The bill banning US government use of Dahua and Hikvision products has been passed by both chambers of Congress (House vote [link no longer available], Senate vote). The US President has voiced support of this bill and is expected to be signed into law.
In May, this ban was introduced as an amendment to the House version of the NDAA defense appropriations bill. However, at that time, the Senate did not include such a ban, raising hopes by Dahua and Hikvision that the ban would be removed in the reconciliation process. However, reconciliation included the ban and both the House and Senate easily passed the bill with the ban.
Bill Ban
The reconciled bill is 1,360 pages covering a vast array of government regulations including the bans of Dahua and Hikvision for US government usage. The relevant section (p322 to 323) is:
Possible Expansion
One important possible expansion of the ban is a new clause calling out 'critical infrastructure' and 'national security purposes':
It is not clear if the bill bans use of Dahua and Hikvision in those areas but, if it did, it would significantly increase the impact as many non-governmental organizations could fall under those categories (utilities, banks, etc.)
Ban Starts 1 Year After Enacted
The bill says this 'prohibition' will start one year after it is enacted, which would put that in H2 2019:
However, in practice, the ban is immediate given the elimination clause.
Remove Existing Dahua and Hikvision Systems
Compounding the problem for Dahua and Hikvision, the bill includes a directive to 'phase-out' and 'eliminate' the use of existing equipment:
Overall, Dahua and Hikvision equipment is a distinct minority of US government video surveillance but there is a non-trivial amount deployed that could be a boon for system integrators and rival video surveillance manufacturers.
I'm beginning to wonder if Congress has seen a credible threat to infrastructure security. I'm not referring to the typical "cold war" mentality we see from not wanting to do business with the Chinese because they're the Chinese. But because the government has seen code or other hard evidence that something nefarious is going on within Hikvision cameras.
I'll presume that even though Kenny is half joking he's also correct with his statement that the lionshare of Hikvision and Dahua sales won't be directly affected by this correct? The bigger questions are will Integrators/dealers make a change by replacing them with others? Will this knowledge trickle down to the end user? Will they care?
Also, does this make room for another / others to increase their share if they position themselves correctly?
Gerald Spradlin (G4 Technology) End users simply aren't aware and most resellers and installation companies are not informing potential customers/victims when they market Dahua and Hikvision.
I'll say this... end users do CARE when they are made aware. I frequent a local franchise here in Cincinnati Ohio and on a recent visit noticed brand new Hikvision IP cameras had been installed. I contacted management, sent appropriate links, and literally the very next day the franchise concealed the Hikvision logo.
I realize the humor there but on a subsequent visit, the cameras were removed and replaced. If enough industry insiders alert end users, franchisees, corporations of the recent government ban, and send appropriate links for the former Mirai and other serious issues with Dahua and Hik, NO INSTALLER would risk their reputation installing those two brands.
If decision makers are in this for a long term business success story, they simply have no choice but to stop buying Dahua and Hik. For those that roll their eyes? If the issue is NOT an issue, then advertise the government ban exists instead of concealing it and see how your sales revenue performs. Your customers are going to become aware sooner or later, you might as well take the plunge before its too late.
Struggle with this consistently, you would believe that if educated no integrator would risk their reputation installing "those brands" and you would also believe that no end user would risk allowing these to be installed but it happens constantly.
The vertical market we are seeing this in most is mixed-use residential facilities. Where the bottom line is key, value is "engineered" out and decisions are made by architectural firms that don't care because they can ultimately walk away in the end.
In fact in the past we posted on Linkedin RE: HIKVision and always receive push back responses from some of our local regional competitors angry with us "confusing" the market. We just shake our heads. What else can you do?
It BETTER affect OEMs... so many people hiding a Hik/DH unit behind their own brand/logo, and the customer has no idea. Some even claim they're American... the audacity!
Too true! I have had reps from both LTS and IC Realtime try this stunt and it infuriates me. I harshly correct them and even then still they persist for a little bit until I tell them with finality that they are either intentionally lying to me or are too ignorant to know the truth.
Most recently had this experience with LTS, a new rep named Michael called me last week. Told him straight up “I will not use Hikvision” his response “We have our own brand tool” too which I said “Yes, rebranded/private labeled Hikvision” and he has the audacity to reply “No it is our brand, not Hikvision” had to tell him firmly that their brand is OEM Hikvision cameras with LTS logos on them... at which point he said “Okay, bye”
Which is exactly why I refuse to purchase the Ella product from IC Realtime, even though they have way more marketing and branding than Camio... I cannot partner with a company that is constantly spreading falsehoods. I told Carter Maslan about the experience I had dealing with IC when researching Ella (besides claiming the Dahua OEMs are their own camera designs, they also claimed Camio does not work with security cameras only web cams and cell phones LOL).
I'm really intrigued by the Disagree vote on this one. Does someone actually think that Honeywell is doing anything significant with their firmware? Or maybe you just missed the /SARCASM tag?
I hope no one actually, truly, thinks that Honeywell is doing anything significant with their firmware --- But to maintain a large Honeywell customer on Honeywell cameras, we have seen integrators say almost anything.
