Hikvision Removed From US Army Base, Congressional Hearing Called

Author: IPVM Team, Published on Jan 12, 2018

Hikvision has been removed from a US Army Base and a US congressional committee is planning a hearing on cybersecurity risks and specifically, Hikvision, reports the WSJ in a follow up to their (WSJ) Investigation Into Hikvision.

This is a major trend within the industry, with a growing list of organizations removing or barring Hikvision products, including:

Two main causes of these concerns exist. First, the Chinese government's controlling share of Hikvision, something Hikvision denies in the West but which they readily admit inside of China, Hikvision CEO Admits Hikvision China State-Owned Company.

Secondly, Hikvision's cybersecurity problems, most notably Hikvision's IP camera backdoor shipped in tens of millions of cameras but also including:

As the WSJ reported:

Rep. Steve Chabot, an Ohio Republican and chairman of the House Committee on Small Business, said he expects the committee to focus closely on potential cybersecurity vulnerabilities in security cameras. A spokeswoman for the committee said Hikvision will be examined as part of a hearing scheduled for Jan. 30 on the topic of “foreign cybersecurity threats to small businesses.” The hearing will discuss the security-camera industry generally, but Hikvision will be the only company about which specific questions will be raised, she said. [Emphasis Added]

The challenge for Hikvision is simply what to do now. A company created by the Chinese government and controlled by the Chinese government has vast advantages inside of China and with $6 billion in Chinese government loans, vast resources to spend on International expansion. But money is unlikely to be enough to win over an increasingly aware and skeptical International market. Hikvision's price cuts and sales campaigns continue and that certainly will help with some buyers but if Congressional hearings and more large users remove or ban their products, Hikvision faces difficult decisions about its International future.

Update: Hikvision Fires Back

Hikvision is striking back at the WSJ, labeling the story 'filled with bias and conjecture', and 'misleading to readers and use deceitful headlines'. Fascinatingly, Hikvision claims that the US Army base cameras were removed 'following unfounded and unsubstantiated media reports' but DHS ICS-CERT report gave Hikvision a worse 10.0 score for their IP camera backdoor, clearly a critical factor in worldwide concern about Hikvision products. Interestingly, Hikvision did not comment about the upcoming US Congressional hearings or what they plan to do about them.

4 reports cite this report:

US Army Base Specifies 70+ Outdated Hikvision Cameras (Cancelled) on Feb 22, 2018
A US Army base has specified 70+ Hikvision IP cameras, a month after the WSJ reported a different Army base removed Hikvision IP cameras. While...
US Marine Base Hard Specs Hikvision on Feb 01, 2018
Hikvision is making inroads in the US military. After being removed from a US Army Base and being featured in a US Congressional hearing, Hikvision...
US Congressional Hearing Features Hikvision on Jan 31, 2018
A US Congressional hearing asked questions about Hikvision's government ownership and cybersecurity issues, following the WSJ's investigations into...
'Defiant' Hikvision 'Strikes Back' At WSJ And US on Jan 16, 2018
The fight is on. Hikvision and their owner, the Chinese government, 'strikes back' against the Wall Street Journal and US politicians raising...

Comments (66)

Only IPVM PRO Members may comment. Login or Join.

Refreshing to see that the government is only 16 or so months behind on this issue instead of the normal three or four years.....

IPVM was calling out cyber security concerns at least 2 1/2 years ago, before we even knew about the government ownership. Personally I ignored them and defended Hik (they’re so cheap!) until the mobile client hack happened and embarrassed me greatly before our company owner. Nothing is worse than scrambling to steal someone’s smartphone to uninstall useful apps 2 days after you put them on. Thankfully, that was my first and only Hik install.

While many complain about it, IPVM has been at the forefront putting cyber security concerns in front of integrators beyond just Hik/Dahua/China. Ignore the risk at your own peril.

Notice I said Government and not IPVM. We are all well aware how long IPVM has been championing this issue.

Unfortunately MANY are ignoring the risks and will continue to do so no matter what evidence IPVM, WSJ or anyone else puts forth. I worry that will continue until they are forced to stop which means some sort of government intervention which will no doubt overreach in its scope.

which will no doubt overreach in its scope.

Too true...

This is great news!

I have often theorized the perfect land invasion plan would be to sell IoT devices below cost that would enable your troops to see in real time the status of your enemies assets...

