Cisco: Hikvision Hired Us

By John Honovich, Published May 16, 2017, 12:00am EDT

The day after Hikvision's backdoor was confirmed by the US Department of Homeland Security, Hikvision issued a press release about a 'cybersecurity collaboration' [link no longer available] with Cisco inside China, with Hikvision USA touting that Hikvision was 'adding cybersecurity credentials.'

The release was atypical for Cisco, which normally includes their own contact person and quote. The Hikvision release had neither, just statements from Hikvision.

In this note, we share a statement from Cisco about Hikvision and examine the potential impact of this move.

Cisco Statement

Cisco's security public relations team responded to IPVM, making clear that Hikvision was a customer of theirs:

Cisco’s secure product development, lifecycle management and supply chain security practices are all industry-leading examples of our commitment to security. As such, Cisco often works with many global customers to help assess and identify opportunities to reinforce the security of their own business. Our top priority is the satisfaction and support of our customers, and we are supporting Hikvision to provide the support their business requires. That said, we do not publicly disclose confidential customer account information, and have to direct you to Hikvision for further information.

PR Benefit

Given Cisco's overall brand and status as one of America's largest technology companies, Hikvision hiring Cisco is a strong public relations move and money well spent. While Cisco has been unsuccessful inside video surveillance, Cisco is clearly one of the most well-known technology companies worldwide so associating themselves with Cisco helps to counter the damage to Hikvision's reputation from the backdoor.

Engineering Benefit

Join IPVM Newsletter?

IPVM is the #1 authority in video surveillance news, in-depth tests, and training courses. Get emails, once a day, Monday to Friday.

Beyond the public relations benefit, depending on what information or help Cisco provides, this could improve Hikvision's software development process, assuming the backdoor was an engineering error, rather than intentionally placed. However, Hikvision's press release [link no longer available] is so vague (meeting, phases, collaboration, etc.) that is impossible to assess how much real engineering improvements are being made.

Second Attempt / Also Rapid7

This is not the first time Hikvision has hired outside help for cybersecurity. In 2014, cybersecurity specialist Rapid7 discovered multiple vulnerabilities in Hikvision products. Following Hikvision's first major cybersecurity crisis in 2015, Hikvision hired Rapid7 [link no longer available] to "to perform a penetration test and vulnerability assessment of [their] products."

Rapid7's benefits to Hikvision appeared limit. In addition to not being widely known outside of the cybersecurity segment, evidently Rapid7 did not discover the backdoor that was not fixed for more than 18 months after Hikvision said Rapid7 was assessing their products (whether Rapid7 missed it or Hikvision restrained their efforts is unknown).

Hikvision / Cisco Impact

Hikvision hiring Cisco is a smart move, though framing it as a 'collaboration' and/or an endorsement from Cisco is debatable, since Hikvision hired Cisco. The plus side remains that Hikvision can tout the Cisco brand as a rejoinder to their poor cybersecurity track record and may benefit on the development side if they incorporate guidance from Cisco.

6 reports cite this report:

Hikvision Corrects False Cybersecurity Announcement on Jun 18, 2018
Hikvision has corrected a false cybersecurity announcement that claimed a...
Genetec CEO: You Cannot Buy Trust on Feb 14, 2018
Genetec's CEO, Pierre Racz, delivered a direct message at their channel...
The 2018 Surveillance Industry Guide on Jan 16, 2018
The 300 page, 2018 Video Surveillance Industry Guide, covering the key events...
Hikvision Admits Backdoor 'PR Issue' on Oct 24, 2017
Hikvision is admitting a problem. The backdoor itself is evidently not the...
Hikvision Happy With Bad Security Unless Hit With Bad Press on Aug 28, 2017
Hikvision is happy to have bad cyber security unless they are hit with bad...
Hikvision Hardening Guide Recommends Port Forwarding on Jun 09, 2017
Hikvision's Network Security Hardening Guide recommends port forwarding as a...
Comments (34) : Subscribers only. Login. or Join.
Loading Related Reports