This is where 'ignorance is bliss' and plausible deniability come in. When you see things like that (and here is an example just this week - "IVPM Is A Self Proclaimed Garbage Heap"), typically it's because they don't know, are unwilling to spend even a little time verifying themselves and happy to take the word of manufacturer salespeople to further their own sales.
I have seen it played both ways by unethical integrators. There are the ones who deny deny deny, and there are the ones who over exaggerate. I literally had a client (HoA) who was told by another bidder that “Dahua and Hikvision are now illegal”. Mind you this was a couple weeks ago when the defense bill first passed through congress.
I explained to the client that the cameras are not contraband, just that due to legimate cybersecurity concerns can no longer be used in Federal buildings, which I feel is a good thing.
This is a for a standalone system, local recording only, and there is an option I presented for Axis that is 20% more and slightly lower resolution.
Oh the competitor also said that they had to have Cat6 because Cat5e is not good enough for his 4MP cameras...??? So I educated the client a bit about cabling and bandwidth. At the end of the day with little surprise I found out the other bidder is over 3 times our bid (over 40K compared to our 12-15K bid for 11 cameras and 2 recorders).
Seems to be more of an effort aligned with the Trump "Trade War" than actual protection of US government facilities. These companies sell OEM version of the camera that run their standard FW with a bit of rebranding dress-up in the GUI but essentially no different that a standard Hik or Dauha camera. Are these OEM products also banned? Seems narrow and short sighted only aimed at the big Chinese brands to make a political statement rather than protect infrastructure critical to national security. Don't get me wrong, I like the bill but it could have gone further if the true goal was to protect the country.
While the bill does not mention 'OEM' or 'white label' by name, it is a reasonable interpretation to believe they are covered.
As we noted in the post:
The bill applies to equipment 'produced' by Dahua or Hikvision as well as their 'affiliates' so even if, e.g., Honeywell puts their label on equipment produced by Dahua or Hikvision, it would, minimally, be risky to claim that the ban does not apply to those, as the equipment would still be 'produced' by Dahua or Hikvision and sold by their 'affiliate'.
The wording in the bill infers that these products are a security risk but I don’t see wording that really describes what the security risk is exactly. Perhaps the Bill doesn’t need to explain that but I don’t want to assume.
If someone really knows what drove this could they let me/us know?
To be clear – I am asking about what the bill sponsors learned about specifically that got them to add Hikvision and Dahua?
I know about all the issues related to these two manufacturers, so I don’t need someone to say that was it, unless that is the real answer, i.e. that someone in the industry got the ear of the bill sponsors etc.
OR, do we know that someone within the federal government literally brought these two manufacturers to our law makers attention because of specific incidences that were egregious that went above other typical Chinese manufacturers.
OR, are we saying this is only a political move, as some have suggested this is just part of the China tariff war that is ongoing and growing.
Would be great to know so that we can take advantage of this information and use it to inform our customers more effectively.
Referring to the physical security surveillance of critical infrastructure, does this ban extend to the projects funded by the Government only, or by the commercial entities as well that own critical infrastructure like utilities and chemical plants?
Stock update: Both Dahua and Hikvision stocks have been hurt by recent US government actions, Dahua more so.
Dahua was down 6% overnight and is now almost down 50% from its peak earlier this year:
Hikvision was down ~4% overnight and is down ~28% from its peak earlier this year but still higher priced than it was a year ago ($31.91 now vs $28.01 a year ago):
Both are still richly priced relative to Western video surveillance manufacturers.
Do you think this will spark any innovation on the camera side of things? With +100 plus companies OEMing them with basically the same cameras and different firmware which are going to have to look at other options I would think we might see some new camera innovation out of this. yes/no?
So if this is really a security issue, and given the modular nature of camera components, and the overall Chinese manufacturing base, then how can other Chinese manufacturers be overlooked?
And then let's take this a step further. What are the requirements for a US company to manufacture there?
While focusing on market leaders might be efficient on getting to the most Chinese camera/lenses/lighting/storage/etc. units it still leaves a lot of thing still open.
Does beg the question: Does GSA say no Chinese made IT products period?
then how can other Chinese manufacturers be overlooked?
In practice, 99% of Chinese manufacturer video surveillance that might be used by the US government is from Dahua and Hikvision. Part of it is simply that they dominate the Chinese domestic market and, related to that, have the money to market heavily overseas.
Sure, you can start it in the discussion group or I can create it for you (title? "Should the US government ban all Chinese manufacturers for US government use?" or?)
The boundaries of the GSA banning Chinese products is clear. There are no exceptions on the GSA for products made in China (that's well-established law, i.e., the PRC is not a TAA designated country).
Now, GSA is a subset of government purchasing. Products not from TAA designated countries can still be bought just not on a GSA contract.
Thanks John, appreciate you confirming this. It pretty much has always been the case for infosec and physical access, so I guess this is a lot about closing a gap that should not have gotten by in the first place. The GSA Approved Products List for physical security has, as you point out, pretty clear provisions on source of manufacture, it seems that these are example of (video surveillance) security systems skirting rules already in place for things like PACS basically due to the absence of domestic (or trading partner country) approved sources.
This article is part of IPVM's 7,334 reports and 972 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.
Comments (47)
Undisclosed Integrator #1
I'm beginning to wonder if Congress has seen a credible threat to infrastructure security. I'm not referring to the typical "cold war" mentality we see from not wanting to do business with the Chinese because they're the Chinese. But because the government has seen code or other hard evidence that something nefarious is going on within Hikvision cameras.
Create New Topic
John Honovich
This Facebook commenter has an interesting marketing strategy to sell Dahua and Hikvision:
Create New Topic
Salvatore D'Agostino
Hard to see how this does not imact OEMs, particularly given change in bill language you report.
Create New Topic
Undisclosed #2
But they don't just relabel the products, they heavily customize the firmware to make it their own. (/SARCASM).
Create New Topic
Undisclosed Manufacturer #3
Seems to be more of an effort aligned with the Trump "Trade War" than actual protection of US government facilities. These companies sell OEM version of the camera that run their standard FW with a bit of rebranding dress-up in the GUI but essentially no different that a standard Hik or Dauha camera. Are these OEM products also banned? Seems narrow and short sighted only aimed at the big Chinese brands to make a political statement rather than protect infrastructure critical to national security. Don't get me wrong, I like the bill but it could have gone further if the true goal was to protect the country.
Create New Topic
Greg Hussey
The wording in the bill infers that these products are a security risk but I don’t see wording that really describes what the security risk is exactly. Perhaps the Bill doesn’t need to explain that but I don’t want to assume.
If someone really knows what drove this could they let me/us know?
To be clear – I am asking about what the bill sponsors learned about specifically that got them to add Hikvision and Dahua?
I know about all the issues related to these two manufacturers, so I don’t need someone to say that was it, unless that is the real answer, i.e. that someone in the industry got the ear of the bill sponsors etc.
OR, do we know that someone within the federal government literally brought these two manufacturers to our law makers attention because of specific incidences that were egregious that went above other typical Chinese manufacturers.
OR, are we saying this is only a political move, as some have suggested this is just part of the China tariff war that is ongoing and growing.
Would be great to know so that we can take advantage of this information and use it to inform our customers more effectively.
Create New Topic
Undisclosed End User #4
Referring to the physical security surveillance of critical infrastructure, does this ban extend to the projects funded by the Government only, or by the commercial entities as well that own critical infrastructure like utilities and chemical plants?
Create New Topic
Michael Miller
Pentagon Creates 'Do Not Buy' List of Chinese and Russian Software Providers
Create New Topic
Undisclosed #7
Would this be banned?
Asking for a friend, (J.D.) ;)
Create New Topic
John Honovich
Stock update: Both Dahua and Hikvision stocks have been hurt by recent US government actions, Dahua more so.
Dahua was down 6% overnight and is now almost down 50% from its peak earlier this year:
Hikvision was down ~4% overnight and is down ~28% from its peak earlier this year but still higher priced than it was a year ago ($31.91 now vs $28.01 a year ago):
Both are still richly priced relative to Western video surveillance manufacturers.
Create New Topic
John Honovich
YouTube video talking about the ban:
Also, SecurityInformed article: Congress Passes Government Ban On Hikvision And Dahua Video Surveillance
Create New Topic
Undisclosed Integrator #8
Still waiting on similar announcements from:
Create New Topic
Michael Miller
Do you think this will spark any innovation on the camera side of things? With +100 plus companies OEMing them with basically the same cameras and different firmware which are going to have to look at other options I would think we might see some new camera innovation out of this. yes/no?
NOTICE: This comment has been moved to its own discussion: Do You Think The US Government Ban Will Spark Any Innovation On The Camera Side Of Things?
Create New Topic
Undisclosed Manufacturer #12
Looks like that HikVision Source Code Transparency Center only for government agencies just became a white elephant...
Create New Topic
Salvatore D'Agostino
So if this is really a security issue, and given the modular nature of camera components, and the overall Chinese manufacturing base, then how can other Chinese manufacturers be overlooked?
And then let's take this a step further. What are the requirements for a US company to manufacture there?
While focusing on market leaders might be efficient on getting to the most Chinese camera/lenses/lighting/storage/etc. units it still leaves a lot of thing still open.
Does beg the question: Does GSA say no Chinese made IT products period?
Create New Topic
Salvatore D'Agostino
Thanks John, appreciate you confirming this. It pretty much has always been the case for infosec and physical access, so I guess this is a lot about closing a gap that should not have gotten by in the first place. The GSA Approved Products List for physical security has, as you point out, pretty clear provisions on source of manufacture, it seems that these are example of (video surveillance) security systems skirting rules already in place for things like PACS basically due to the absence of domestic (or trading partner country) approved sources.
Create New Topic
Undisclosed Integrator #13
going main stream
see youtube link
Create New Topic