Living through the era in the 80's when there was a common theme of Japan taking over, I have since perceived Eastern countries and company's of having longer term plans then America, so I have always been leery of these low cost electronics from Asia...

Will we end up paying the true cost of these devices with our Liberty and "freedoms" in the end?

You need to stop playing Call of Duty.

What benefit would it be for anyone to invade a country that does trillions of dollars in trade with you?

Invade? Probably very little. Though, a benefit of having nefarious devices on an enemy's network is that you do not have to physically invade to gain access to their national secrets. Instead, you can do it remotely (almost) undetected.

When we (US) defaults. Do you know how much US is in debt to China?

I don't play Call of Duty.

You need to grow up.

You need to grow up.

You're conspiracy theorizing about China invading the US and relying on their state-owned budget-camera company to be their early warning system, but I'm the one that needs to grow up?

#3 please don't tell anyone on IPVM that they 'need to grow up'. We can disagree on things without engaging in such personal attacks.

#3 my Call of Duty remark was in reference to one of their games whose storyline is based around a "surprise" Russian invasion of the mainland US (I don't play it either so I don't remember which). Sorry that it was offensive to you.

Telling me not to play Call of duty was not a personal attack?

Yes, that was personal as well. So please let's leave 'call of duty' and 'growing up' off the discussion. Thanks.

I'm cool if you just want to nuke this sub-thread that I started John. I didn't intend for this to appear to #3 as a personal attack.

And I apologize for telling you to grow up. I have no idea how old you are, and telling me to not play Call of Duty is good advice.... :)

EDIT:

I am not biased about any video game, they all are too time consuming for my busy schedule, I honestly wish I had the time. Last video game I indulged in was SOCOM on PS2.

Outside of a few emergency installs where all we had were TVI-SD cameras on the shelf where we had to install on analog DVRs (not connected to the network), we have never used any Hikvision products in any government facilities. It's been all Axis, Samsung Wisenet analog, Milestone, Exacq or some Pelco repair. Even on repairs of old analog systems it's been all Wisenet+ lately.

There was a govt. office install which was out of our territory where we recommended to the lessor of the building not to use any Hikvision products at all when they were creating the RFQ for security.

SOCOM shout-out

P.S. Get the Nintendo Switch. You can jump and out of games really quickly. Saves so much time

I think we can all agree that the current Call of Duty is about Nazi's, not China. I am a grown up, but do enjoy playing :)

Because imperialism, which isn't just perpetrated by European nations or the USA. What goes around can come around and the USA is a prime target.

Even if it weren't for the purpose of invasion, the potential to steal information and technology has much further reaching implications. Not to mention that every single accessible product of theirs that is online is an additional potential bot in a large scale cyber-attack when activated.

This will do nothing if it doesn't follow through to also include all of the OEM's that have also sold Hik products into the government sector. You can't exclude Hikvision but then allow all of their OEM's with the same cameras to remain.

UD#4 - I feel your statement about OEMs is the one that goes unaddressed. It is impossible not to wonder about the OEM reactions to these type of posts. Of course we know where at least one smaller OEM stands due to postings here. What about those larger companies who are swapping in Hikvision product as their own - Panasonic/Advidia, Honeywell, ADI, Interlogix, etc?

Are these larger manufacturers taking steps to address these types of concerns or are they hiding behind their painted on label?

One of the more fascinating (and somewhat crazy) comments I've heard recently was about a dealer who was happy using LTS - the reasoning being that it is Hikvision but is less expensive than Hikvision and does not have the tarnished Hikvision brand....

I heard about the cyber security issues via a LinkedIn post a year or so ago.

I was working for a super regional provider that sold almost all Hikvision.

They were all about RMR contracts but cyber weaknesses were never discussed.

When I left that company, my new employer had frequently installed LTS.

We are now trying to shift to an affordable vendor and IPVM has been helpful.

People who are serious about security will practice due diligence and be informed.

UD#1 ... thanks for noticing ... It's almost as if all the attention directly on Hikvision is supposed to nullify the same risk imposed on all of the users of the OEM-private branded products made by same.

Short answer >>> They are hiding behind their painted on label.

I guess that's how capitalism is supposed to work?!???!!?

Army Rips Out Chinese-Made Surveillance Cameras...

after American Manufacturer offers Dump Hikvision, Arecont Will Pay You ;)

Very interesting article. I am surprised they installed Hik Vision in the first place.. Pretty embarrassing to have a Chinese government owned secuirty camera company devices at a US Army base. Hik Vision is starting to fall apart!

I'm totally waiting on an entertaining and salty response from Hikvision and family.

Me too, but on the other hand I wouldn’t be too smug Robert, I doubt Dahua is going to be the replacement vendor :)

Anything's better than having the Chinese government watching our military bases.

This article said they removed 5 cameras that were looking at parking lots and a roadway. Also states that they have over 180 cameras deployed on the base on a CLOSED network. Looks more like media grandstanding to me.

#6, thanks for the response. To quote the WSJ:

The base has 187 security cameras in all and the Hikvision devices were used to monitor roads and a parking lot....

A Defense Department spokesman said the Hikvision cameras at Fort Leonard Wood weren’t connected to the military network.

The article does not say explicitly if all security cameras were on a closed network. They likely are but it's not stated directly.

Adding to your point, there is a 2014 Hikvision press release stating the base was using "Hikvision's 9000 series Hybrid DVRs, 6701 / 6704 encoder modules and IVMS-4200 software". We have sent inquiries to Hikvision, the DoD and the WSJ about the status of this equipment.

John this was what I was referring to from the same WSJ article:

Fort Leonard Wood, an Army base in Missouri’s Ozarks, replaced five cameras on the base branded and made by Hangzhou Hikvision Digital Technology Co. , said Col. Christopher Beck, the base’s chief of staff. He said officials at the base acted after reading media reports about the company.

“We never believed [the cameras] were a security risk. They were always on a closed network,” Col. Beck said. The decision to replace the cameras was meant to “remove any negative perception” surrounding them following media reports, he added, without elaborating.

"Closed Network" probably mean Dedicated Micros, LOL, not kidding. I'm currently working with a government agency that only has DM as their only approved video surveillance system. With analog cameras and hybrid DVRs from 2005.

Explanation: DM's sales pitch to gov is their "Closed IPTV" bs.

How do I vote "horrified"?

From from this article:

The company has also said that it does not have access to cameras that have been sold to customers

Unfortunately, everyone else in the world does.

Where's Chuck??

For others, Chuck refers to Chuck Davis, Hikvision North America Director of Cybersecurity.

It is an interesting question. Clearly, this issue is within his domain/responsibility. The questions are: (1) Will Hikvision allow him to comment on such a sensitive matter? So far, he's been reduced to giving generic cybersecurity advice and has stayed away from addressing Hikvision specific issues. (2) Is he comfortable getting involved here? This is now a national political issue, not just a technical one. I am curious to see how far he will go to defend Hikvision to Congress, etc.

For that matter, where’s Marty?!

If this be him, the 50+ unhelpfuls there alone may have shortened his membership by more than a month, which may be a factor:

(50 unhelpfuls * $0.35) / ($199 / 365 days) = ~32 days

Now wait and see. The Chinese Government will establish a shell corporation unrelated to the government...on paper and start all over. It will take our government another 5 years to figure that out. Im sure IPVM will uncover this idea much quicker.

The story has now made Gizmodo: Army Base Ditches Chinese-Made Surveillance Cameras Just So No One Gets the Wrong Idea. Gizmodo is a large mainstream site so it will bring more attention to it.

What do you think about the clarifier from the Colonel though? He only mentions the 5 cameras that were allegedly 'on a closed network'.

i.e. they weren't concerned about cyber security, they were more concerned about media reports that members of their team had read?

If this 2014 press release by Hik that you linked to above is to be believed, then I would think that this might be evidence that the Colonel is full of shit.

I am not sure what the Colonel is thinking or even what he knows. My experience with Colonels is that they are generally way above the level of military personnel who know the details of video surveillance systems. Also keep in mind that this system was installed before there was any Western public discussion of Hikvision's Chinese government ownership and before Hikvision's wave of cybersecurity issues.

My experience with Colonels is that they are generally way above the level of military personnel who know the details of video surveillance systems.

Excluding Colonel Swindell, of course.

agreed. I think the Colonel is just issuing damage control due to bad press - at the behest of those with stars on their shoulder epaulettes.

i.e. he doesn't know what he is talking about.

question: why haven't any of the media outlets running this story (WSJ, Gizmodo, et al) asked the Colonel about the Hik press release from 2014?

From that 2014 presser:

Note that the co-owner of the local Missouri integration company admits that the Hikvision equipment is 'riding on the government network'

Funny thing, Security Sales and Integration posted their own story on the Fort Leonard Wood/Hik deal back in 2014... except they left out that line:

...and the Daily Mail in the UK

...and The Hill

...and Sputnik News

...and American Military News

...and if you like your news in video format - with a hipster back beat - you can check out the clip below

These cameras are also not allowed on the GSA Advantage government purchasing website and should not have been sold to any Federal entity to start with. We receive calls occasionally from military personnel requesting such cameras (sometimes at less consequential buildings such as an on-base Army fitness center) who simply have no idea what they are buying and are simply seeking to meet a budget.

When we informed the last military person requesting this product of the truth, and asked how he was purchasing them previously, he said he was purchasing them online with his credit card.

Zero oversight, very little instruction, low level facility management transaction, little care for reality.

The US House Committee on Small Business has shared the WSJ article and their upcoming hearing on Twitter:

Need to record this on C-Span they air it.

Update: Hikvision has posted an Update on January 12 2018 WSJ Article, firing back at the WSJ:

Recent media reports about Hikvision and our products have inaccurately characterized our company, our products and our services. These opinions are filled with bias and conjecture. Some of these reports are misleading to readers and use deceitful headlines to attract attention. [Emphasis addded]

In fairness, Hikvision knows deceit. They call their magic string backdoor a 'privilege escalating vulnerability'. They call their controlling shareholder just a part of their "diverse set of private and public shareholders", etc.

So far, they have posted the update on Twitter and now on LinkedIn.

Securitas Director using the WSJ coverage to solicit business:

Fox's Lou Dobb's has picked up the WSJ / Hikvision story calling for procurement people to be fired:

Took them long enough! Then again, given what I know about Hikvision and their attempts to obscure facts, I don’t agree that anyone should be fired over this.

I'm a big fan of Hik products. Their prices are aggressive, their products are attractive, and the performance (depending on the model) is very good.

Having said that, they REALLY need to get their sh*t together on this already. The more they deny government ownership the worse it gets for them. They need a remedy to that ASAP. It's like they're victims of their own blinders, the censors within China duping Hikvision into thinking no one outside their inner circle knows the facts.

Hik's cybersecurity concerns are also another valid point and far more effort needs to be devoted to it, not just with Hik but any technology manufacturer that makes addressable electronic devices.

The more they deny government ownership the worse it gets for them.

To play devil's advocate, if they admit the government ownership, things would likely get even worse. The Chinese government (i.e., the PRC / Communist Party of China) is seriously bad news - from large scale cyber espionage to human rights violation to unfair trade practices, etc.)

While I agree with you that their denying it in the face of a mountain of evidence (e.g., 1, 2, 3, 4) is a serious problem, it does have the benefit of allowing those who want to be duped, to be duped. I suspect the practical problem for them would be far worse if they publicly admitted their government ownership and control in the West.

I think the Chinese need to figure out what they want out of Hikvision. Is it a revenue tool or some sort of secret intelligence gathering apparatus?

The only way forward I see for them, IF they want to continue being a large scale and high profile provider, is diversification of their ownership away from a state-owned entity to a public entity with state investment.

"it does have the benefit of allowing those who want to be duped, to be duped."

exactly right... the Rockman Principle.

Did anyone else have a Nelly's banner when they visited the WSJ article? Aren't they a Hik OEM?

Did anyone else have a Nelly's banner when they visited the WSJ article?

Been to Nelly’s site lately?

I went to the Nelly's site once and afterwards, I had so many Nelly's banners at both the top and bottom of my browser screen that it was crowding out the actual content I was trying to view. It got very annoying at best. Cleared browsing history and cookies and took care of that. I guess all e-commerce sites strive for forced-content advertising that bombards the browser with pop-ups given the opportunity, but it does sometimes have the opposite effect.

I still get B&H Photo banners everywhere I go.

Considering what the military requires and spends to protect SIPRNET and NIPRNET, their indifference to placing a camera, mic, and network appliance anywhere in a military facility has me completely baffled.

It's not only our industry:

US Threatens Telcos to Avoid Huawei or Lose Government Contracts:

http://www.dslreports.com/shownews/US-Threatens-Telcos-to-Avoid-Huawei-or-Lose-Government-Contracts-141059

Interestingly, a couple of years ago I was on a team of technical consultants surveying a fairly sensitive site in the Middle East. We noted a Huawei cellular head end rack running a tower for the complex. Our report listed it as a potential security risk, but without hard evidence other than the Snowden leak. Unfortunately it would have been impossible for them or anyone else to know with certainty whether a US vendor's equipment is any less likely to be used for snooping.

Meanwhile, contractors on the other side of earth are installing special lockable duct/raceway below the ceiling that costs $150 a foot. This was based on the premise someone could install a snooping device on the fiber if it was concealed above ceiling, behind walls, or in conduit. The lockable duct would let them inspect the entire fiber optic cable visually. If it was above the ceiling or behind walls, no one would see it. I can remember the exact price of that duct, but it was expensive.

Related Reports

April 2018 IP Networking Course on Apr 19, 2018
This is the last chance to register for our IP Networking course. Register now. NEW - 2 sessions per class, 'day' and 'night' to give you double...
Rare Video Surveillance Fundraising - Verkada $15 Million on Apr 19, 2018
Fundraising in video surveillance (and the broader physical security market) has been poor recently. Highlights are few and far in between...
'Best In Show' Fails on Apr 19, 2018
ISC West's "Best In Show" has failed. For more than a decade, it has become increasingly irrelevant as the selections exhibit a cartoon level...
Worst Access Control 2018 on Apr 18, 2018
Three access control providers stood out as providing the most problems for integrators. In this report, we analyze the answers to: "In the...
Axis VMD4 Analytics Tested on Apr 17, 2018
Axis is now on its 4th generation of video motion detection (VMD), which Axis calls "a free video analytics application." In this generation, Axis...
Best and Worst ISC West 2018 on Apr 16, 2018
ISC West 2018 had strong attendance, modest overall new products, and a surge in Artificial Intelligence marketing. First, here are 20+...
Eocortex / Macroscop VMS Company Profile on Apr 09, 2018
Eocortex is the international brand of Russian VMS manufacturer Macroscop. Macroscop was founded in 2008, and the Eocortex name created in 2013. We...
TVT Backdoor Disclosed on Apr 09, 2018
Security researcher Bashis has disclosed a backdoor in TVT video surveillance products, with TVT issuing its own 'Notification of Critical...
Hikvision Hires Ex-Milestone Head To Lead Global PR on Apr 06, 2018
Hikvision has PR problems. From its failed attempt at hiring a crisis communication writer to their failed anti-IPVM blog series to the increasing...
Hanwha Mega ISC West Product Releases on Apr 05, 2018
While overall new product releases have been slowing over the past few years, Hanwha is releasing a slew of 6 new offerings for ISC West,...

Most Recent Industry Reports

May 2018 Camera Course on Apr 20, 2018
Save $50 on early registration until this Thursday, the 26th. Register now (save $50) for the Spring 2018 Camera Course This is the only...
Global Real-Time Video Surveillance - EarthNow on Apr 20, 2018
A new company, EarthNow, with backing from Bill Gates, Airbus and more, is claiming that: Users will be able to see places on Earth with a delay...
Dedicated Vs Converged Access Control Networks (Statistics) on Apr 20, 2018
Running one's access control system on a converged network, with one's computers and phones, can save money. On the other hand, hand, doing so can...
April 2018 IP Networking Course on Apr 19, 2018
This is the last chance to register for our IP Networking course. Register now. NEW - 2 sessions per class, 'day' and 'night' to give you double...
Rare Video Surveillance Fundraising - Verkada $15 Million on Apr 19, 2018
Fundraising in video surveillance (and the broader physical security market) has been poor recently. Highlights are few and far in between...
'Best In Show' Fails on Apr 19, 2018
ISC West's "Best In Show" has failed. For more than a decade, it has become increasingly irrelevant as the selections exhibit a cartoon level...
Security Camera Cleaning Frequency Statistics on Apr 18, 2018
150+ integrators told IPVM how often they clean cameras on customer's sites and why.  Inside we examine their answers and break down feedback...
Worst Access Control 2018 on Apr 18, 2018
Three access control providers stood out as providing the most problems for integrators. In this report, we analyze the answers to: "In the...
Axis VMD4 Analytics Tested on Apr 17, 2018
Axis is now on its 4th generation of video motion detection (VMD), which Axis calls "a free video analytics application." In this generation, Axis...
Arecont CEO And President Resign on Apr 17, 2018
This is good news for Arecont. Arecont's problems have been well known for years (e.g., most recently Worst Camera Manufacturers 2018 and starting...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact