dahua are mentioned.
Section 889 of the NDAA would also prohibit executive-branch agencies from procuring or contracting for certain covered telecommunications equipment or services from companies that are associated with or believed to be owned or controlled by the People’s Republic of China. This includes ZTE and Huawei, two companies whose activities in the United States have been the subject of great scrutiny in recent months. This prohibition would begin for executive-branch agencies one year after enactment of the NDAA and would extend to the beneficiaries of any grants, loans or subsidies from such agencies two years after enactment. Under this provision, the head of any federal agency may issue a onetime waiver for up to two years, while only the director of national intelligence may issue subsequent waivers. Notably, however, the NDAA does not include a provision from the Senate version of the NDAA that would have reimposed the penalties against ZTE that the Commerce Department controversially revoked earlier this year.
The following link is the entire article https://www.lawfareblog.com/whats-new-ndaa
Would this affect US government projects outside of the US?
ie, US customs preclearance at airports in Canada?
Thank you, Charles. Much appreciated!
This airport I mentioned above received 9M in federal grants. I have not heard anything about them using any federal money for this project. I did reach out to the city to see if they have anything in place that would prohibit some of this banned equipment being placed on their leased property.