US Congress Passes Bill Banning Dahua and Hikvision

By IPVM Team, Published Aug 02, 2018, 07:17am EDT

The bill banning US government use of Dahua and Hikvision products has been passed by both chambers of Congress (House vote [link no longer available], Senate vote). The US President has voiced support of this bill and is expected to be signed into law.

UPDATE: The Bill and Ban have now been signed into law.

How It Passed

In May, this ban was introduced as an amendment to the House version of the NDAA defense appropriations bill. However, at that time, the Senate did not include such a ban, raising hopes by Dahua and Hikvision that the ban would be removed in the reconciliation process. However, reconciliation included the ban and both the House and Senate easily passed the bill with the ban.

Bill Ban

The reconciled bill is 1,360 pages covering a vast array of government regulations including the bans of Dahua and Hikvision for US government usage. The relevant section (p322 to 323) is:

Possible Expansion

One important possible expansion of the ban is a new clause calling out 'critical infrastructure' and 'national security purposes':

It is not clear if the bill bans use of Dahua and Hikvision in those areas but, if it did, it would significantly increase the impact as many non-governmental organizations could fall under those categories (utilities, banks, etc.)

Ban Starts 1 Year After Enacted

The bill says this 'prohibition' will start one year after it is enacted, which would put that in H2 2019:

However, in practice, the ban is immediate given the elimination clause.

Remove Existing Dahua and Hikvision Systems

Compounding the problem for Dahua and Hikvision, the bill includes a directive to 'phase-out' and 'eliminate' the use of existing equipment:

Overall, Dahua and Hikvision equipment is a distinct minority of US government video surveillance but there is a non-trivial amount deployed that could be a boon for system integrators and rival video surveillance manufacturers.

Impact *******

*** ****** ** ******* being ****. ********* *** '********' / ******* ***** USA ************ *** ** *** ASIS *** ****, ****** ******* ********* and********** ***** ******** ***** *** ***** bill *** ****** ** May. ****, *****'* **** ** ******** business *** *******.

White ***** / *** ******** *** ** ***** ****

*** ******** ***** ******* of *** **** *** a ****** **** ********* 'white ***** **********' *** products '*** ******* ******** to * *********'. *** final **** **** *** have **** *******. ** ****** the *********** **** ***** allow ***** ** ********* to ******** ** **** to *** ** ********** simply ** ********, *.*., the *********, **** ** UTC ****** (******** **** *********** ****).

*******, *** **** ******* to ********* '********' ** ***** ** Hikvision ** **** ** their '**********' ** **** **, e.g., ********* **** ***** label ** ********* ******** ** Dahua ** *********, ** would, *********, ** ***** to ***** **** *** ban **** *** ***** to *****, ** *** equipment ***** ***** ** 'produced' ** ***** ** Hikvision *** **** ** their '*********'.

Vote / ****

Comments (47)

Undisclosed Integrator #1

08/02/18 01:10pm

I'm beginning to wonder if Congress has seen a credible threat to infrastructure security. I'm not referring to the typical "cold war" mentality we see from not wanting to do business with the Chinese because they're the Chinese. But because the government has seen code or other hard evidence that something nefarious is going on within Hikvision cameras. 

Undisclosed #5

In reply to Undisclosed Integrator #1 | 08/02/18 02:55pm

They have several creditable threats known and documented. I can assure you.

Undisclosed #9

In reply to Undisclosed #5 | 08/03/18 02:30am

Are there practical examples of the Chinese government using these vulnerabilities?

John Honovich

IPVM | 08/02/18 01:21pm

This Facebook commenter has an interesting marketing strategy to sell Dahua and Hikvision:

Undisclosed #6

In reply to John Honovich | 08/02/18 04:11pm

What being sold through GSA?

Avatar

David Morgan

Security Dealer Marketing
In reply to John Honovich | 08/02/18 04:26pm

I'll presume that even though Kenny is half joking he's also correct with his statement that the lionshare of Hikvision and Dahua sales won't be directly affected by this correct?  The bigger questions are will Integrators/dealers make a change by replacing them with others?  Will this knowledge trickle down to the end user?  Will they care?  

Also, does this make room for another / others to increase their share if they position themselves correctly?

Look forward to your thoughts!

Gerald Spradlin

In reply to David Morgan | 08/02/18 05:11pm

Gerald Spradlin (G4 Technology)
End users simply aren't aware and most resellers and installation companies are not informing potential customers/victims when they market Dahua and Hikvision.

I'll say this...
end users do CARE when they are made aware. I frequent a local franchise here in Cincinnati Ohio and on a recent visit noticed brand new Hikvision IP cameras had been installed. I contacted management, sent appropriate links, and literally the very next day the franchise concealed the Hikvision logo. 

I realize the humor there but on a subsequent visit, the cameras were removed and replaced. If enough industry insiders alert end users, franchisees, corporations of the recent government ban, and send appropriate links for the former Mirai and other serious issues with Dahua and Hik, NO INSTALLER would risk their reputation installing those two brands.

If decision makers are in this for a long term business success story, they simply have no choice but to stop buying Dahua and Hik. For those that roll their eyes? If the issue is NOT an issue, then advertise the government ban exists instead of concealing it and see how your sales revenue performs. Your customers are going to become aware sooner or later, you might as well take the plunge before its too late.

Avatar

David Morgan

Security Dealer Marketing
In reply to Gerald Spradlin | 08/02/18 09:45pm

Thanks Gerald for your thoughts to my questions!

Undisclosed Integrator #11

In reply to Gerald Spradlin | 08/03/18 06:41pm

Struggle with this consistently, you would believe that if educated no integrator would risk their reputation installing "those brands" and you would also believe that no end user would risk allowing these to be installed but it happens constantly.

The vertical market we are seeing this in most is mixed-use residential facilities.  Where the bottom line is key, value is "engineered" out and decisions are made by architectural firms that don't care because they can ultimately walk away in the end.

In fact in the past we posted on Linkedin RE: HIKVision and always receive push back responses from some of our local regional competitors angry with us "confusing" the market.  We just shake our heads.  What else can you do?

John Honovich

IPVM | In reply to John Honovich | 08/02/18 05:48pm

Another Facebook commenter: here is spam king Longse finding the bright side of the bill for Dahua and Hikvision:

Am I crazy or is it inevitable that Longse will start a new spam campaign marketing themselves as the 'safe' alternative to Dahua and Hikvision?

Avatar

Salvatore D'Agostino

IDmachines | 08/02/18 01:31pm

Hard to see how this does not imact OEMs, particularly given change in bill language you report.

Undisclosed Distributor #14

In reply to Salvatore D'Agostino | 08/06/18 08:41pm

It BETTER affect OEMs... so many people hiding a Hik/DH unit behind their own brand/logo, and the customer has no idea. Some even claim they're American... the audacity!

Avatar

David Delepine

AA Security Systems LLC
IPVMU Certified | In reply to Undisclosed Distributor #14 | 08/06/18 10:35pm

Too true! I have had reps from both LTS and IC Realtime try this stunt and it infuriates me. I harshly correct them and even then still they persist for a little bit until I tell them with finality that they are either intentionally lying to me or are too ignorant to know the truth.

Most recently had this experience with LTS, a new rep named Michael called me last week. Told him straight up “I will not use Hikvision” his response “We have our own brand tool” too which I said “Yes, rebranded/private labeled Hikvision” and he has the audacity to reply “No it is our brand, not Hikvision” had to tell him firmly that their brand is OEM Hikvision cameras with LTS logos on them... at which point he said “Okay, bye”

Which is exactly why I refuse to purchase the Ella product from IC Realtime, even though they have way more marketing and branding than Camio... I cannot partner with a company that is constantly spreading falsehoods. I told Carter Maslan about the experience I had dealing with IC when researching Ella (besides claiming the Dahua OEMs are their own camera designs, they also claimed Camio does not work with security cameras only web cams and cell phones LOL).

