Cisco: Hikvision Hired Us

Author: John Honovich, Published on May 16, 2017

The day after Hikvision's backdoor was confirmed by the US Department of Homeland Security, Hikvision issued a press release about a 'cybersecurity collaboration' with Cisco inside China, with Hikvision USA touting that Hikvision was 'adding cybersecurity credentials.'

The release was atypical for Cisco, which normally includes their own contact person and quote. The Hikvision release had neither, just statements from Hikvision.

In this note, we share a statement from Cisco about Hikvision and examine the potential impact of this move.

Cisco Statement

Cisco's security public relations team responded to IPVM, making clear that Hikvision was a customer of theirs:

Cisco’s secure product development, lifecycle management and supply chain security practices are all industry-leading examples of our commitment to security. As such, Cisco often works with many global customers to help assess and identify opportunities to reinforce the security of their own business. Our top priority is the satisfaction and support of our customers, and we are supporting Hikvision to provide the support their business requires. That said, we do not publicly disclose confidential customer account information, and have to direct you to Hikvision for further information.

PR Benefit

Given Cisco's overall brand and status as one of America's largest technology companies, Hikvision hiring Cisco is a strong public relations move and money well spent. While Cisco has been unsuccessful inside video surveillance, Cisco is clearly one of the most well-known technology companies worldwide so associating themselves with Cisco helps to counter the damage to Hikvision's reputation from the backdoor.

Engineering Benefit

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Beyond the public relations benefit, depending on what information or help Cisco provides, this could improve Hikvision's software development process, assuming the backdoor was an engineering error, rather than intentionally placed. However, Hikvision's press release is so vague (meeting, phases, collaboration, etc.) that is impossible to assess how much real engineering improvements are being made.

Second Attempt / Also Rapid7

This is not the first time Hikvision has hired outside help for cybersecurity. In 2014, cybersecurity specialist Rapid7 discovered multiple vulnerabilities in Hikvision products. Following Hikvision's first major cybersecurity crisis in 2015, Hikvision hired Rapid7 to "to perform a penetration test and vulnerability assessment of [their] products."

Rapid7's benefits to Hikvision appeared limit. In addition to not being widely known outside of the cybersecurity segment, evidently Rapid7 did not discover the backdoor that was not fixed for more than 18 months after Hikvision said Rapid7 was assessing their products (whether Rapid7 missed it or Hikvision restrained their efforts is unknown).

Hikvision / Cisco Impact

Hikvision hiring Cisco is a smart move, though framing it as a 'collaboration' and/or an endorsement from Cisco is debatable, since Hikvision hired Cisco. The plus side remains that Hikvision can tout the Cisco brand as a rejoinder to their poor cybersecurity track record and may benefit on the development side if they incorporate guidance from Cisco.

6 reports cite this report:

Hikvision Corrects False Cybersecurity Announcement on Jun 18, 2018
Hikvision has corrected a false cybersecurity announcement that claimed a British government-sponsored program endorsed the cybersecurity of...
Genetec CEO: You Cannot Buy Trust on Feb 14, 2018
Genetec's CEO, Pierre Racz, delivered a direct message at their channel partner conference: Racz has become a focal point in the industry debate...
The 2018 Surveillance Industry Guide on Jan 16, 2018
The 300 page, 2018 Video Surveillance Industry Guide, covering the key events and the future of the video surveillance market, is now available,...
Hikvision Admits Backdoor 'PR Issue' on Oct 24, 2017
Hikvision is admitting a problem. The backdoor itself is evidently not the problem for them. The problem, according to Hikvision, is a public...
Hikvision Happy With Bad Security Unless Hit With Bad Press on Aug 28, 2017
Hikvision is happy to have bad cyber security unless they are hit with bad press, as we detail inside. When you look at the pattern of their...
Hikvision Hardening Guide Recommends Port Forwarding on Jun 09, 2017
Hikvision's Network Security Hardening Guide recommends port forwarding as a 'standard configuration', highlighted below: In this note, we...
Comments (34) : PRO Members only. Login. or Join.

Related Reports

The False SCMP Story on Hikvision NYC AI on Jan 14, 2019
In the past week, one of Asia's largest publications, the South China Morning Post (SCMP), posted an article about "Chinese [facial recognition]...
Last Chance - Winter 2019 IP Networking Course on Jan 10, 2019
Today is the last day to register for the Winter 2019 IP Networking course. This is the only networking course designed specifically for video...
2019 Video Surveillance Cameras Overview on Jan 07, 2019
Each year, IPVM summarizes the main advances and changes for video surveillance cameras, based on our industry-leading testing and...
Infinova Deletes Xinjiang References, Hiding Evidence on Jan 07, 2019
Infinova has deleted all posts about Xinjiang on its website due to IPVM’s investigation of its business ties there and successfully directed...
"At Hikvision, We Build Trust" on Jan 03, 2019
Hikvision has joined a growing number of video surveillance manufacturers marketing their trustworthiness. In a recent trade magazine full page...
US Gov China Ban Rules Process, SIA Lobbies Against 'Blacklisting', For 'Risk-Based Protocol' on Dec 27, 2018
Details have emerged about when the rules implementing the federal ban on Hikvision, Dahua, Huawei and others will be made public for official...
Bosch VDOO 2018 Vulnerability on Dec 20, 2018
Security research firm VDOO has discovered a critical vulnerability in Bosch IP cameras. Inside, we cover the available details of this new...
Genetec UL Cybersecurity Certificate (2900-2-3) Examined on Dec 19, 2018
Proving a company is cybersecure has become a major concern for security companies. But how trustworthy are these certificates? Earlier in 2018, a...
Network Cable Shootout - Belden, Commscope, Hikvision, Honeywell, NavePoint CCA, Windy City Wire on Dec 17, 2018
Every IP camera install needs UTP cabling. But how much of a difference is there between dirt cheap generic cables found online and the bigger,...
Hikvision Government Parent Holds Communist Party Congress on Dec 17, 2018
The Communist Party committee of Hikvision’s government parent, CETHIK, held a Party Congress earlier this month where senior executives, including...

Most Recent Industry Reports

Access Control Cabling Tutorial on Jan 15, 2019
Access Control is only as reliable as its cables. While this aspect lacks the sexiness of other components, it remains a vital part of every...
Gorilla Technology AI Provider, Raises $15 Million, Profiled on Jan 15, 2019
Gorilla Technology is a Taiwanese video analytics manufacturer that recently announced a $15 million investment from SBI Group, saying this...
2019 IP Networking Book Released on Jan 14, 2019
The new IP Networking Book 2019 is a 285 page in-depth guide that teaches you how IT and telecom technologies impact modern security...
Arecont Costar Layoffs on Jan 14, 2019
Arecont Vision, a Costar Company, has laid off more than 10% of their workforce in a move the company described to IPVM as a result of "important...
The False SCMP Story on Hikvision NYC AI on Jan 14, 2019
In the past week, one of Asia's largest publications, the South China Morning Post (SCMP), posted an article about "Chinese [facial recognition]...
WDR Tutorial on Jan 11, 2019
Understanding wide dynamic range (WDR) is critical to capturing high quality images in demanding conditions. However, with no real standards, any...
Pelco Favorability Results 2019 on Jan 11, 2019
Pelco had a significant favorability problem amongst integrators in our previous study (see 2016 Pelco results). Now, in the first edition of our...
Bad: Dahua Villa Video Doorbell Tested on Jan 11, 2019
Doorbells are one of the hottest segments in the residential market but Dahua's Villa Video Doorbell is the worst we have tested.   We bought and...
Last Chance - Winter 2019 IP Networking Course on Jan 10, 2019
Today is the last day to register for the Winter 2019 IP Networking course. This is the only networking course designed specifically for video...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact