US Drafting Separate Rule for NDAA Dahua/Hikvision 'Blacklist'
The most debated provision of the NDAA ban of Dahua, Hikvision, Huawei, et al. is the so-called 'blacklist' provision which would ban any company selling Dahua or Hikvision to, say, a pizzeria from selling at all to the US government or US government-funded projects.
Now, IPVM has verified that the US government is drafting 2 FARs (Federal Acquisition Regulations) implementing the NDAA ban which specifically addresses the law's effective blacklisting.
In this post, we examine the news, explain what FAR rules are now being drafted, and look into potential impact, including:
- FAR Background
- Examination of Proposed FAR Rules
- Prior Lobbying Against Blacklist Clause
- Conclusion
**********
***** ********, *** ********** *** **** disclosed **** ** *** ******* ** a ****** *** **** ************ *** of *** ****'* ******* *** ("*********** ** ******* ****************** *** ***** Surveillance ******** ** *********.") * ***** report ** *** ******** **** *** due ********** ** ***** **; ** has *** **** ******** ******** *** comment **** ******** ***.
From *** *** **** ** ***
*******, *** ****** ***************************** **** *** *** ******** *** separate *** *****. *** *** **** ** being ******* ************ ** ********* *** blacklist ******, *.*. ********* (*)(*)(*) ** Section ***, ********* *****:
***. ***. *********** ** ******* ****************** AND ***** ************ ******** ** *********.
(*) *********** ** *** ** ***********.
— (*) *** **** ** ** executive ****** *** ***—
(*) ***** **** * ******** (** extend ** ***** * ********) **** an ****** **** **** *** *********, system, ** ******* **** **** ******* telecommunications ********* ** ******** as * *********** ** ********* ********* ** *** ******, ** ** ******** ********** ** **** ** *** ******. [emphasis added]
**** ********* **** ******* *********** **** any ****** **** **** ******* ********* as ** "*********" ** "***********" **** of ***** ******* **********.
*** ****** ** **** *** **** is *** ** *** *, ****; however **** ****** **** **** ** into ****** *** ***** ***** *** NDAA ******, *.*. ****** **, ****, as ****** ** ******* *** (*)(*) ("Effective *****").
*** ***** *** **** ******* *** on ***** **, *** ********** ********* (a)(1)(A) ** ******* ***. **** ********* is *** **** ** *** **** ban, ******* **** ** ******* ********** agencies ****** *** ********* ******* ** the ***. ** **** **** ****** one **** ***** *** **** *** passed **** ****, *.*. ****** **, 2019.
Context - ********* ****** ***** ****
*** ********* ****** *** **** ***** fire **** ***, ********* * ******** *** ********** ******* ****:
**** ***-******** *********** would ****** ** * **********-**** ******* ** “************” of businesses that utilize the covered equipment in a general sense, potentially encompassing the sale of such products to non-federal customers. Such an outcome would impose crippling ********* ******* on many U.S. security companies that serve the commercial marketplace and other non-federal customers, and ultimately increase ******** ***** to the U.S. business community at-large
******* ****** **** ****** **** ** well:
- ********* ** ************************** *** * "****** ** ************* intent" ******* **** ******* ** *** NDAA, *** ***** ***** ********
- *** ****************** ******** ***********, ***** ********** ******* ****** **** ******* *** **&*, **** * ****** ** *** ********** on ******* *, ******* *** ****** ***** “******* serious ********* ** ******* *********** ** ICT *******”
- ** ********* ************** ******* ***, ****** ****** *** blacklist ****** "** *********" ***** ** penalizes ********** ***** ****** ********* **** "nothing ********** ** ** **** ***** performance ** ********** *********"
**********
*** **** **** *** ** ********** is ******* * ******** *** **** specifically ** ******* *** ********* ****** may ** * ********** ** *** amount ** ******** *** ******* *** received **** ******** ******.
*******, ** ******* ******* ** ***** groups **** *** **** **** ****; the **** ******** *** *** **** could **** **** ********* ** ********** without ******* ****** **** *** ********.
****** ***, *** **** **** *** blacklist ****** ** ***** ********* ** a ******** *** **** **** * substantially ***** *** **** (*** * of **** ****) ***** ** **** need ** **** ****** ****** *** clarity ** *** *****.
Vote / ****
***'* *** ********* **** * ****** that ****** ******* *** "*************" **** Hik, ***** *** ***** ****** ******? Purely ** *******, *** ****** *** on **** **** **** ******* *** your ***********.
*** *** **** * ********** **** on *****. ** **** ***** **** are * ********* *** ** *****.
**** **** ***** **** *********** ** IPVMs ******* ********.
**** ** ******* *********** ****** crippling ********* ******* on many *.*. ******** ********* ************* **** ***** ************* *********** **** *********** *** ********-********** ********, *****-******* ***********, *** *********'* clubs.
******: *** *** **** *** *** FAR **** ************ ********* (*)(*)(*) ** Section *** - ****'* *** **** part ** *** ***, ***** **** federal ******** **** ****** *********/***** ********* - *** **** ******** *** ***** to ***** **. (******* * ** **** ****** ********** disclosure).
***** * **** (****** ****), ***** are * *** ** " *************" selling **** **********(****** ******** ********* *'* not * ************) *** *** ******* names ** ********* ***** *** ******* hik/epcom ** **** ** ***** *******. The ******* *** ****** * **** warranty ** *********/***** ********* **** * 3/5 **** ********** ******** ** ***, if **** ***** ****** ***** ***** be **** ********* ******* ** * lot ** ******** ********* ** **. Im ***** ******* *** * *********** on *********/***** *********(*** **) **** *** the **** *******/ ***** ***** **** no ****.
**** *** ****** ** ******? **** seems ** ** * ******* ******. Geovision ** ******* ******** ******.
***, ****** ** ** ***** ****** to **** **. **** **** *** but *** ***** ********** ******* *** low *** ***** *** ****** *** pretty ***. ** ****** ** *** prices, *** * **** ***** *** TriEd *** ******* **** ****.
* ***** ******** ** ******* *** point. *** ** *** *********** ****** to **** ** * *******, *** past *******, ***** ******* (** ***), soft/firmware *** ***** ***** *** **** a ********?
** *** ** **** ***** ** "ban" * ****** ********, ****, **** are *** ********. **** *** **** to ****** *** ** *** ****. A "***" ** *** *********.
** ******* *** ** *********** ******** fulfills ***** ******** *****, *** ***** they **** **** ** *** ********** if **** *** * *** ****** to ******* ***** ********, **** ** crossing *** ****.
***, ***** ******** **** ******** ******. They *** **** ** ***** ***** SSH ******* ***/** ****. **** ** us **** ******** ** ******** ***** is ******** ** ***** *******. ** have ****** *** ******* ** *** lives, ** *** ***'* **** *** or ***** ** ******** **** *** way **** *** ***** ******, **** don't *** ****. ****.
* ****** ** *****, ******, *** hardware ******* ** *** ****** *** Dahua ** ****** ****. *** ******** flaws *** **** ** *** **** a ***.** ***** *** *** *** at *** ********. *** ** **** (security ******) ******* ** *** ****.
**** ** .**
.
******: ********* ********** ********** ********* **** * ***** FAR **** ************ *** **** ** the **** - *.*. ****** (*)(*)(*), ***** **** ******* ********** *********** ** ******, Hikvision, *** ***** ********* - *** been *******. ** ** **** **, the ***** **** *** **** ** *** ***'* ******** ****** *********** ******* (****) ***** ******* ***** ** *** ****** ** *********** *** ********** ******* (OIRA), ***** ** **** ** *** White *****'* ****** ** ********** *** Budget, *** ******.
* ******** ******** **** ***'* ******** on ****. ***** *** ****** ** alternatives ** ********* *** *****, **** where **** ** * ************* (****** Wisenet *, ******** **, **** *********, and ******). ** ***** *********** **** integrators ***** * *** ** ******** with *** **********, *** ***** ** banned **** ********** ***** ********, ***** not ** **** ** ******** * profitable ******** ** **** ***** *** sell ***** ******* ** ***. *** likelihood **** ******* ** ***** *********** government ********************** ***-**** ********* ******** ****** ** fairly ***. **** *********** *** **** to **** *** ******* ** *** other, *** * ** *** *** that **** ***** ** ******* ** "crippling" *******.
************, ** *** ******* ***** ******** represent * ********* **** **** ** cyber ******** **********, **** **** ***** even **** *****. **** *********** **** have *** ********* **** **** *** install ***** ** **** **** ** a ***, ***** *** *** ** properly ******** **** *** **** ** their *******. ** ***** ******* ********* a **** ** ****** ******, * would *** **** ** ********** **** does * *** ** **********-******* ******** having ***** ******** ******* **** ** an **** ****** ***** ***** ****** compromising **** ***** ***** ********** *******.
*******, *********, ***** *** ****** **** mostly ******* **** ** **********. ********* has ** ********** ******** ***** ******** record, *** ******* * *** ** talk *** ****** *********** ******* ******** spokesmodels, *** *** ***** **** ********* to ****** ***** ******* ***** ******. Dahua *** ****** **** ****** ** security ****** ******* **** ** ****.
**** *********, *****, *** ****** *** not ******** ** ******* **** ** offering ** *** ********* ** ***** products *** **********, *** ******* ******* on *****-****** ************* **** *** ** campaign *** **** ******* ** **** telling.