John Honovich

IPVM | In reply to David Delepine | 08/06/18 10:45pm

David, this is how I imagine the LTS sales script works:

Does customer want Hikvision products?

- No: Tell them we have our own brand

- Yes: Them them we have the exact same product as Hikvision but lower cost.

Avatar

David Delepine

AA Security Systems LLC
IPVMU Certified | In reply to John Honovich | 08/07/18 12:03am

Yeah that wouldn’t surprise me. I can only imagine the sales training they did after the bill passed last week.

”So I am sure many of you heard about Congress passing the bill banning Hikvision and Dahua...”

Room full of blank stares.

”In case anyone asks about it, just remind them that we also manufacture our own line of LTS cameras that are exempt from the ban.”

One hand goes up, “But aren’t our cameras manufactured by Hikvision?”

”You’re fired. Any other questions?”

Undisclosed #2

08/02/18 01:38pm

e.g., Honeywell puts their label on equipment produced by Dahua or Hikvision

But they don't just relabel the products, they heavily customize the firmware to make it their own. (/SARCASM).

John Honovich

IPVM | In reply to Undisclosed #2 | 08/02/18 01:42pm

You joke but that could be their defense. It's almost always nonsense, e.g., here is how ADI customized changed colors from Hikvision's firmware:

Maybe they will try that technique but it is a risky one. Note to OEMs reading this, if that is your approach, we will plan to call it out.

Undisclosed #2

In reply to Undisclosed #2 | 08/02/18 04:52pm

I'm really intrigued by the Disagree vote on this one. Does someone actually think that Honeywell is doing anything significant with their firmware? Or maybe you just missed the /SARCASM tag?

Undisclosed Integrator #11

In reply to Undisclosed #2 | 08/03/18 06:45pm

I hope no one actually, truly, thinks that Honeywell is doing anything significant with their firmware --- But to maintain a large Honeywell customer on Honeywell cameras, we have seen integrators say almost anything. 

John Honovich

IPVM | In reply to Undisclosed Integrator #11 | 08/03/18 09:34pm

we have seen integrators say almost anything.

This is where 'ignorance is bliss' and plausible deniability come in. When you see things like that (and here is an example just this week - "IVPM Is A Self Proclaimed Garbage Heap"), typically it's because they don't know, are unwilling to spend even a little time verifying themselves and happy to take the word of manufacturer salespeople to further their own sales.

Avatar

David Delepine

AA Security Systems LLC
IPVMU Certified | In reply to John Honovich | 08/04/18 01:49am

I have seen it played both ways by unethical integrators. There are the ones who deny deny deny, and there are the ones who over exaggerate. I literally had a client (HoA) who was told by another bidder that “Dahua and Hikvision are now illegal”. Mind you this was a couple weeks ago when the defense bill first passed through congress.

I explained to the client that the cameras are not contraband, just that due to legimate cybersecurity concerns can no longer be used in Federal buildings, which I feel is a good thing.

This is a for a standalone system, local recording only, and there is an option I presented for Axis that is 20% more and slightly lower resolution.

Oh the competitor also said that they had to have Cat6 because Cat5e is not good enough for his 4MP cameras...??? So I educated the client a bit about cabling and bandwidth. At the end of the day with little surprise I found out the other bidder is over 3 times our bid (over 40K compared to our 12-15K bid for 11 cameras and 2 recorders).

Undisclosed Manufacturer #3

08/02/18 01:41pm

Seems to be more of an effort aligned with the Trump "Trade War" than actual protection of US government facilities. These companies sell OEM version of the camera that run their standard FW with a bit of rebranding dress-up in the GUI but essentially no different that a standard Hik or Dauha camera. Are these OEM products also banned? Seems narrow and short sighted only aimed at the big Chinese brands to make a political statement rather than protect infrastructure critical to national security. Don't get me wrong, I like the bill but it could have gone further if the true goal was to protect the country.

