Hikvision Removed From US Army Base, Congressional Hearing Called

Author: IPVM Team, Published on Jan 12, 2018

Hikvision has been removed from a US Army Base and a US congressional committee is planning a hearing on cybersecurity risks and specifically, Hikvision, reports the WSJ in a follow up to their (WSJ) Investigation Into Hikvision.

This is a major trend within the industry, with a growing list of organizations removing or barring Hikvision products, including:

Two main causes of these concerns exist. First, the Chinese government's controlling share of Hikvision, something Hikvision denies in the West but which they readily admit inside of China, Hikvision CEO Admits Hikvision China State-Owned Company.

Secondly, Hikvision's cybersecurity problems, most notably Hikvision's IP camera backdoor shipped in tens of millions of cameras but also including:

As the WSJ reported:

Rep. Steve Chabot, an Ohio Republican and chairman of the House Committee on Small Business, said he expects the committee to focus closely on potential cybersecurity vulnerabilities in security cameras. A spokeswoman for the committee said Hikvision will be examined as part of a hearing scheduled for Jan. 30 on the topic of “foreign cybersecurity threats to small businesses.” The hearing will discuss the security-camera industry generally, but Hikvision will be the only company about which specific questions will be raised, she said. [Emphasis Added]

The challenge for Hikvision is simply what to do now. A company created by the Chinese government and controlled by the Chinese government has vast advantages inside of China and with $6 billion in Chinese government loans, vast resources to spend on International expansion. But money is unlikely to be enough to win over an increasingly aware and skeptical International market. Hikvision's price cuts and sales campaigns continue and that certainly will help with some buyers but if Congressional hearings and more large users remove or ban their products, Hikvision faces difficult decisions about its International future.

Update: Hikvision Fires Back

Hikvision is striking back at the WSJ, labeling the story 'filled with bias and conjecture', and 'misleading to readers and use deceitful headlines'. Fascinatingly, Hikvision claims that the US Army base cameras were removed 'following unfounded and unsubstantiated media reports' but DHS ICS-CERT report gave Hikvision a worse 10.0 score for their IP camera backdoor, clearly a critical factor in worldwide concern about Hikvision products. Interestingly, Hikvision did not comment about the upcoming US Congressional hearings or what they plan to do about them.

5 reports cite this report:

2018 Mid-Year Surveillance Industry Guide on Jun 28, 2018
2018 has been an explosive year for the video surveillance industry, with the industry becoming a global political issue, with the expansion of...
US Army Base Specifies 70+ Outdated Hikvision Cameras (Cancelled) on Feb 22, 2018
A US Army base has specified 70+ Hikvision IP cameras, a month after the WSJ reported a different Army base removed Hikvision IP cameras. While...
US Marine Base Hard Specs Hikvision on Feb 01, 2018
Hikvision is making inroads in the US military. After being removed from a US Army Base and being featured in a US Congressional hearing, Hikvision...
US Congressional Hearing Features Hikvision on Jan 31, 2018
A US Congressional hearing asked questions about Hikvision's government ownership and cybersecurity issues, following the WSJ's investigations into...
'Defiant' Hikvision 'Strikes Back' At WSJ And US on Jan 16, 2018
The fight is on. Hikvision and their owner, the Chinese government, 'strikes back' against the Wall Street Journal and US politicians raising...

Comments (66)

Only IPVM PRO Members may comment. Login or Join.

Refreshing to see that the government is only 16 or so months behind on this issue instead of the normal three or four years.....

IPVM was calling out cyber security concerns at least 2 1/2 years ago, before we even knew about the government ownership. Personally I ignored them and defended Hik (they’re so cheap!) until the mobile client hack happened and embarrassed me greatly before our company owner. Nothing is worse than scrambling to steal someone’s smartphone to uninstall useful apps 2 days after you put them on. Thankfully, that was my first and only Hik install.

While many complain about it, IPVM has been at the forefront putting cyber security concerns in front of integrators beyond just Hik/Dahua/China. Ignore the risk at your own peril.

Notice I said Government and not IPVM. We are all well aware how long IPVM has been championing this issue.

Unfortunately MANY are ignoring the risks and will continue to do so no matter what evidence IPVM, WSJ or anyone else puts forth. I worry that will continue until they are forced to stop which means some sort of government intervention which will no doubt overreach in its scope.

which will no doubt overreach in its scope.

Too true...

This is great news!

