Cisco: Hikvision Hired Us

By: John Honovich, Published on May 16, 2017

The day after Hikvision's backdoor was confirmed by the US Department of Homeland Security, Hikvision issued a press release about a 'cybersecurity collaboration' [link no longer available] with Cisco inside China, with Hikvision USA touting that Hikvision was 'adding cybersecurity credentials.'

The release was atypical for Cisco, which normally includes their own contact person and quote. The Hikvision release had neither, just statements from Hikvision.

In this note, we share a statement from Cisco about Hikvision and examine the potential impact of this move.

Cisco Statement

Cisco's security public relations team responded to IPVM, making clear that Hikvision was a customer of theirs:

Cisco’s secure product development, lifecycle management and supply chain security practices are all industry-leading examples of our commitment to security. As such, Cisco often works with many global customers to help assess and identify opportunities to reinforce the security of their own business. Our top priority is the satisfaction and support of our customers, and we are supporting Hikvision to provide the support their business requires. That said, we do not publicly disclose confidential customer account information, and have to direct you to Hikvision for further information.

PR Benefit

Given Cisco's overall brand and status as one of America's largest technology companies, Hikvision hiring Cisco is a strong public relations move and money well spent. While Cisco has been unsuccessful inside video surveillance, Cisco is clearly one of the most well-known technology companies worldwide so associating themselves with Cisco helps to counter the damage to Hikvision's reputation from the backdoor.

Engineering Benefit

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Beyond the public relations benefit, depending on what information or help Cisco provides, this could improve Hikvision's software development process, assuming the backdoor was an engineering error, rather than intentionally placed. However, Hikvision's press release [link no longer available] is so vague (meeting, phases, collaboration, etc.) that is impossible to assess how much real engineering improvements are being made.

Second Attempt / Also Rapid7

This is not the first time Hikvision has hired outside help for cybersecurity. In 2014, cybersecurity specialist Rapid7 discovered multiple vulnerabilities in Hikvision products. Following Hikvision's first major cybersecurity crisis in 2015, Hikvision hired Rapid7 [link no longer available] to "to perform a penetration test and vulnerability assessment of [their] products."

Rapid7's benefits to Hikvision appeared limit. In addition to not being widely known outside of the cybersecurity segment, evidently Rapid7 did not discover the backdoor that was not fixed for more than 18 months after Hikvision said Rapid7 was assessing their products (whether Rapid7 missed it or Hikvision restrained their efforts is unknown).

Hikvision / Cisco Impact

Hikvision hiring Cisco is a smart move, though framing it as a 'collaboration' and/or an endorsement from Cisco is debatable, since Hikvision hired Cisco. The plus side remains that Hikvision can tout the Cisco brand as a rejoinder to their poor cybersecurity track record and may benefit on the development side if they incorporate guidance from Cisco.

6 reports cite this report:

Hikvision Corrects False Cybersecurity Announcement on Jun 18, 2018
Hikvision has corrected a false cybersecurity announcement that claimed a...
Genetec CEO: You Cannot Buy Trust on Feb 14, 2018
Genetec's CEO, Pierre Racz, delivered a direct message at their channel...
The 2018 Surveillance Industry Guide on Jan 16, 2018
The 300 page, 2018 Video Surveillance Industry Guide, covering the key events...
Hikvision Admits Backdoor 'PR Issue' on Oct 24, 2017
Hikvision is admitting a problem. The backdoor itself is evidently not the...
Hikvision Happy With Bad Security Unless Hit With Bad Press on Aug 28, 2017
Hikvision is happy to have bad cyber security unless they are hit with bad...
Hikvision Hardening Guide Recommends Port Forwarding on Jun 09, 2017
Hikvision's Network Security Hardening Guide recommends port forwarding as a...
Comments (34) : Members only. Login. or Join.

Related Reports

SenseB4 Presents Cloud Network Device Monitoring on Jun 09, 2020
SenseB4 presented its cybersecurity and network health monitoring products at...
Milestone Hires New CEO From IT Integrator on Aug 18, 2020
For the first time in 20 years, Milestone Systems has a new CEO and, notably,...
Genetec Drops Support for Dahua and Hikvision on Jun 01, 2020
Genetec has dropped support for Dahua and Hikvision, citing US blacklisting...
School District Admits Not Following FDA Guidelines With 144, No Blackbody, Hikvision Fever Cameras on Aug 21, 2020
The Baldwin County School District has admitted it is not following FDA...
Ban Rules Released: Use Dahua or Hikvision, No US Government Contracts on Jul 13, 2020
The US government has released the rules implementing the "Prohibition on...
Huawei HiSilicon Shortage Impacts Surveillance Manufacturers on Aug 14, 2020
Huawei acknowledged problems and challenges for its HiSilicon chip business,...
Startup Calipsa Presents AI False Alarm Filtering on Jul 21, 2020
Calipsa presented its AI false alarm filtering platform at the 2020 IPVM...
Sunell is The First China Manufacturer to Market NDAA Compliance on Jul 30, 2020
Most China manufacturers are going to be impacted by the NDAA 'Blacklist...
ISC West 2020 Moves To The Basement on May 29, 2020
The twice cancelled/postponed show will now not only be held in a different...
Salesforce Drops Dahua and Hikvision on Aug 12, 2020
Salesforce has dropped Dahua and Hikvision as customers, forcing the two mega...
Final Rule Does Not Expand Hikvision Dahua Blacklist on Aug 14, 2020
The final White House rule (200.216) has been added and contrary to the...
HID Releases VertX Replacement Aero on Aug 10, 2020
HID is replacing two established and broadly supported types of access...
Sequr Presents HID based Cloud Access Control on Jun 04, 2020
Sequr presented HID based Cloud Access Control at the May 2020 IPVM Startups...
Hikvision Salespeople: We Don't Need A Blackbody on May 13, 2020
Dahua jumped out on its cross-town rival selling fever cameras but Hikvision...
HID Presents Mercury Security & Aero Access Controllers on Aug 25, 2020
HID presented Mercury Security & Aero Access Controllers at the 2020 IPVM...

Recent Reports

New Products Show Fall 2020 continues tomorrow with Genetec, Milestone, Avigilon, Microsoft and more! on Sep 29, 2020
IPVM's sixth online show continues tomorrow and will feature New Products...
Avigilon / Motorola VS Virtual ISC West on Sep 29, 2020
ISC West has historically been so dominant that no player would think of...
Dartmouth College Deploys K3 Temperature Screening on Sep 29, 2020
While Dartmouth College has a $6+ billion endowment, the College has bought...
Hanwha AI Object Detection Tested on Sep 28, 2020
Hanwha has added detection and classification of people, cars, clothing...
Favorite Access Control Manufacturers 2020 on Sep 28, 2020
200+ Integrators told IPVM "What is your favorite access control management...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...