John Honovich

IPVM | In reply to Undisclosed Manufacturer #3 | 08/02/18 01:47pm

Are these OEM products also banned?

While the bill does not mention 'OEM' or 'white label' by name, it is a reasonable interpretation to believe they are covered.

As we noted in the post:

The bill applies to equipment 'produced' by Dahua or Hikvision as well as their 'affiliates' so even if, e.g., Honeywell puts their label on equipment produced by Dahua or Hikvision, it would, minimally, be risky to claim that the ban does not apply to those, as the equipment would still be 'produced' by Dahua or Hikvision and sold by their 'affiliate'.

Avatar

Greg Hussey

08/02/18 02:32pm

The wording in the bill infers that these products are a security risk but I don’t see wording that really describes what the security risk is exactly.  Perhaps the Bill doesn’t need to explain that but I don’t want to assume. 

If someone really knows what drove this could they let me/us know? 

To be clear – I am asking about what the bill sponsors learned about specifically that got them to add Hikvision and Dahua? 

I know about all the issues related to these two manufacturers, so I don’t need someone to say that was it, unless that is the real answer, i.e. that someone in the industry got the ear of the bill sponsors etc.

OR, do we know that someone within the federal government literally brought these two manufacturers to our law makers attention because of specific incidences that were egregious that went above other typical Chinese manufacturers.

OR, are we saying this is only a political move, as some have suggested this is just part of the China tariff war that is ongoing and growing.

Would be great to know so that we can take advantage of this information and use it to inform our customers more effectively.

John Honovich

IPVM | In reply to Greg Hussey | 08/02/18 02:39pm

If someone really knows what drove this could they let me/us know?

Greg, the amendment was sponsored by Congresswoman Vicki Hartzler, whose district includes Fort Leonard Wood, a base that was using Hikvision cameras and was called out by the WSJ last year.

What happened that it survived reconciliation and Hikvison spending $140,000 over the last few months to defeat it, has not been disclosed.

Undisclosed Manufacturer #10

In reply to John Honovich | 08/03/18 03:34am

Getting put on the GSA Schedule using a loophole and submitting the software for DIACAP might also have been an issue HIK on GSA

Undisclosed End User #4

08/02/18 02:54pm

Referring to the physical security surveillance of critical infrastructure, does this ban extend to the projects funded by the Government only, or by the commercial entities as well that own critical infrastructure like utilities and chemical plants?

 

 

John Honovich

IPVM | In reply to Undisclosed End User #4 | 08/02/18 02:59pm

Good question, #4.

There is a section in the bill that says agencies may not fund nor provide grants to covered products, e.g., Dahua and Hikvision:

Michael Miller

08/02/18 03:26pm

Pentagon Creates 'Do Not Buy' List of Chinese and Russian Software Providers

Undisclosed #7

IPVMU Certified | 08/02/18 06:49pm

Would this be banned?

Asking for a friend, (J.D.) ;)

Undisclosed #8

In reply to Undisclosed #7 | 08/03/18 02:09am

... so hypothetically what if you have been installing these cameras on military bases for the last few years?  Asking for a friend.

John Honovich

IPVM | 08/02/18 07:37pm

Stock update: Both Dahua and Hikvision stocks have been hurt by recent US government actions, Dahua more so.

Dahua was down 6% overnight and is now almost down 50% from its peak earlier this year:

Hikvision was down ~4% overnight and is down ~28% from its peak earlier this year but still higher priced than it was a year ago ($31.91 now vs $28.01 a year ago):

Both are still richly priced relative to Western video surveillance manufacturers.

John Honovich

IPVM | In reply to John Honovich | 08/03/18 11:13am

Both Dahua and Hikvision stocks were down 5.89% today / overnight, adding to the previous day's fall.

John Honovich

IPVM | 08/03/18 10:53am

YouTube video talking about the ban:

Also, SecurityInformed article: Congress Passes Government Ban On Hikvision And Dahua Video Surveillance

Michael Miller

In reply to John Honovich | 08/03/18 01:07pm

Maken Willie IPVM famous. 

Undisclosed #8

08/03/18 02:37pm

Still waiting on similar announcements from:

 

Avatar

David Delepine

AA Security Systems LLC
IPVMU Certified | In reply to Undisclosed #8 | 08/03/18 07:00pm

We might be waiting a while...

Michael Miller

08/03/18 03:04pm

Do you think this will spark any innovation on the camera side of things?  With +100 plus companies OEMing them with basically the same cameras and different firmware which are going to have to look at other options I would think we might see some new camera innovation out of this.  yes/no?

 

NOTICE: This comment has been moved to its own discussion: Do You Think The US Government Ban Will Spark Any Innovation On The Camera Side Of Things?

Undisclosed Manufacturer #12

08/07/18 01:46am

Looks like that HikVision Source Code Transparency Center only for government agencies just became a white elephant... 

Avatar

Salvatore D'Agostino

IDmachines | 08/07/18 07:28pm

So if this is really a security issue, and given the modular nature of camera components, and the overall Chinese manufacturing base, then how can other Chinese manufacturers be overlooked? 

And then let's take this a step further.  What are the requirements for a US company to manufacture there? 

While focusing on market leaders might be efficient on getting to the most Chinese camera/lenses/lighting/storage/etc. units it still leaves a lot of thing still open. 

Does beg the question: Does GSA say no Chinese made IT products period?

 

John Honovich

IPVM | In reply to Salvatore D'Agostino | 08/07/18 07:33pm

Does beg the question: Does GSA say no Chinese made IT products period?

No Chinese made products are allowed on the GSA. This is covered here - Hikvision Removed From US GSA Sales

then how can other Chinese manufacturers be overlooked?

In practice, 99% of Chinese manufacturer video surveillance that might be used by the US government is from Dahua and Hikvision. Part of it is simply that they dominate the Chinese domestic market and, related to that, have the money to market heavily overseas.

Avatar

Salvatore D'Agostino

IDmachines | In reply to John Honovich | 08/07/18 11:11pm

Thanks John, so maybe a new thread but what about other physical security products made in China?

John Honovich

IPVM | In reply to Salvatore D'Agostino | 08/07/18 11:16pm

Sure, you can start it in the discussion group or I can create it for you (title? "Should the US government ban all Chinese manufacturers for US government use?" or?)

Avatar

Salvatore D'Agostino

IDmachines | In reply to John Honovich | 08/07/18 11:40pm

"Where are the boundaries with the GSA banning Chinese products?" Would be my phrasing.

John Honovich

IPVM | In reply to Salvatore D'Agostino | 08/07/18 11:47pm

The boundaries of the GSA banning Chinese products is clear. There are no exceptions on the GSA for products made in China (that's well-established law, i.e., the PRC is not a TAA designated country).

Now, GSA is a subset of government purchasing. Products not from TAA designated countries can still be bought just not on a GSA contract.

Sal, can you clarify? Does that make sense?

Avatar

Salvatore D'Agostino

IDmachines | 08/08/18 12:02am

Thanks John, appreciate you confirming this.  It pretty much has always been the case for infosec and physical access, so I guess this is a lot about closing a gap that should not have gotten by in the first place.  The GSA Approved Products List for physical security has, as you point out, pretty clear provisions on source of manufacture, it seems that these are example of (video surveillance) security systems skirting rules already in place for things like PACS basically due to the absence of domestic (or trading partner country) approved sources.

Undisclosed Integrator #13

08/22/18 12:12am

going main stream

see youtube link

 

Read this IPVM report for free.

This article is part of IPVM's 6,735 reports, 909 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports