Hikvision USA Head of Cybersecurity Exits

By: Brian Karas, Published on Jul 18, 2017

Hikvision USA's Head of Cybersecurity has exited the company.

In this note, we review the move, share Hikvision's feedback and examine the company's efforts to improve their cybersecurity following numerous vulnerabilities and problems (e.g., 1, 2, 3, 4, 5) in the past few years.

Exit ********

**** ******* [**** ** longer *********] *** **** of ************* *** ********* USA *** **** * months, ***** ** ******** 2016 *** ****** ** May ****.

*******'* ********** ******** ******** roles ** * *********/***********-******** security ******* ** ******* companies, ** **** ** running * ***** ********** company ************ ** ***** security ********** *** **** analysis *** ******** ***************.

Hikvision ********

********* *********:

********* **** *** ******* on ******* *** *********’ departures. *** ******** ** being ********** *** ********** an ***********/******* ********** **** versus ** *********** ****.

*** ******* ******** ** comment ** ********** ********* asking *** ************* ** what ********* *** ** doing ** ***** ** enhancing *** ************* ** their ********.

Hikvision ************* ****** **********

***** **** *** ********* expertise ********* ** ********** in************* ********** *** ******* *** ****** ** **** more ******** *****, ***** typically **** ****** *** and **** ** * "*****-**" technical ****** **. ********* marketing ********* *** ******** webinars. ** *** ******* taken **** **** *** ********* to **** **** ****, which ****** * *** in ***** ************* ********* *** management ** *** *******.

*** *** ******* ***** an ******** ************* ** job ******/******, (*) "********** with ********* ********** ** develop ********* *********, **** as ******** ***** *****, external ** *************, ***. regarding *** ******** ******** in ********* ********" *** (2) "******* ** ***** of *********** ** *********** security ********** ** **********".

Series ** ************* ******

********* *** ***** * series ** ************* **********, ****** back ******* *****. ****** ones include:

*** ******* ******* ***** someone ** ******* ***** ongoing ************* ******, ****** **** do *** **** * history ** ****** **** ****** (e.g.: ********* ******* ******** ** Others, ****** **** **** DHS********* ******* ************** *** Hacked ********* *******). **** *** **** it **** *********** *** * person ** *** **** Hikvision ** ****** *** if *** ******* **** not **** ************** *** their ***************.

Heavy ********* ** *************

****** ********* ********* *** videos **** ***** ** focus ******* ** *********'* cybersecurity *******, ********** ***** efforts ** **** ******, but ****** ****** ******** information, ** ***** ** one ** *********'* **** recent ********* ******:

**** *** ***** ********* for **** ******* ** their ************* ******* *** improvements *** **** ****** with **** ** ** when ********.

Hikvision *** ****** ******* **** *************

* ***** ****** *** Hikvision ***, *** ****** who **** ** **** Vallejo's ****, ** ******* with *** **** **** Hikvision *&* ** ********* based ** ***** ** in *****. ******* ***** to ********* *** **** acknowledged **** *** ***** engineering ******, **** ** addressing ************* ******, ** handled ** *** ********* in *****, *** **** the ***** ****** ** not ****** ********* ** input *** *********** **** the ******* ***** *******.

Comments (8)

I can understand the importance of needing to work with marketing in such a role. I'm sure its tough to find a multi-faceted person that is an expert in both areas such as marketing and cyber security. Hope they find a rock star that will propel their cyber security to be the best in the industry. 

Anyone else catch that five syllable word thrown in (juxtaposition)? The sesquipedalian vocabulary of Brian Karas ladies and gentlemen.

I feel Brian described the complexities of this role eloquently. My brother Michael worked tirelessly to make the role successful. Although he keeps his business dealings confidential, I'm sure a lack of unified vision for the role from corporate made things difficult. As a professional in the industry for over 15 years I can't imagine any way he could have been successful in that environment. Good luck to the next individual that fills this role and to my brother as he looks for his next opportunity.

 

their biggest issue is lack of compute power

to encrypt video needs a reasonable processor 

hisilicon chips probably not enough to encrypt video

we use intel kabylake to achieve this but it makes a more expensive product

it allows us to put an encryption dongle between our nvr and ip camera allowing us to utilise onvif cameras already in situ

but it does mean replacing the nvr

 

All the modern SoC chips used for Video encoding (Ambarella, HiSilicon, etc) all have industry standard hardware encryption blocks that can easily encrypt video with very little performance hit. 

Encryption doesn't help with these types of security exploits.

That said, it would be outstanding if the industry finally cared about having end-end encryption.  The cameras aren't the limiting factor...  Even the sub $6 Video Encoders can now effortlessly AES encrypt every packet going over the wire.  The challenge is the archaic VMS / NVR systems that they're connecting to.

The security exploit problem will only be fixed when we have extremely ridged network protections and containment against these types of attacks.  

IP Cameras are effectively IoT devices... and as they say, the S in IoT stands for security. (i.e. there is none).

The network switch fabric should ONLY allow specific traffic to flow form one specific device to another specific device(s).  It shouldn't matter that a HikVision camera has more back doors than the Kardashians.  No unauthorized transmissions should be permitted to or from that device.  Period.

Until we have that structure in place, we'll continue to have exploit after exploit that is discovered, that no one ends up patching...  

Writing secure code is astonishingly difficult and expensive, even when written by experts that are wholly focused on these types of problems.  

The state of the union today code wise is simply horrific, and it's getting worse. Compounding the issue is the fact that these devices are increasingly becoming more powerful and dangerous to anything else on the network.  

They are astonishingly capable network attached compute engines. They're also twiddling their thumbs for the most part while happily serving out some meager H.264 RTSP streams.  Most IP cameras are running at 10-20% CPU utilization (unless analytics are running on the device as well).  In the case of analytics, soon quad core processors will become the norm... everything scales up in capabilities, and each of these software features/services typically only serve to increase the attack surface of these devices. 

The only solution for these increasingly toxic devices is containment.  Good fences really do make good neighbours.

 

 

  

 

UPDATE -

Hikvision has hired a new Director of Cyber Security, Chuck Davis.

His LinkedIn profile lists: "Specialties: Computer Forensics, Malware Analysis, Network Security, Intrusion Detection, UNIX Security", along with a CISSP-ISSAP, which gives him a strong technical background related to the role.

His previous role was at IBM, and he does not list any physical security industry experience specifically, which could make his transition into Hikvision a bit more challenging than someone coming from this industry.

We have made a request to Hikvision for an interview with him for a future post. 

Just saw this news in the HDP email. They also now have a 12 hour (5am-5pm PDT) cyber hotline.

Read this IPVM report for free.

This article is part of IPVM's 6,536 reports, 881 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Anyvision Presents AI Facial Recognition and Mask Detection on Jun 08, 2020
AnyVision presented its AI facial recognition and mask detection at the May...
Viakoo Presents Cyber Hygiene for Cameras on May 28, 2020
Viakoo presented its 'Cyber Hygiene' and 'Service Assurance' products at the...
Genetec Drops Support for Dahua and Hikvision on Jun 01, 2020
Genetec has dropped support for Dahua and Hikvision, citing US blacklisting...
Dahua Critical Cloud Vulnerabilities on May 12, 2020
Dahua has acknowledged a series of cloud vulnerabilities that researcher...
Seek Scan Thermal Temperature Screening System Tested on May 28, 2020
Now that IPVM has tested Dahua, Hikvision, and Sunell, we are returning to...
Mobiqam Presents Battery Powered & Quick Setup Video Surveillance on Jun 12, 2020
Mobiqam presented its battery-powered, quick setup video surveillance system...
Startup Rhombus Presents Cloud Managed Physical Security on Sep 02, 2020
Rhombus Systems, a closed camera, analytics and cloud VMS alternative to...
SafeZone Tech Presents AI Gunfire Detection on Jun 15, 2020
Safe Zone presented its AI gunfire sensor the May 2020 IPVM Startups...
Euklis Presents AI Analytics on May 05, 2020
Euklis presented its AI facial recognition, LPR, and object recognition...
Bosch Presents MIC 7100 Extreme PTZs on May 21, 2020
Bosch presented its MIC 7100 Extreme PTZs at the April 2020 IPVM New Products...
Huawei HiSilicon Production Shut Down on Sep 17, 2020
Huawei HiSilicon chips are no longer being manufactured or supplied to...
Huawei HiSilicon Shortage Impacts Surveillance Manufacturers on Aug 14, 2020
Huawei acknowledged problems and challenges for its HiSilicon chip business,...
Imron Presents Cloud Access Control on May 13, 2020
Imron presented their cloud access system, UnityIS, at the April 2020 IPVM...
Milestone Presents XProtect On AWS on May 04, 2020
Milestone presented its XProtect on AWS offering at the April 2020 IPVM New...
HID Presents Mercury Security & Aero Access Controllers on Aug 25, 2020
HID presented Mercury Security & Aero Access Controllers at the 2020 IPVM...

Recent Reports

Hanwha AI Object Detection Tested on Sep 28, 2020
Hanwha has added detection and classification of people, cars, clothing...
Favorite Access Control Manufacturers 2020 on Sep 28, 2020
200+ Integrators told IPVM "What is your favorite access control management...
New Products Show Fall 2020 Starts Tomorrow! on Sep 27, 2020
Tomorrow, IPVM's sixth online show will feature New Products from over 25...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...