Sell Dahua or Hikvision At All, Banned From Selling to US Federal Government, Says US HASC

By IPVM Team, Published Aug 29, 2018, 09:44am EDT

The US House Armed Services Committee (HASC) Communications Director has confirmed to IPVM that if a company sells Dahua or Hikvision at all, they will be banned from selling to the US federal government.

IPVM Image

However, this interpretation / implementation of the NDAA bill banning the Chinese mega-manufacturers is being contested. In this note, we review:

  • HASC's statement
  • Hikvision's lobbying efforts
  • OEM impact
  • Distribution impact
  • Dealer / integrator impact
  • Expected opposition
  • Future rules / guidelines issued

Will this be enforced when the ban officially commences next August? IPVM investigates inside.

Statement **** ** ****

*** ** ***** ***** Services ********* ** *** committee ***** *** **** bill *** *** ********* banning ***** *** *********, among ******, **********.****** ******, ***** ***** ******** Committee ************** ******** ********* to **** ****:

*** *********** ** ****** selling ** *** **********. If *** “******” ***** Hikvision / ***** ******* in *** *** ** anyone, **** *** ****** from ***** ******** **** the ******* **********

Relevant *** *******

*** ****** ** **** appears ** ** ***** on ***. *** (*)(*) of*** ***, ******* *********** *****:

***. ***. *********** ** CERTAIN ****************** *** ***** SURVEILLANCE ******** ** *********.(*) Prohibition ** *** ** Procurement.— (*) *** **** of ** ********* ****** may ***—(*) ***** **** a ******** (** ****** or ***** * ********) with ** ****** **** uses *** *********, ******, or ******* **** **** covered ****************** ********* ** servicesas * *********** ** ********* ********* ** *** ******, ** ** ******** ********** ** **** ** *** ******. [emphasis added]

******** ****** **** ********* interpreted **** ** ***** for ******* **** ** the **********. *******, *** US **** ** ************ it ** ******* **** products ** ******, ********** or ***.

Hikvision ******** ******

********* ** ** ******* from *** ***** ********* ****, ********* ** both ***** *** ******* to **** ****:

*** ******* ***’* ******* to ***** *** **** of ******** **********; ******, it ** ******** *** an ******** ********* ** congressional ****** **** *****prevent *** ****** ** ******** **** ***** ****** **** *********** ******* *** ********* ****** **** ***** ******** **** *** *.*. ********** **********. [emphasis added]

******, ******* *** ****'* passage, ********* ** ********** to ***** ******* ** lobbyists *** ***** ************ documents *** *** ***** in ******:

****** **** ********* ******* hired *** ***** ******** firms ** *** ****** leading ** ** *** bill's *******:

Hikvision ** *******

********* *** **** ** public ******* (*** ****** communication ** *******) ***** the ***'* ******* *** declined ** ******* ** the ** **** *********. However, ***** ***** ******* lobby ********, ********* ** clearly ********** ** ******** behind ****** *****.

SIA ** *******

***, *** ** ***** organization **** **-***** *********, has **** ** ****** comment ***** *** ***'* passage *** ******** ** comment ** *** ** HASC *********, ************* ** *** *******, they *** *******. *** **** **** will ***** * ****** statement ** **** ***** in *** ******.

OEM ****** ***********

*** ****** ** **** especially ****-********* **** *** (Interlogix) *** ********* ***** potentially ** **** ******. It ** **** *** long-term **** ** ******* drop ******* ***** ******* major **** *** *************.

********, ***** **** ***** still ** ********* ** honor *** ********** ** OEMed ******** **** *** if **** *** **, even ** ***** ********** customers *** **** **** Dahua ** ********* ********** products, **** ***** **** be ****** *** ********** use.

** *** ***** ****, the ************* ***** ***** secretive ****** ***** **** this ***** ********** *** problems **** *** *** model.

Distribution ******

************ ****** ** ****** to ** **** *******, assuming *** *** *******, etc., ** **** *****, do *** **** ** end *****, ***** ********* not ** ******** ******* only ***** ****** ********* would **** ** *** US ******* **********.

********** ****** ********* (**** B&H *****) ***** ** impacted ** **** ** regularly **** ** *** users. ******, *************, *** could ** ****** ** would ** ********** ****** and *********** *************** ** stop ******* *** ***** or *********.

Dealer / ********** ******

**** ***** ** ***-**** integrators ***** ***** **** impact, ** *** *********** who ** *********** ********** work ***** ***** ***** brands ***** **** ******* who **** **** **** focus ** ******* ***-********** systems ******.

*** ****** *********** (*.*., JCI / **** *** ADT) *** *** **** likely ** ** ******** by **** ** ***** companies **** ** *** a ***** ** ******** from *******, *****-********* ********* who ******* ** ***** and ********* ***** ** the **** **** ******* larger ** ******* ********.

******* *** ***** **** will *** ** ******** by * *** ** selling ** *** ******* government *** **** ************* just *** ***** *** federal ********** **.

*** *** ******* ***** not **** ** *** military ** *** ***, but **** ************* **** the ***** ***** (***** is *** *****), *** *******'* ******** or ** ****** (***** are *** ** ************* ** ******** *******), ** *** ****** part ** *** *********** Institution (***** ********** ** *** ******* government.)

Potential **** ******* ******

*** ********'* ******* ************** of ****, ** ****, is **** *** *** only ******* **** ** sold ** *** ** government (***/** ********** ******, critical **************, ***.).

*** ** **** *********** makes * *** ******* and ******* ****** - effectively ********* **** ** choose ******* ******* ***** and ********* ** *** vs ***** ******** **** the ** **********. **** that ******, **** *********** who ***** **** ************ or *********** **** ***** products *** ****** ** forgo **** ** ***.

***** ** **** * significant **** **** *** federal *** ******* ** state *** ***** ***********. This ** ******* *********: the **** ** ******* in ******** ****** *** of ***** *** ********* equipment **** ***** *** NDAA's ******* (***** ** **** **** Hikvision).

Expect **** **********

** ****** ************* **** opposition **** *** ******** to ****, ********** **** the ******* ******* ** the ******** *** **** to ******** ***** **** businesses ** ****** ***** from *** ** ********** and ***** *****-********* *********. Moreover, ** ****** ********** from *** ******* ****** who **** **** ** an ********* ** *** US ********** **** **** can ** **** / offered ** ******* **********.

Rule / ********** ****** ******

** **** *****, ** expect ****** ***** ** guidelines ** ** ****** by ******** ** ********** agencies ***** *** *** ban ** ***** ***********. When **** ******* ** unclear. ***** ****, ** would ****** *********** ******** and ****** ***** *** the *** ****** ** implemented.

Poll / ****

Comments (160)

Hikvision is going from being a money train to a toxic waste truck.

Agree: 10
Disagree: 1
Informative
Unhelpful: 1
Funny: 14

Now THIS... THIS just got interesting. 

No doubt this article ruined Marty Calhoun’s morning BM.

Agree: 7
Disagree: 1
Informative
Unhelpful: 2
Funny: 18

And Sean Nelly's :)

Agree: 11
Disagree: 1
Informative: 1
Unhelpful: 2
Funny: 3

Leave Marty alone...

In all seriousness, for the handful of Hikvision dealers that sell heavily to the US government, the ban, as is, was already a problem.

This is more of a problem for companies that only do a minority of business to the US government but most to SMB / residential. What do they do, if this comes to pass? Do you drop Hikua to keep your small US gov business but potentially lose / cause disruptions in your main market? That's not an easy call.

Agree: 8
Disagree
Informative
Unhelpful
Funny: 3

 Do you drop Hikua to keep your small US gov business but potentially lose / cause disruptions in your main market? That's not an easy call.

If this really gets teeth and causes problems I expect to see more instances of "Bob's Cameras, Inc." and "Bob's Hikvision Outlet, Inc." - one person setting up two legal entities to get around the issue of being banned from government sales if you sell Hikua.

While it looks dramatic on the surface, given how poorly GSA is administered and the lack of penalties for companies that knowingly sell banned product that is miscategorized, I am not sure there will be much enforcement behind this.

Agree: 15
Disagree
Informative: 3
Unhelpful
Funny

I was just thinking about a soon to be increase in LLC creations.

 

AAA Camera Company - Pro Hikua

AAA government Security - No Hikua

 

All with the same backend management/staff/owners.

Agree: 10
Disagree
Informative: 2
Unhelpful
Funny: 4

Is Marty still a member?

Agree
Disagree
Informative
Unhelpful
Funny

We do not disclose who is or is not a member. And I do not want to speak for Marty.

Generally, anyone who is a Hikvision dealer and has non-trivial US government business is in a difficult position.

Agree: 1
Disagree
Informative
Unhelpful
Funny

I have to think there are some website partner pages being edited feverishly at the moment.

Agree: 4
Disagree
Informative
Unhelpful: 1
Funny: 3

there is one simple solution to the totally retarded rule from the government: just split your business in two formal entities. takes some work, but you can sell to/from both. you can even have the same physical store, but webshops would need to buy an additional domain name.

Agree
Disagree
Informative
Unhelpful: 3
Funny

This is definitely an interesting development.  I'm wondering how quickly these companies that work with government can drop Hikvision/Banned Camera manufactures from their lineup.  

Agree: 4
Disagree
Informative
Unhelpful
Funny

So is this just Hikvision or Dahua or does this include all the OEMs?

Agree
Disagree
Informative
Unhelpful
Funny

Yes, good point. As discussed in the original ban passage, products 'produced' and sold by 'affiliates' would be impacted.

Agree: 2
Disagree
Informative: 1
Unhelpful
Funny

I bet FLIR can't wait for the DAHUA naming rights to be over. 

Agree: 9
Disagree
Informative
Unhelpful
Funny: 2

So when will DVtel change their Hik OEM encoder? Or is that ok to have "just a little bit of Hik" in your line up and not draw any attention to it?

Agree: 1
Disagree
Informative
Unhelpful
Funny: 1

John - don't forget to add Stanley who just acquired 3xLogic (HiK OEM) to the list of major players impacted

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny

How is this a good thing? It seems that the US has security concerns with these cameras and are blatantly ignoring the litany of other unsecured devices from numerous other vendors. Do I trust the security of a Hik camera? No. Do I trust a Bosch, Panasonic, Axis? No, no, no. Why do I sell/install them then? I HAVE NO CHOICE, the camera market has moved in to the IT space.

 

Agree: 6
Disagree: 1
Informative: 1
Unhelpful: 2
Funny: 1

IP cameras are IT devices.  Whether or not you lock them down, they are network cameras, NETWORK.  Today, IP cameras are really computers with lenses on them.  How could this not move into the IT space?  

Agree: 5
Disagree
Informative
Unhelpful
Funny

That's pretty well on the money. Security is, well - security. Vulnerabilities are actually all IT based, created by a generation of geeks without a shred of knowledge of CCTV. The ball started rolling years ago when Axis just looked to IT departments and disregarded integrators to grow their model. Now look where we are - every IP camera manufacture is complicit in compromising the very essence of security. It may well be the way of the world that it was always going to go to IT but there are absolute basics that's should still apply. Never place any security system on an internet facing platform. never share a network with any other IOT device other than the security devices that comprise the system. If you you have to use the network, ensure the very basics of firewalls, password changes, and full security configuration is used. If its a particularly sensitive camera, that doesn't need to be send over the internet - then leave it off. Think analogue and remember the very first letter of "C"ctv. You'd be amazed how easy it is to lock down a system by simply removing the RJ45 from the link to the outside world. At some point common sense will kick in...….

 

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny

Never place any security system on an internet facing platform. never share a network with any other IOT device other than the security devices that comprise the system.

While that does improve security, that is increasingly unrealistic as users value remote access and manufacturers can improve products with cloud services (e.g., better analytics, off-site storage, etc.). Look at current stats - Surveillance Systems Remote Access Usage Statistics. Remote access is most common already and will increase as the utility of cloud-connected systems expand.

The future is certainly Internet connected video surveillance. Systems need to be good enough and trustworthy enough to support that.

Agree
Disagree
Informative
Unhelpful
Funny

The future is certainly Internet connected video surveillance. Systems need to be good enough and trustworthy enough to support that.

John I fully agree. That's why I feel pushing for legistation/a clear rule set would make much more sense. Way more sense compared to this bill.

Agree
Disagree
Informative
Unhelpful
Funny

I don't disagree, but the issue is that remote access is being sold as system capability without the caveat that its leaving your system wide open to hacking.

As for cloud storage, well that's a very pretty concept that just fills millennials with all the aspiration they need. But who really trusts the cloud when in essence you ae sending off private, confidential, potentially compromising, commercial and operational data to an unknown facility, operated by unknown persons  with unknown resilience to hacking. We know how weak iCloud and Yahoo was  - so what makes CCTV or access cloud any better? 

People are being sold a myth and expecting CCTV manufacturers to pick up the full responsibility for LAN/WAN/Cloud resilience, which is not practicable. They are part of the solution, but not solely responsible.

Ask yourself another question - just how much of the US Government and Defence data is hosted by external Cloud storage and has this storage been under the same microscope as Hikvision for it's integrity or are people just blindly accepting that its tighter than the Trump/Putin make bonding?

A security solution is end to end and nothing should be looked at in isolation.

Agree: 1
Disagree
Informative
Unhelpful
Funny

What can I sell? I need a new low cost CCTV solution. :(

Agree
Disagree
Informative
Unhelpful
Funny: 3

Check out VITEK. Not made by D or H.

Agree
Disagree
Informative: 2
Unhelpful: 3
Funny: 1

Vitek is just a TVT OEM, you can just buy Qsee or avycon or ENS for the same thing.

Agree: 5
Disagree
Informative: 3
Unhelpful
Funny: 3

Isnt Digital Watchdog also??

Agree
Disagree
Informative
Unhelpful
Funny

see above for Vitek.  DW is very similar.  MOST of their lineup is coming from Korea.  Their turrets are TVT OEMs.  

Agree
Disagree
Informative: 1
Unhelpful
Funny

or below...for Vitek

Agree
Disagree
Informative
Unhelpful
Funny

Not entirely true.  They have a product mix of both Korean and Chinese products.  The Transcendent lineup is TVT OEM, the OnCue recorders and Virtuoso camera lineup come from Korean facilities.  

Agree
Disagree
Informative
Unhelpful
Funny

UNV, Avycon (TVT), VideoPark, Tiandy, Relong

Agree: 3
Disagree
Informative
Unhelpful
Funny

UniView

Agree: 2
Disagree
Informative
Unhelpful
Funny

@John Honovic: this is my point, people will search the next brand with good/decent quality at the hik/dahua pricepoint.

With this knowledge the next series of articles/ban requests/lobby efforts can be started. Just leave out the brand name for now and add it at a moment of choice.

Agree
Disagree: 1
Informative
Unhelpful
Funny

people will search the next brand with good/decent quality at the hik/dahua pricepoint.

Disagree not about Dahua nor Hikvision but about how brands gain significant share. Some people will 'search' for the next brand but most people make purchasing decisions based on heavy sales and marketing expenditures plus local support.

If Uniview steps up with tens of millions of investment in US sales, marketing and local support, hiring 100+ people, Uniview has the chance to become a major player.

Otherwise, sales will go up for Uniview, given the Hikua situation but they will remain minor players since most dealers want local 'factory' salespeople and local support.

Agree: 2
Disagree
Informative
Unhelpful
Funny

Well for EU, Hik sales started before the Hik footprint with local staff really started.

It has helped their growth no doubt. My point is not it will be UNV, my point is that the door is wide open for any Chinese brand to be funded right into the spot.

If so many installers and intergrators (and thereby also end users) have gotten used to the pricepoint, I am certain there will be a big demand in that space.

 

Agree
Disagree
Informative
Unhelpful
Funny

My points have been eloquently worded by Robert Shih:

1. If foreign state ownership is the issue, then Dahua should not have been included. Also, a more comprehensive electronics bill should be drawn up to cover more potential threats from China.

2. If this is trade related, then tariffs would have sufficed rather than completely forcing the market's hand. Also, the Buy America act would have been sufficient if properly enforced.

3. If cyber security were truly the issue, then there should be a governing body that upholds these standards across the board that all manufacturers should abide by.

 

Adding that if a company sells these brands anywere excludes them from government business is really strang.

If you feel their judgement is off because of selling these brands, the list should be more comprehensive.

 

 

Agree: 22
Disagree
Informative: 1
Unhelpful
Funny

Genius Interpretation! They must think the thousands of companies selling Dahua and Hikvision are secret Chinese spys and had to act accordingly.

If this isnt a clear indicator of how mindless the ban was and still is, i dont know what is. 

If they hate Hikvision and Dahua that bad, just ban them completely already and stop beating around the bush.

SMDH

Agree: 8
Disagree: 7
Informative: 2
Unhelpful: 2
Funny: 3

Or, they think integrators selling those products are ignorant to the risks they pose, and thus don't want to deal with them at all. I am only slightly exaggerating here. If you can't recognize the risks posed with those products, you shouldn't be advising the government and selling them anything "security" related.

Agree: 7
Disagree: 1
Informative
Unhelpful
Funny

What specific risks does a current Dahua and Hikvision camera have that other non-banned manufacturers have such as an Axis camera or you name it?

Agree: 6
Disagree
Informative
Unhelpful: 1
Funny: 1

That it is manufactured by a company with a track record of intentionally placing back doors into their products, a company no less owned by a hostile foreign government.  

There, I summed up the Hikua dilemma in one sentence. 

When’s the liquidation sale? 

Oh, and sorry for interrupting your morning BM.

Agree: 9
Disagree
Informative
Unhelpful: 5
Funny: 7

I understand that you must be happy that it actually takes an act of congress for you to compete but honestly thats not something to be proud so lets keep the argument sensible and free from undisclosed sarasm. Oh an BTW, ban or not, I still eat competitors like you for breakfast and BM them out each morning so your statement is not entirely false.

The backdoors were not intentional. Vulnerabilities are found in every manufacturer. Dahua is not owned by China. And to call China hostile is debatable. I shut down your summation in 4 sentences.

I'll let you know when the liquidation sale is, perhaps then you can actually make some money. ;)


Agree: 7
Disagree: 16
Informative: 1
Unhelpful: 11
Funny: 6

And to call China hostile is debatable.

No, it isn't. 

Agree: 24
Disagree: 1
Informative
Unhelpful: 1
Funny

Absolutely correct UD#7 - China has blatantly stated their hostility to the US, both militarily and economically.  

Agree: 12
Disagree
Informative
Unhelpful: 1
Funny

I agree. All you have to do is follow what's going on in South China Sea.

Agree: 1
Disagree: 1
Informative
Unhelpful: 2
Funny

China is no more hostile than the US. Trump initiate the hostile tariffs against many of its "allies" as well as it's perceived foes. That is hostile.

 

Agree: 1
Disagree: 2
Informative
Unhelpful: 2
Funny

Hey Sean, it worked!  I looked at your web site to get an understanding of what you like for breakfast. My pallet is more refined, so I will not be able to understand your perspective very well.

While I prefer all government stay out of my business; It appears that the federal government must pass laws to prevent ignorant people from knowingly and willfully risking security for personal gain. It seems to me this is a new concept by the federal government over the past few years.

Not to worry Sean, there is plenty of other government entities that prefer personal gain over security, you will be fine and have plenty of breakfast to feast.

Agree
Disagree: 2
Informative
Unhelpful: 2
Funny: 1

Thanks Gary. This conversation is starting to get wierd. Nonethless, I cant stay silent to subtle trash talk, although its respectful that you disclosed yourself. I said I eat competitors for breakfast via our sales, I dont eat my own products which is what you alluded to. While you may be fasting, I dont necessarily consider that a "refined" pallete choice.

Agree: 1
Disagree
Informative
Unhelpful: 1
Funny: 1

Yet the size and number of back doors and vulnerabilities is astounding!!

Selling these manufacturers is a security risk to the US gov, and critical infrastructure...

You seem more concerned to your profits in selling such cameras than you are to the risks they present.

As for your Chinese breakfast... enjoy while you can...

Agree
Disagree
Informative
Unhelpful: 1
Funny

Saying that selling these manufacturers poses a security risk to the US gov depicts a certain level of naivety.

The day you started using IP cameras is the day you created a whole new set of security risks. I feel I should inform you all that IT security is more complicated than China = Bad/Anything else = Good.

You have almost no ability to keep an educated and determined intruder out of your home, we all know that. We don't however seem to know that that logic also applies to our IT infrastructure. Try as you may, you can't really keep the Russians, Chinese, FBI, NSA, 16yo hackers etc off of your network. Did you ever really think you could? 

Do you think the Chinese have a problem hacking in to Axis systems?

Blame Hik if you want to, but as an IT and technical security systems auditor, all you guys are fucked.

It's the wild west of CCTV systems hacking and the manufacturers don't even give us the proper tools to secure the network.

Run a Shodan search and see how many systems out there are still affected by Shellshock.

Agree: 1
Disagree: 1
Informative
Unhelpful
Funny

Sounds to me like you're bitter you cant install cheap shit anymore.

every integrator that employs this kind of argument that basically says "any camera poses the same amount of risk as all other brands" is putting their head in the sand.

Also, NO I don't think Chinese have issues hacking into an Axis system. They are also the same country that blocks Axis out of almost all installs in their nation. China is going for world domination and they unfairly discriminate against other manufacturers from other parts of the world.

Answer this: Why is it NOT okay for the US to do the exact same thing as China and essentially block Hikua out of our nation?

Agree: 3
Disagree
Informative
Unhelpful
Funny

Bitter that I can't install cheap shit? Sorry, but even at $150 for a 4k camera,, that ain't cheap. Less than $1k for a full system? That's ALLOT of money for us regular folk.

I wouldn't say each camera has the same amount or risk. I'm saying they -for the most part- all have the same TYPE of risk.

You put your camera on my network, now you have all the risks of every other client on my LAN.

So, you are worried that a camera system may be vulnerable to China, yet you admit that the Chinese can hack in to other systems anyway. Now you are becoming a Security Specialist.

Agree
Disagree: 4
Informative
Unhelpful: 1
Funny

Asking if China can hack into an Axis camera system is like asking if Stephen Curry can hit a 3 pointer. You're talking about a country that admits it has an army of hackers.

 

I'm not claiming to be a security specialist. But at least I'm a realist.

Agree
Disagree
Informative
Unhelpful: 1
Funny

Really? And your kit has no vulnerabilities - prove it. So your benevolent company is not interested in profits - is that because its a pseudo charity (Bosch) or is it because it's commercially ignorant?

Built your wall and use your own US manufactured kit....oh hang on....

Agree
Disagree
Informative
Unhelpful
Funny

Yes 4 sentences, that make little to no sense, while no one can say the back doors are intentional, neither can you say they are not...

As for whether China is a hostile government to the US, I suggest you try reading the news in general...

While I empathize, with the impact that this might have on your  business, it is not the governments concern if you base it off cheap OEM cameras, with little care to the security impact to the end user, Public or private!!

Agree
Disagree
Informative
Unhelpful
Funny

"The backdoors were not intentional"

How can you be so sure Sean?

Just because Hik told you so?

 

Agree: 4
Disagree
Informative
Unhelpful
Funny: 1

Are you insinuating every company that has placed a backdoor should succumb to the same fate of crony capitalism? Goodbye, Microsoft, Juniper, Cisco, Sony, EA Sports, Blackberry. The question should be, what company did NOT provide a backdoor? When I find that company, I'll let you know.

Agree: 5
Disagree
Informative
Unhelpful: 1
Funny: 1

Direct State control is all I can think of. All of the other IP camera manufacturers  suffer similar issues as a lot of these devices will utilize many of the same software libraries. That's why when you see an openssh patch published, you'll soon notice vendors downstream start to patch their hardware.

Agree: 2
Disagree: 3
Informative
Unhelpful
Funny

thats fair but Dahua is not state owned, thereby invalidating this argument.

Agree: 3
Disagree: 1
Informative
Unhelpful: 4
Funny

Sean - you really don't now exactly how involved the China government is with Dahua, do you? You don't know for sure if the backdoors and vulnerabilities discovered so far were intentional or not.

All you "know" is what they have told you. Keep in mind both Dahua and Hikvision have been shown to be dishonest and untrustworthy in multiple ways. 

You have not invalidated any arguments or "shut down" anyone's arguments here. You have only continuously shown how ill informed and blind you are.

Agree: 13
Disagree: 1
Informative
Unhelpful: 2
Funny

Sean - you really don't now exactly how involved the China government is with Dahua, do you? You don't know for sure if the backdoors and vulnerabilities discovered so far were intentional or not.

Please enlighten me on your insider knowledge and how Dahua compares to every other Chinese company that is or isnt involved with the China government.

Agree: 3
Disagree: 1
Informative
Unhelpful: 5
Funny: 1

Sure, once you acknowledge my comment that you are talking out your ass and don't actually "know" one way or the other how much China is involved with Dahua, or the motivation behind the backdoors put in Hikvision's products.

Agree: 3
Disagree: 1
Informative
Unhelpful: 4
Funny

I never admitted this, therefore no ass talking. I asked you to enlighten me with your knowledge. Looking forward to your ass-talk free insider knowledge.

Agree: 3
Disagree: 1
Informative
Unhelpful: 4
Funny: 3

Can you both stop?  I usually enjoy reading the comments as I tend to learn something new from an installer/integrator's perspective.  If you two want to go at it, please do it offline.

Agree: 18
Disagree: 1
Informative: 1
Unhelpful: 2
Funny: 2

Sean, you're business and therefore livelihood is Hikvision, thereby invalidating most arguments you make.

Objectivity and safeguards against manufacturer influence are why IPVM is the most respected source of information in our industry.

Agree: 8
Disagree: 2
Informative
Unhelpful
Funny

If Objectivity is the aim you would make a rule set ANY manufacturer needs to meet. Banning two that are now the biggest is far from objective 

Agree: 2
Disagree: 1
Informative
Unhelpful
Funny

Banning two that are now the biggest is far from objective

Worth keeping in mind that those two are now the biggest because China blocked out their foreign competitors, ironic given the issue we are discussing here.

Agree: 5
Disagree
Informative: 1
Unhelpful
Funny: 1

If that’s China’s plan, what’s stopping them from now backing UNV or another company and doing it all over again? 

The ban leaves room for any Chinese company not mentioned by name, and that’s a lot 

Agree: 2
Disagree: 1
Informative
Unhelpful
Funny

This is a stellar oppurtunity for UNV right now, but then again, they should obviously tread lightly of capturing too much attention. Danged if you do, Danged if you dont.

Agree: 2
Disagree: 1
Informative
Unhelpful: 2
Funny

Nobody (seemingly even Dahua and Hikvision themselves) really knows for sure what current risks are in those devices. The Hikvision IP Camera Critical Vulnerability 2018 report shows that new vulnerabilities are constantly being found in Hikvision devices.

Hikvision and Dahua have an extensive history of critical easily exploited vulnerabilities. Far more so than Axis or other non-banned manufacturers. Couple that with the fact that these products originate from a country (China) that is not really considered to be a US ally. This makes those products significant risks.

If the Swedes (Axis) elect a Communist dictator and start pumping out firmware riddled with comparable vulnerabilities I would be all over the suggestion to ban them as well.

Of course, this has been presented to you multiple times, but you don't seem to be able to evaluate it beyond "Axis has some vulnerabilities also" and "Hikvision makes me money, therefore we shouldn't pick on them".

I've said this before, let Hikvision go a year or two with no critical vulnerabilities being reported against them AND have their response to vulnerabilities not be spin and victimization, and maybe they could be considered a more trustable device. Let's see if we can get through the next 11 months with no new Hikvision cyber security snafu's. 

 

 

Agree: 10
Disagree
Informative
Unhelpful: 1
Funny

Much bigger footprint for Dahua and Hikvision to be exposed than Axis or the others. No telling how many vulnerabilities still havent been found in those products. Axis is a great company, and has great products, but they are more expensive and traditionally geared towards enterprise market which are typically installed on much more closed networks. Much smaller footprint.

Agree: 2
Disagree: 3
Informative: 2
Unhelpful: 1
Funny

Sean, the footprint argument is BS!!!  Regardless of how many cameras are sold, there is no correlation to the number of vulnerabilities... If I manufacture 5 cameras, it does not make them secure under that reasoning..

Enterprise systems, are not necessarily closed systems, I have dozens of customers that are based across the world, I can get in to the their systems for diagnostics etc...

And again you lay yourself bare by the statement that that AXIS is more expensive... Cheap is cheap, the expansion of Hik footprint has been done by vast investment and loans by the Chinese Government, and the Chinese Government keeping rivals out of their own domestic market...

 

As they say in China   感谢上帝,推迟Sean Nelson购买我们的产品!!

Agree: 2
Disagree
Informative
Unhelpful: 1
Funny

What, in your opinion, has more vulnerabilities? Hikvision or Windows OS? Or even for this sake Apple products?

let me ask you another question

Who has been hacked the least among the above manufacturers?

Footprint. 

Agree
Disagree: 2
Informative
Unhelpful: 3
Funny

What, in your opinion, has more vulnerabilities? Hikvision or Windows OS? Or even for this sake Apple products?

Sean, you ask a lot of questions, and pose a lot of (misinformed) opinions about why you think Hik is not a threat, but you rarely state anything definitive that can be independently verified.

Maybe try posting some data and numbers of your own, instead of "asking" people for responses. Do some research on what you think is comparable data and come back with an information-supported argument.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Would you also like me to provide data that the earth is round and the sky is blue?

Agree
Disagree: 1
Informative
Unhelpful: 4
Funny

Would you also like me to provide data that the earth is round and the sky is blue?

Nah, just start with backing up your claims about Hikvision with actual verifiable data.

Or, if you can't do that, just keep deflecting and asking stupid questions.

Agree: 1
Disagree
Informative
Unhelpful
Funny: 1

This is senseless Sean. Windows has more bug and cracks than Hik ever will, but it's American. So it's safe and Bill Gates allways had everyones interest at hart.
Just like Facebook always wanted you to just enjoy their games. They never did anyone any harm right?

If they don't want to see the big picture, they never will.

Agree
Disagree: 1
Informative
Unhelpful: 1
Funny

LOL.  We don't want to see the big picture.  That is funny.  Thanks for the chuckle.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Hik......for a device that does so little in comparison to the others, the number of vulnerabilities is astounding!!

If you disagree, please provide accurate verifiable information, not reheated Hik/Dahau misinformation....

Agree: 2
Disagree
Informative
Unhelpful
Funny

That is a strawman argument.  Microsoft Windows version x or y is an operating system, designed by huge teams, and designed to run on hundreds of manufacturers of systems.  It is an operating system designed to run tens of thousands of software programs and allow user interaction, etc.

An IP camera is an IoT device or embedded device with a few APIs and designed to do one primary thing - capture video and send it out the network.

Yes, there are cameras that can run apps, but let's ignore that for now.  There are only 3 or 4 manufacturers that do that, on a limited set of models.  And there are only a handful - maybe a hundred apps in the world.  

Any complex system, like an operating system designed to run 3rd party code, and to run on different hardware platforms is going to have vulnerabilities.  The question is how forthcoming are they with info and with updates.

Can you imagine if a car company didn't acknowledge defects or issues or recalls... Oh wait... That is why certain car companies don't make it to the US...  There are dozens of Indian or Chinese or other car companies that we have banned,  Maybe it is due to their track record, or simply product safety.

Same thing here.

An embedded device should be easier to harden because you don't need to expose the internal modules.  Everything should be parsed and sanitized and filtered before the OS gets the data.

A companies track record is SO important here.  Personally, the ONLY way Hik or Dahua can make this better is to 1) actually become open vs. sending out poorly worked fluff marketing bulletins and 2) start over from the ground up - get rid of 100% legacy code and actually design a new camera & NVR & DVR & VMS.  Design it with cybersecurity in mind.  Yeah, it may require a new API and integration, but heck - with thousands of engineers it shouldn't take too long :).  Yeah, I now that adding more engineers doesn't actually speed up a project based on man-hours needed....

Start from the ground up stating no more plugins and only HTML5.  Use ONVIF and known encryption protocols.  Don't hide the encryption in a special FIPS firmware, but trumpet that YOU ARE THE ONLY COMPANY WITH FIPS COMPLIANT CAMERAS, when they are not publicly available.

Finally, you HAVE to solve the grey market/OEM issues.  I know that is how you started and you sell a ton of products, but you have to pick your channel.  Either be a B2B product and cut out the OEM or stick to OEM and be honest about it.

We have all seen the OEM > direct backstabbing.  It is shameful home many large "manufacturers" with a nice brand name don't actually manufacture cameras.  I have a feeling that in the next 12 months much of this will shake down due to the ban and the Honeywells, etc. will have to bail out of the game or pick a different OEM and be honest about it or actually make their own products!!!!

Agree: 5
Disagree
Informative: 1
Unhelpful
Funny

The OSs on camera/NVR equipment is a full fledged Operating System. Complete with a TCP/IP stack, DDNS, HTTPD. You can install anything else you want if you know how to compile by source and are strong willed enough to endure dependency-hell as packaging software has normally been pulled from the base images.

 

In other words, it's a pain to install other apps, but it's certainly not impossible.

 

Agree
Disagree
Informative
Unhelpful: 1
Funny

The OS on an IP camera or NVR SHOULD NOT be a full-fledged OS.  It should be a stripped down OS that has removed ALL of the unneeded features, functions, libraries, and servers/daemons.

Maybe that is the difference between the different tiers of manufacturers.  Some re-write the OS and remove the unneeded things, others just use the stock firmware or lock things down but don't really remove things (think telnet).

Another big piece is that some manufacturers use Trusted Platform Modules (TPM).  This makes it so that a skilled hacker can NOT change the OS or recombine firmware (Hikvision). Thus better securing the camera.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Excellent way to point out the blatantly obvious.  There is almost zero analogy between an OS that must run on hundreds to thousands of different hardware options, and run thousands of different programs/drivers/etc., versus a very limited purpose device where the maker has full control over both hardware and software.  Anyone suggesting the 2 are comparable has no clue.

Agree
Disagree
Informative
Unhelpful
Funny

How obvious is it that IPVM and others will not spend the time and effort in analysing vulnerabilities of a small manufacturer? Yes, Hik and Dahua have a built a huge glass house for themselves and are there to be pilloried whilst the myriad of start-ups, non-Chinese OEM and plenty of others go under the radar and are pushing kit out that leaks like a sieve. 

This a simply a jingoistic monologue that is as boring as it is repetitive. 

 

Agree
Disagree
Informative
Unhelpful
Funny

Are small startup OEM companies being sold to and installed in US federal Government facilities? That is the point of this discussion.  I am sure that these small companies have cyber issues, and should be discussed, but that is separate from this discussion of Hik and Dahua and related being banned by the US bill.

Agree
Disagree
Informative: 1
Unhelpful
Funny

If this is your point, ban all Chinese, not just the two biggest at this moment.

At least that would be a clear statement.

At best, you kill the Hik and Dahua business in the USA and in a few years a new lobby for a new ban will try to kill whichever Chinese company has stepped into the void hik and Dahua leave. 

People won’t go back up to the high prices lower quality of pelco and the likes of them. 

Call me ignorant because I like Hik but banning two brands just makes little sense. It’s a bandaid.

Agree: 2
Disagree: 3
Informative
Unhelpful
Funny

People won’t go back up to the high prices lower quality of pelco and the likes of them.

That's a strawman. The Pelco buyer has largely moved to Axis, Avigilon, Hanwha, Genetec, Exacq, Milestone, etc., with or without the Chinese.

At best, you kill the Hik and Dahua business in the USA and in a few years a new lobby for a new ban will try to kill whichever Chinese company has stepped into the void hik and Dahua leave.

You've made this argument now a few times so I'll address. Hikvision and Dahua are way bigger (on the order of 5 - 12x as large) as the next biggest Chinese video surveillance manufacturer plus Dahua and Hikvision have been taking market share away from other Chinese companies inside of China. Because of that, your assumption that other Chinese companies will easily fill the 'void' is much more questionable than you imply.

And given that you seem to be granting that Hikua is effectively a cancer, the US might as well treat that now.

Agree: 5
Disagree: 2
Informative
Unhelpful
Funny

I never granted hikua to be a cancer.

Firstly I prefer not to use a desease that hurts so many in any way or form, even an argument.

Secondly, already on IPVM people are discussing alternatives and the likes of UNV are popping up.

Another Chinese brand at the Hikua price point.

Agree
Disagree
Informative: 1
Unhelpful
Funny

the likes of UNV are popping up.

Another Chinese brand at the Hikua price point.

Would you be happy if the ban includes UNV too?

UNV is certainly the 3rd most common Chinese branded option but they are a distant, distant 3rd in the West. They will need to invest tens of millions in overseas sales and marketing to attempt to be a serious factor, which they have refused / been incapable of to date.

Agree: 1
Disagree
Informative
Unhelpful
Funny

No I don’t want UNV on the list. My point is the uselessness of this ban.

The door is wide open for UNV if China decides to fund it.

instead a clear bar could be set to any product should meet before being sold.

if you now switch to a US built camera that is so weak the Chinese can break in is that any better?

 

Agree
Disagree
Informative
Unhelpful
Funny

if you now switch to a US built camera that is so weak the Chinese can break in is that any better?

That's a genuinely laughable assumption that Dahua and Hikvison cybersecurity is somehow comparably strong. Keep in mind, both companies, among various issues, continue to maintain an unremovable side door that lets them access any system (e.g. Hikvision Responds To Cracked Security Codes).

Agree: 4
Disagree: 1
Informative
Unhelpful
Funny

If this is your point, ban all Chinese, not just the two biggest at this moment.

OK, I have no problem with that. I'd like to see any Chinese surveillance cameras, access control equipment, DVR/NVRs, software and similar components banned in the commercial surveillance sector. It would probably be worth banning them in the consumer sector as well, but I think that is impractical. Similarly, I have always felt the ban of Huawei equipment from the telecom market was logical as well.

China is not our ally. We ("we" being the general American population) like their cheap goods, I get that, and it is probably a necessary evil on a number of fronts to import low-cost mainstream consumer stuff from China. At the commercial level, and particularly at the Government level, that stuff should be strictly banned. I stopped buying Lenovo laptops a decade ago for similar reasons when I was in charge of IT-related purchases for various companies. If a country is hostile to us (directly, or passively) I don't think we should be plugging their equipment into our networks.

For this bill, I think Hikvision was named because they have direct government control, and they have a history of cyber security vulnerabilities across basically all of their products. Dahua is mostly guilty by association, they have proved to have similar gaping and mishandled vulnerabilities, and if we suspect the Chinese government would use Hikvision as an attack vector, it is logical to assume that cutting off Hik would just have them move to Dahua, so might as well just cut that off right from the start.

In all seriousness, if XM, Longse, or any other large(ish) Chinese manufacturers try to step into Hik/Dahua's shoes here and fill the void, I would expect their names to be directly added as well.

I don't think the bill named Hikvision and Dahua in the sense of listing the entirety of the threatening or suspect companies, they were just the two most popular and visible companies to start with. There is likely more to come.

Agree: 9
Disagree: 1
Informative: 2
Unhelpful: 1
Funny

You’re the first or at least one of the first to just say that’s right ban all Chinese.

Most others try to give reasons that make no sense and misguided info.

we may not agree but I appreciate your clear view and explanation

Agree: 2
Disagree
Informative
Unhelpful
Funny

Thanks. FWIW, I think you put forth some compelling points as well.

Agree
Disagree
Informative: 1
Unhelpful
Funny

+1,000 for "China is not our ally."

Agree
Disagree
Informative
Unhelpful
Funny

Hikua is the biggest threat because of several factors. Mitigate the largest threats first but maintain the market for low priced camera systems that do have a good use in society. If another threat emerges, ban them too. 

You went from one extreme to the other, naming Hikua and then Pelco to misrepresent options available in the market. There are several options of price and quality between those two brands. 

I think a really great thing Hikvision did for themselves (and horrible for the industry) is changing the perception people have for what a professional camera should cost. They were able to do this because of an infinite government-sponsored budget and because the camera industry is very underregulated, so specification sheets can easily hide cut-corners, low-grade components, build quality issues and swiss cheese firmware.

Agree
Disagree
Informative: 2
Unhelpful
Funny

I think a really great thing Hikvision did for themselves (and horrible for the industry) is changing the perception people have for what a professional camera should cost.

Interesting point. No doubt competing on low price was a key Hikvision tactic and important to their early success but it had very negative downsides:

(1) Their brand and general consumer perception became centered around low-cost because of their literally constant sales. They devalued other manufacturers but they also devalued themselves.

(2) By being so cutthroat on price (while spending so much on sales and marketing), Hikvision created many enemies among their rivals. This is a key reason why competitors are largely cheering the US government's actions.

I genuinely think that Hikvision's long-term outcome would have been better not being so centered on cutting prices.

Agree: 2
Disagree
Informative
Unhelpful
Funny

gutting pricing - in any global industry/market they choose to seek domination of - is an overt and well-documented practice that the PRC uses as SOP#1.

it is what they do.

Agree: 2
Disagree
Informative
Unhelpful
Funny

I disagree. Price compared with Quality is what made them so popular. Market Disruptors tend to have enemies in their respective market so its not surprising that competitors are cheering this. Can you imagine the cheers from ADT and the likes if Simplisafe got banned?

Agree: 4
Disagree
Informative
Unhelpful: 1
Funny

Price compared with Quality is what made them so popular.

Actually, it is price compared to quality + massive sales spending + marketing spending. 

Market Disruptors tend to have enemies in their respective market

For example, Axis was a market disruptor (think back to 2008). Competitors did not hate them because (1) they competed on quality, not price and (2) they are not funded by an authoritarian government. 

Agree: 6
Disagree
Informative: 1
Unhelpful
Funny

Im not disagreeing there are ways to disrupt markets other than prices. Look at apple. Companies like that are often more respected for the value they add to the industry. Axis is respected because of this and because they were pioneers in the IP camera industry. Companies like this rarely put others out of business because they are in a class among themselves or created a new industry altogether.

Nevertheless, there are companies who disrupt based solely on pricing and/or demolishing old ineffecient sales models. These companies are generally hated in their respective industries because it makes other companies lower their margins or become uncompetitive altogether. Again Simplisafe is a great example. Amazon could be mixed in the group. Red box. Netflix. Etc. 

Agree
Disagree: 3
Informative
Unhelpful: 1
Funny

"Nevertheless, there are companies who disrupt based solely on pricing and/or demolishing old ineffecient sales models."

historically, I would argue this point.  As it is willfully obtuse and ignores all the prior debate about fair trade practices and sustainability.

But I long ago recognized that you are not debating, and instead are content to parrot the hikua propaganda to the end... 

Agree: 4
Disagree: 1
Informative
Unhelpful
Funny

Couldn't disagree more with your examples. The foundation of disruption for those companies was technology. This technology allowed them to challenge the conventional sales model and/or price. Hikvision just undercut everyone else dramatically with no differentiation in technology or innovative sales model. 

Agree: 4
Disagree
Informative
Unhelpful
Funny

So you’ve gone from government owned to government funded... 

Does that mean that to you any Chinese company is government funded?

Agree
Disagree
Informative
Unhelpful
Funny

I have not gone anywhere. Hikvision is both owned and funded by the Chinese government.

Agree: 1
Disagree
Informative
Unhelpful
Funny

This is going in circles. Dahua is not government owned and has as much government backing as the next manufacturer would. 

 

Agree
Disagree: 2
Informative
Unhelpful
Funny

Dahua won nearly a billion dollars in Chinese government contracts for concentration camps in the past year, so they have ton more government backing that every non Chinese video surveillance manufacturer combined.

Agree: 5
Disagree
Informative: 2
Unhelpful
Funny

Yes you are right again, the price of Hik, is reflected in the quality of the cameras, especially the firmware and software that has had so many vulnerabilities uncovered over the last decade....

You can stop sucking Hik dick now....go find a replacement manufacturer..

Agree: 1
Disagree: 2
Informative
Unhelpful: 5
Funny: 1

Agree
Disagree
Informative
Unhelpful: 1
Funny

ROFL, typical emotional uneducated reply. I know you undisclosed manufacturers are giddy and can hardly contain yourself but wow!

Agree: 1
Disagree: 1
Informative
Unhelpful: 2
Funny: 1

Dude, you are wasting your time arguing with undisclosed users.

Agree
Disagree
Informative
Unhelpful
Funny: 3

Agree
Disagree
Informative
Unhelpful
Funny: 1

Really, yet you are not sycophantic towards your Chinese suppliers... You sit on this discussion, make false, illogical arguments,

My business is not circling the bowl.....you made your money by buying cheap vulnerable cameras, and now that your going to be excluded from a market space, you regurgitate Hik/Dahau talking points...Claim that there is little to no correlation between price a quality, and cannot even agree that our Government would be safer without the Chinese own and sponsored manufacturers installed in its facilities!!

Get off your knees

 

Agree: 2
Disagree: 2
Informative
Unhelpful: 4
Funny: 1

I enjoy a good debate but im starting to feel sorry for you and its no fun anymore. I wont allow you to make yourself look any more foolish than you already have.

Agree: 1
Disagree
Informative
Unhelpful: 3
Funny

As this is a professional forum, I am kindly asking everyone to refrain from profanity.

Thanks.

Agree: 4
Disagree
Informative
Unhelpful
Funny

Remember, they are not banning the Chinese. They are banning US (Security Professionals) from selling Chinese products. The US government has displaced it's political/economic responsibility on us, without actually banning any product.

 

Not fair at all if you ask me.

 

Either let the market decide or step in with politics. Don't force every Security Professional to enforce your ill-thought plan.

 

Good luck enforcing Trumps ban on HikHau y'all.

Agree: 2
Disagree: 1
Informative
Unhelpful
Funny

Good Point. 

My same thoughts are with the tarriffs. You arent hurting the Chinese. You are hurting the consumer.

I voted for trump but he has pulled some doozies lately. One of them saying Google is biased. I dont think they are biased at all, but even if they are, who cares, they are a private company they can be as biased as they want.

Stay out Government!!


Agree: 2
Disagree
Informative
Unhelpful: 1
Funny

Do you actually read IPVM on a regular basis?  Simply look for the articles regards these manufacturers and you will see that the number of threats and issues from these manufacturers dwarfs any other manufacturer....

Agree: 1
Disagree: 2
Informative
Unhelpful: 1
Funny

I do not think that "they think thousands of companies are Chinese spies", I think it is a true concern over the Chinese government being so entwined in camera companies, that the US Government cannot trust or rely on them.

Anyone that has read IPVM over the last 5 years or so can see one security failure after another from these manufacturers, Other countries are excluded from Chinese government projects because of their own security concerns......

What is good for the goose is good for the gander...

Agree
Disagree: 1
Informative
Unhelpful: 1
Funny

McCarthyism at play. Jeez, I guess some countries never learn.....

Agree
Disagree
Informative
Unhelpful
Funny

I don't mean to politicize this topic, but usually people in significant government and political positions equip their homes and private offices with extensive security measures, including, but not limited to, surveillance equipment.  What are the chances that some of these folks used the equipment, which is the subject of our discussion, in their homes and private office, and through this equipment the Chinese Government got into their network?  We're now hearing that the Chinese Government was monitoring a certain politician's network in "real time", got emails as soon as they were sent and received. I don't know how factual this particular story is, but I think it is possible to do such a thing.  How embarrassing, to our industry, would this be if we learn that it was equipment we use that enabled our adversaries to compromise these networks?

Also, I wouldn't expect our government to spell out how any government official, or politician's network was breached other than a general statement that the breach occurred.  It's possible that our government has specific information about hacking, that they will not divulge for fear of  giving away methods and abilities of our intelligence gathering folks.

Agree: 5
Disagree
Informative: 2
Unhelpful
Funny

I'd be more willing to bet many have cameras they've now banned in their homes and don't even know it.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Agree
Disagree
Informative
Unhelpful
Funny: 15

If you are going to ban Dahua and Hikvision you must ban all other China cams the basis of the ban is a threat to national security. I am actually less worried about hik and dahua because of their volume, there is way more effort put in to detect backdoors/vulnerabilities. This is not the case with low volume vendors. Using those cameras can actually be a greater threat since they are not likely put under the microscope. The ban should also require the removal of such systems already in place, which it does not.

Agree: 2
Disagree: 1
Informative: 2
Unhelpful
Funny

If you are going to ban Dahua and Hikvision you must ban all other China cams the basis of the ban is a threat to national security. I am actually less worried about hik and dahua because of their volume, there is way more effort put in to detect backdoors/vulnerabilities

Whats even more sad about the ban is that Hikvision probably has the most cyber secure Chinese made surveillance product right now. Unfortunately they were too late in the game.

Agree: 2
Disagree: 11
Informative
Unhelpful: 1
Funny: 3

Whats even more sad about the ban is that Hikvision probably has the most cyber secure Chinese made surveillance product right now.

Seriously, just stop trolling. It's getting ridiculous.

Agree: 5
Disagree: 1
Informative
Unhelpful: 1
Funny: 4

I have definetely trolled many times in the past, but this is not one of them. 

Agree: 1
Disagree: 9
Informative
Unhelpful: 4
Funny

So they are the "best of the worst??"  Not sure that is the standard of a successful security model.  I think that is the point lost in all of this - we are in the security business.  We are not making Lego.

Agree: 4
Disagree
Informative
Unhelpful
Funny: 4

we are in the security business. We are not making Lego.

I fully agree with that statement. That's why making clear rules and minimum requirements make way more sense. For traditional CCTV (with no network connections) it might not have been needed, but it's very needed today.

It would take work but make a better industry. More usefull then a ban on a few brands.

Agree
Disagree
Informative
Unhelpful
Funny

The standard for a successful security product would start with not being listed by CERT or DHS or whomever with having a vulnerability, especially a 9 or 10 rating.  Obviously, there can be vulnerabilities or other issues and not be listed (yet), but that is a good start. 

Let's go through the camera calculator and see which products made in China do NOT have any vulnerabilities listed.

Hikvision is NOWHERE near the top of the best in cybersecurity.  They constantly have vulnerabilities disclosed, and often due to sloppy coding, and not due to other libraries (openSSL, etc.) finding a vuln.  

Agree: 2
Disagree
Informative: 1
Unhelpful
Funny

LMAO!!!!!!!!!!   Oh Sean, you are precious!!!!

I have the least flammable Pinto on the road!!!!

Agree
Disagree
Informative
Unhelpful
Funny: 5

I can understand this argument, however, Hikau's risk factor is 100x that of other Chinese brands like TVT, Longse, etc. simply by the market penetration into enterprise\government sectors in the USA and marketing power to expand that. I think it makes sense to ban the largest threats while still allowing for the low price market to exist. Banning all Chinese cameras could have an impact on the safety and security of millions of people who may not be able to afford anything but a $500 8 channel kit on Amazon. 

Agree
Disagree: 1
Informative: 1
Unhelpful
Funny

You are confused. First, the ban does not apply to amazon shoppers. Second, if dahua and hik were selected because they are the largest, then why not mandate removal of old systems? A better solution if they felt the ban was needed would be to list acceptable manufactures.

Agree
Disagree: 1
Informative
Unhelpful: 1
Funny

You are confused. First, my English language, grammatically correct and cohesive sentence tied the banning of all Chinese cameras to Amazon shoppers, not this federal ban. Second, removal of currently installed Hikua systems in federally owned, operated, or funded facilities is mandated. An even worse solution would be listing acceptable manufacturers since there are thousands of acceptable ones and only two banned ones.

Agree
Disagree: 1
Informative
Unhelpful: 1
Funny

Yet again, incorrect. The ban does not require removal. IPVM's reporting on it is incorrect. Take the time and actually read the legislation. There is nothing in the language that requires removal of equipment already in place. 

If you intended to suggest an alternative to the federal ban you should have said so cohesively.  It does not read that way, so much so that you had to defend it in the way you did. :)

Finally, my point with respect to white listing when right over your head.  There are not thousands of acceptable brands. All china brands are suspect. The smaller manufactures more so because they are not tested extensively. If the feds are actually concerned about security they should vet 10 or so quality brands and white list them. Problem solved. I understand though that as a manufacture you feel threatened.

Agree: 1
Disagree: 1
Informative: 1
Unhelpful
Funny

I emphasize, YET AGAIN, that Dahua is NOT equivalent to Hikvision. This Bill does NOT work for all threats and it limits the market unnaturally.

Agree: 2
Disagree: 4
Informative
Unhelpful
Funny

Robert,

In my perspective, Hikvision ban is a reactive law (as laws usually are) and Dahua ban is a proactive one. It is amazing to witness the very rare occurrence when the US government is proactive!

Agree
Disagree
Informative: 1
Unhelpful
Funny: 1

Funny, but not productive IMO.

The issue of ownership separates them. Dahua is not the same exact threat as Hikvision, because of this.

Dahua CAN (not guaranteeing they WILL) change if given guidelines to follow and may be able to EARN trust (not that they have it now).

Hikvision, even in following guidelines, can't ever be trusted on the basis of its ownership.

That's the crux of my argument.

Agree
Disagree
Informative
Unhelpful
Funny

I'm sure I'm quite naive about cyber security beyond VPN's and strong passwords, but this ban may be simply folly in preventing or stemming cyber attacks, and will have little to no impact on China's, or any other adversarial country's, ability to breach our critical networks.  There are many pathways into a network, by a multitude of other network connected devices, not limited to surveillance equipment or particular manufacturers.

A US manufacturer of network client devices may use all components manufactured in the USA, which is highly unlikely. But that same manufacturer may later switch to components sourced from other manufacturers in countries that may or may not be adversarial to the US.  Would this make the product subject to scrutiny or a ban?  

A WiFi thermostat or Wifi controlled lighting, among a host of other connected devices can be used to attack a network.  It seems like it's going to be a monumental task to ban so many things, and this may not solve this problem.

I don't think the Chinese government, or any other adversarial country for that matter, will simply limit their efforts to breach our networks to just a few industries' products.

 

Agree: 7
Disagree
Informative
Unhelpful
Funny

Agreed, especially when you are starting to see the mainstream adoption of smart home devices on residential networks. This is a recipe for a disastrous DDOS attack. However, as a standard cybersecurity practice, end users should avoid technology with a track record of vulnerabilities, poor best practice methods for network integration, and lag and\or denial of those vulnerabilities, no matter what manufacturer or country of origin. 

Agree: 1
Disagree
Informative
Unhelpful
Funny

US Senator criticizes Hikvision on social media overnight:

This is not the type of attention Hikvision wants nor needs.

Agree: 13
Disagree
Informative
Unhelpful
Funny: 2

That "Chinese Spy Company" tagline could really catch on, seriously. Hikvision is going to be spending a boatload of PR cash to dig out of this.

Agree
Disagree: 1
Informative
Unhelpful
Funny

Hikvision is going to be spending a boatload of PR cash to dig out of this.

Stop looking on the negative side. Think about how many jobs Hikvision can create for American PR people ;)

Agree
Disagree
Informative
Unhelpful
Funny: 11

I don't always spy on government networks, but when I do, I use ********* cameras, the Chinese Spy Company...

Agree: 1
Disagree: 1
Informative
Unhelpful
Funny: 6

That's definitely bad press.

I vaguely recognised the name so I asked google for more info on.

They could have hired him for their lobby! (pun intended)

Agree
Disagree
Informative
Unhelpful
Funny: 1

Vaguely recognized the name?  He ran for president 2 years ago.  Did fairly well.  

Agree
Disagree: 1
Informative
Unhelpful
Funny: 1

Sorry Rich I am not a US citizen, or even resident. I needed Google and got more than I was expecting.

Agree: 2
Disagree
Informative
Unhelpful
Funny

I got an option to consider- Go Vivotek (Taiwanese) and enjoy a ringside seat until the fight is over...