I have often theorized the perfect land invasion plan would be to sell IoT devices below cost that would enable your troops to see in real time the status of your enemies assets...

Living through the era in the 80's when there was a common theme of Japan taking over, I have since perceived Eastern countries and company's of having longer term plans then America, so I have always been leery of these low cost electronics from Asia...

Will we end up paying the true cost of these devices with our Liberty and "freedoms" in the end?

You need to stop playing Call of Duty.

What benefit would it be for anyone to invade a country that does trillions of dollars in trade with you?

Invade? Probably very little. Though, a benefit of having nefarious devices on an enemy's network is that you do not have to physically invade to gain access to their national secrets. Instead, you can do it remotely (almost) undetected.

When we (US) defaults. Do you know how much US is in debt to China?

I don't play Call of Duty.

You need to grow up.

You need to grow up.

You're conspiracy theorizing about China invading the US and relying on their state-owned budget-camera company to be their early warning system, but I'm the one that needs to grow up?

#3 please don't tell anyone on IPVM that they 'need to grow up'. We can disagree on things without engaging in such personal attacks.

#3 my Call of Duty remark was in reference to one of their games whose storyline is based around a "surprise" Russian invasion of the mainland US (I don't play it either so I don't remember which). Sorry that it was offensive to you.

Telling me not to play Call of duty was not a personal attack?

Yes, that was personal as well. So please let's leave 'call of duty' and 'growing up' off the discussion. Thanks.

I'm cool if you just want to nuke this sub-thread that I started John. I didn't intend for this to appear to #3 as a personal attack.

And I apologize for telling you to grow up. I have no idea how old you are, and telling me to not play Call of Duty is good advice.... :)

EDIT:

I am not biased about any video game, they all are too time consuming for my busy schedule, I honestly wish I had the time. Last video game I indulged in was SOCOM on PS2.

Outside of a few emergency installs where all we had were TVI-SD cameras on the shelf where we had to install on analog DVRs (not connected to the network), we have never used any Hikvision products in any government facilities. It's been all Axis, Samsung Wisenet analog, Milestone, Exacq or some Pelco repair. Even on repairs of old analog systems it's been all Wisenet+ lately.

There was a govt. office install which was out of our territory where we recommended to the lessor of the building not to use any Hikvision products at all when they were creating the RFQ for security.

SOCOM shout-out

P.S. Get the Nintendo Switch. You can jump and out of games really quickly. Saves so much time

I think we can all agree that the current Call of Duty is about Nazi's, not China. I am a grown up, but do enjoy playing :)

Because imperialism, which isn't just perpetrated by European nations or the USA. What goes around can come around and the USA is a prime target.

Even if it weren't for the purpose of invasion, the potential to steal information and technology has much further reaching implications. Not to mention that every single accessible product of theirs that is online is an additional potential bot in a large scale cyber-attack when activated.

This will do nothing if it doesn't follow through to also include all of the OEM's that have also sold Hik products into the government sector. You can't exclude Hikvision but then allow all of their OEM's with the same cameras to remain.

UD#4 - I feel your statement about OEMs is the one that goes unaddressed. It is impossible not to wonder about the OEM reactions to these type of posts. Of course we know where at least one smaller OEM stands due to postings here. What about those larger companies who are swapping in Hikvision product as their own - Panasonic/Advidia, Honeywell, ADI, Interlogix, etc?

Are these larger manufacturers taking steps to address these types of concerns or are they hiding behind their painted on label?

One of the more fascinating (and somewhat crazy) comments I've heard recently was about a dealer who was happy using LTS - the reasoning being that it is Hikvision but is less expensive than Hikvision and does not have the tarnished Hikvision brand....

I heard about the cyber security issues via a LinkedIn post a year or so ago.

I was working for a super regional provider that sold almost all Hikvision.

They were all about RMR contracts but cyber weaknesses were never discussed.

When I left that company, my new employer had frequently installed LTS.

We are now trying to shift to an affordable vendor and IPVM has been helpful.

People who are serious about security will practice due diligence and be informed.

UD#1 ... thanks for noticing ... It's almost as if all the attention directly on Hikvision is supposed to nullify the same risk imposed on all of the users of the OEM-private branded products made by same.

Short answer >>> They are hiding behind their painted on label.

I guess that's how capitalism is supposed to work?!???!!?

Army Rips Out Chinese-Made Surveillance Cameras...

after American Manufacturer offers Dump Hikvision, Arecont Will Pay You ;)

Very interesting article. I am surprised they installed Hik Vision in the first place.. Pretty embarrassing to have a Chinese government owned secuirty camera company devices at a US Army base. Hik Vision is starting to fall apart!

I'm totally waiting on an entertaining and salty response from Hikvision and family.

Me too, but on the other hand I wouldn’t be too smug Robert, I doubt Dahua is going to be the replacement vendor :)

Anything's better than having the Chinese government watching our military bases.

This article said they removed 5 cameras that were looking at parking lots and a roadway. Also states that they have over 180 cameras deployed on the base on a CLOSED network. Looks more like media grandstanding to me.

#6, thanks for the response. To quote the WSJ:

The base has 187 security cameras in all and the Hikvision devices were used to monitor roads and a parking lot....

A Defense Department spokesman said the Hikvision cameras at Fort Leonard Wood weren’t connected to the military network.

The article does not say explicitly if all security cameras were on a closed network. They likely are but it's not stated directly.

Adding to your point, there is a 2014 Hikvision press release stating the base was using "Hikvision's 9000 series Hybrid DVRs, 6701 / 6704 encoder modules and IVMS-4200 software". We have sent inquiries to Hikvision, the DoD and the WSJ about the status of this equipment.

John this was what I was referring to from the same WSJ article:

Fort Leonard Wood, an Army base in Missouri’s Ozarks, replaced five cameras on the base branded and made by Hangzhou Hikvision Digital Technology Co. , said Col. Christopher Beck, the base’s chief of staff. He said officials at the base acted after reading media reports about the company.

“We never believed [the cameras] were a security risk. They were always on a closed network,” Col. Beck said. The decision to replace the cameras was meant to “remove any negative perception” surrounding them following media reports, he added, without elaborating.

"Closed Network" probably mean Dedicated Micros, LOL, not kidding. I'm currently working with a government agency that only has DM as their only approved video surveillance system. With analog cameras and hybrid DVRs from 2005.

Explanation: DM's sales pitch to gov is their "Closed IPTV" bs.

How do I vote "horrified"?

From from this article:

The company has also said that it does not have access to cameras that have been sold to customers

Unfortunately, everyone else in the world does.

Where's Chuck??

For others, Chuck refers to Chuck Davis, Hikvision North America Director of Cybersecurity.

It is an interesting question. Clearly, this issue is within his domain/responsibility. The questions are: (1) Will Hikvision allow him to comment on such a sensitive matter? So far, he's been reduced to giving generic cybersecurity advice and has stayed away from addressing Hikvision specific issues. (2) Is he comfortable getting involved here? This is now a national political issue, not just a technical one. I am curious to see how far he will go to defend Hikvision to Congress, etc.

For that matter, where’s Marty?!

If this be him, the 50+ unhelpfuls there alone may have shortened his membership by more than a month, which may be a factor:

(50 unhelpfuls * $0.35) / ($199 / 365 days) = ~32 days

Now wait and see. The Chinese Government will establish a shell corporation unrelated to the government...on paper and start all over. It will take our government another 5 years to figure that out. Im sure IPVM will uncover this idea much quicker.

The story has now made Gizmodo: Army Base Ditches Chinese-Made Surveillance Cameras Just So No One Gets the Wrong Idea. Gizmodo is a large mainstream site so it will bring more attention to it.

What do you think about the clarifier from the Colonel though? He only mentions the 5 cameras that were allegedly 'on a closed network'.

i.e. they weren't concerned about cyber security, they were more concerned about media reports that members of their team had read?

If this 2014 press release by Hik that you linked to above is to be believed, then I would think that this might be evidence that the Colonel is full of shit.

I am not sure what the Colonel is thinking or even what he knows. My experience with Colonels is that they are generally way above the level of military personnel who know the details of video surveillance systems. Also keep in mind that this system was installed before there was any Western public discussion of Hikvision's Chinese government ownership and before Hikvision's wave of cybersecurity issues.

My experience with Colonels is that they are generally way above the level of military personnel who know the details of video surveillance systems.

Excluding Colonel Swindell, of course.

agreed. I think the Colonel is just issuing damage control due to bad press - at the behest of those with stars on their shoulder epaulettes.

i.e. he doesn't know what he is talking about.

question: why haven't any of the media outlets running this story (WSJ, Gizmodo, et al) asked the Colonel about the Hik press release from 2014?

From that 2014 presser:

Note that the co-owner of the local Missouri integration company admits that the Hikvision equipment is 'riding on the government network'

Funny thing, Security Sales and Integration posted their own story on the Fort Leonard Wood/Hik deal back in 2014... except they left out that line:

...and the Daily Mail in the UK

...and The Hill

...and Sputnik News

...and American Military News

...and if you like your news in video format - with a hipster back beat - you can check out the clip below

These cameras are also not allowed on the GSA Advantage government purchasing website and should not have been sold to any Federal entity to start with. We receive calls occasionally from military personnel requesting such cameras (sometimes at less consequential buildings such as an on-base Army fitness center) who simply have no idea what they are buying and are simply seeking to meet a budget.

When we informed the last military person requesting this product of the truth, and asked how he was purchasing them previously, he said he was purchasing them online with his credit card.

Zero oversight, very little instruction, low level facility management transaction, little care for reality.

The US House Committee on Small Business has shared the WSJ article and their upcoming hearing on Twitter:

Need to record this on C-Span they air it.

Update: Hikvision has posted an Update on January 12 2018 WSJ Article, firing back at the WSJ:

Recent media reports about Hikvision and our products have inaccurately characterized our company, our products and our services. These opinions are filled with bias and conjecture. Some of these reports are misleading to readers and use deceitful headlines to attract attention. [Emphasis addded]

In fairness, Hikvision knows deceit. They call their magic string backdoor a 'privilege escalating vulnerability'. They call their controlling shareholder just a part of their "diverse set of private and public shareholders", etc.

So far, they have posted the update on Twitter and now on LinkedIn.

Securitas Director using the WSJ coverage to solicit business:

Fox's Lou Dobb's has picked up the WSJ / Hikvision story calling for procurement people to be fired:

Took them long enough! Then again, given what I know about Hikvision and their attempts to obscure facts, I don’t agree that anyone should be fired over this.

I'm a big fan of Hik products. Their prices are aggressive, their products are attractive, and the performance (depending on the model) is very good.

Having said that, they REALLY need to get their sh*t together on this already. The more they deny government ownership the worse it gets for them. They need a remedy to that ASAP. It's like they're victims of their own blinders, the censors within China duping Hikvision into thinking no one outside their inner circle knows the facts.

Hik's cybersecurity concerns are also another valid point and far more effort needs to be devoted to it, not just with Hik but any technology manufacturer that makes addressable electronic devices.

The more they deny government ownership the worse it gets for them.

To play devil's advocate, if they admit the government ownership, things would likely get even worse. The Chinese government (i.e., the PRC / Communist Party of China) is seriously bad news - from large scale cyber espionage to human rights violation to unfair trade practices, etc.)

While I agree with you that their denying it in the face of a mountain of evidence (e.g., 1, 2, 3, 4) is a serious problem, it does have the benefit of allowing those who want to be duped, to be duped. I suspect the practical problem for them would be far worse if they publicly admitted their government ownership and control in the West.

I think the Chinese need to figure out what they want out of Hikvision. Is it a revenue tool or some sort of secret intelligence gathering apparatus?

The only way forward I see for them, IF they want to continue being a large scale and high profile provider, is diversification of their ownership away from a state-owned entity to a public entity with state investment.

"it does have the benefit of allowing those who want to be duped, to be duped."

exactly right... the Rockman Principle.

Did anyone else have a Nelly's banner when they visited the WSJ article? Aren't they a Hik OEM?

Did anyone else have a Nelly's banner when they visited the WSJ article?

Been to Nelly’s site lately?

I went to the Nelly's site once and afterwards, I had so many Nelly's banners at both the top and bottom of my browser screen that it was crowding out the actual content I was trying to view. It got very annoying at best. Cleared browsing history and cookies and took care of that. I guess all e-commerce sites strive for forced-content advertising that bombards the browser with pop-ups given the opportunity, but it does sometimes have the opposite effect.

I still get B&H Photo banners everywhere I go.

Considering what the military requires and spends to protect SIPRNET and NIPRNET, their indifference to placing a camera, mic, and network appliance anywhere in a military facility has me completely baffled.

It's not only our industry:

US Threatens Telcos to Avoid Huawei or Lose Government Contracts:

http://www.dslreports.com/shownews/US-Threatens-Telcos-to-Avoid-Huawei-or-Lose-Government-Contracts-141059

Interestingly, a couple of years ago I was on a team of technical consultants surveying a fairly sensitive site in the Middle East. We noted a Huawei cellular head end rack running a tower for the complex. Our report listed it as a potential security risk, but without hard evidence other than the Snowden leak. Unfortunately it would have been impossible for them or anyone else to know with certainty whether a US vendor's equipment is any less likely to be used for snooping.

Meanwhile, contractors on the other side of earth are installing special lockable duct/raceway below the ceiling that costs $150 a foot. This was based on the premise someone could install a snooping device on the fiber if it was concealed above ceiling, behind walls, or in conduit. The lockable duct would let them inspect the entire fiber optic cable visually. If it was above the ceiling or behind walls, no one would see it. I can remember the exact price of that duct, but it was expensive.

Related Reports

Last Chance - Security Sales Course Summer 2018 on Jul 19, 2018
Today is the last day to register. Based on member's interest, IPVM is offering a security sales course this summer. Register Now - IPVM Security...
Directory of Video Surveillance Startups on Jul 18, 2018
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known entity...
Axis ~$100 Camera Tested on Jul 17, 2018
Axis has released their lowest cost camera ever, the Companion Eye Mini L, setting their sights on a market dominated by Hikvision and Dahua. Can...
Hikvision Wins Chinese Government Forced Facial Recognition Project Across 967 Mosques on Jul 16, 2018
Hikvision has won a Chinese government tender which requires that facial recognition cameras be set up at the entrance of every single mosque...
US Tariffs Hit China Video Surveillance on Jul 13, 2018
Chinese video surveillance products avoided tariffs for the first two rounds. Now, in the third round, many video surveillance products will be...
Last Chance - July 2018 IP Networking Course on Jul 12, 2018
Registration ends today, Thursday. Register now. This is the only networking course designed specifically for video surveillance...
Axis Perimeter Defender Video Analytics Tested on Jul 12, 2018
Axis 'high security' video analytics offering is Perimeter Defender, OEMed / developed with Digital Barriers. But how good is Perimeter Defender?...
Hikvision Fights Ban - Claims 'Red Scare', Hires 14 Term Ex-Congressman on Jul 11, 2018
Hikvision is fighting back against the House Bill Ban of their products. Hikvision has hired one of the biggest lobbying firms, led by a 14 term...
Eastern and SavvyTech Merge, Form ENS, Targets ADI on Jul 09, 2018
ADI, ENS is coming for you. Or, at least, they hope. Two US distributors, NY based EasternCCTV and California based SavvyTech have merged, to...
Arlo IPO Filing Reveals Key Financial and Competitive Details on Jul 09, 2018
Arlo is going to IPO at a projected valuation greater than Axis. Now, Arlo has released their 175-page Form S1 Registration Statement for its...

Most Recent Industry Reports

Directory of Video Surveillance Startups on Jul 18, 2018
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known entity...
Ladder Lockdown and Ladder Levelizer Tested on Jul 18, 2018
Ladders are a daily necessity for surveillance and security installers, but working on an unstable surface can be extremely dangerous. In addition...
FST Fails on Jul 17, 2018
FST was one of the hottest startups of the decade, selected as the best new product at ISC West 2011 and backed with tens of millions in...
Axis ~$100 Camera Tested on Jul 17, 2018
Axis has released their lowest cost camera ever, the Companion Eye Mini L, setting their sights on a market dominated by Hikvision and Dahua. Can...
Amazon Ring Alarm System Tested on Jul 16, 2018
Amazon Ring is going to hurt traditional dealers, and especially ADT, new IPVM test results of Ring's Alarm system underscore. IPVM found that...
Hikvision Wins Chinese Government Forced Facial Recognition Project Across 967 Mosques on Jul 16, 2018
Hikvision has won a Chinese government tender which requires that facial recognition cameras be set up at the entrance of every single mosque...
Installing Dome Cameras Indoors Guide on Jul 16, 2018
IPVM is producing the definitive series on installing surveillance cameras. This entry covers one of the most common scenarios - installing dome...
Security Sales Course Summer 2018 on Jul 13, 2018
Based on member's interest, IPVM is offering a security sales course this summer. Register Now - IPVM Security Sales Course Summer 2018 This...
US Tariffs Hit China Video Surveillance on Jul 13, 2018
Chinese video surveillance products avoided tariffs for the first two rounds. Now, in the third round, many video surveillance products will be...
Last Chance - July 2018 IP Networking Course on Jul 12, 2018
Registration ends today, Thursday. Register now. This is the only networking course designed specifically for video surveillance...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact