Hikvision is going from being a money train to a toxic waste truck.
Sell Dahua or Hikvision At All, Banned From Selling to US Federal Government, Says US HASC
The US House Armed Services Committee (HASC) Communications Director has confirmed to IPVM that if a company sells Dahua or Hikvision at all, they will be banned from selling to the US federal government.
However, this interpretation / implementation of the NDAA bill banning the Chinese mega-manufacturers is being contested. In this note, we review:
- HASC's statement
- Hikvision's lobbying efforts
- OEM impact
- Distribution impact
- Dealer / integrator impact
- Expected opposition
- Future rules / guidelines issued
Will this be enforced when the ban officially commences next August? IPVM investigates inside.
Statement **** ** ****
*** ** ***** ***** ******** ********* is *** ********* ***** *** **** bill *** *** ********* ******* ***** and *********, ***** ******, **********.****** ******, ***** ***** ******** ********* ************** Director ********* ** **** ****:
*** *********** ** ****** ******* ** the **********. ** *** “******” ***** Hikvision / ***** ******* ** *** way ** ******, **** *** ****** from ***** ******** **** *** ******* government
Relevant *** *******
*** ****** ** **** ******* ** be ***** ** ***. *** (*)(*) of*** ***, ******* *********** *****:
***. ***. *********** ** ******* ****************** AND ***** ************ ******** ** *********.(*) Prohibition ** *** ** ***********.— (*) The **** ** ** ********* ****** may ***—(*) ***** **** * ******** (or ****** ** ***** * ********) with ** ****** **** **** *** equipment, ******, ** ******* **** **** covered ****************** ********* ** ********as * *********** ** ********* ********* ** *** ******, ** ** ******** ********** ** **** ** *** ******. [emphasis added]
******** ****** **** ********* *********** **** as ***** *** ******* **** ** the **********. *******, *** ** **** is ************ ** ** ******* **** products ** ******, ********** ** ***.
Hikvision ******** ******
********* ** ** ******* **** *** Daily ********* ****, ********* ** **** ***** and ******* ** **** ****:
*** ******* ***’* ******* ** ***** the **** ** ******** **********; ******, it ** ******** *** ** ******** statement ** ************* ****** **** *****prevent *** ****** ** ******** **** ***** ****** **** *********** ******* *** ********* ****** **** ***** ******** **** *** *.*. ********** **********. [emphasis added]
******, ******* *** ****'* *******, ********* is ********** ** ***** ******* ** lobbyists *** ***** ************ ********* *** two ***** ** ******:
- ******* ************** $***,*** **** *** **** ** months. ******* ****************** ***.
- ******-********** [**** ** ****** *********] *********** $**,*** *** ***** (***** *** go ** ** $**,***). ******-********** *** a**** ************ **** ******.
****** **** ********* ******* ***** *** other ******** ***** ** *** ****** leading ** ** *** ****'* *******:
- ****** ****************** ****** **-**** *********** **** ******* heading *** ********. ******* ************* ********** *** *** ******.
- ********* **** *************** **** *** ****** “****** **** and ******** ********** ******** **** *** account”,*********** *** ***** *****.
Hikvision ** *******
********* *** **** ** ****** ******* (nor ****** ************* ** *******) ***** the ***'* ******* *** ******** ** comment ** *** ** **** *********. However, ***** ***** ******* ***** ********, Hikvision ** ******* ********** ** ******** behind ****** *****.
SIA ** *******
***, *** ** ***** ************ **** on-staff *********, *** **** ** ****** comment ***** *** ***'* ******* *** declined ** ******* ** *** ** HASC *********, ************* ** *** *******, **** *** comment. *** **** **** **** ***** a ****** ********* ** **** ***** in *** ******.
OEM ****** ***********
*** ****** ** **** ********** ****-********* like *** (**********) *** ********* ***** potentially ** **** ******. ** ** hard *** ****-**** **** ** ******* drop ******* ***** ******* ***** **** and *************.
********, ***** **** ***** ***** ** obligated ** ***** *** ********** ** OEMed ******** **** *** ** **** did **, **** ** ***** ********** customers *** **** **** ***** ** Hikvision ********** ********, **** ***** **** be ****** *** ********** ***.
** *** ***** ****, *** ************* risks ***** ********* ****** ***** **** this ***** ********** *** ******** **** the *** *****.
Distribution ******
************ ****** ** ****** ** ** more *******, ******** *** *** *******, etc., ** **** *****, ** *** sell ** *** *****, ***** ********* not ** ******** ******* **** ***** dealer ********* ***** **** ** *** US ******* **********.
********** ****** ********* (**** *&* *****) could ** ******** ** **** ** regularly **** ** *** *****. ******, theoretically, *** ***** ** ****** ** would ** ********** ****** *** *********** inconsequential ** **** ******* *** ***** or *********.
Dealer / ********** ******
**** ***** ** ***-**** *********** ***** avoid **** ******, ** *** *********** who ** *********** ********** **** ***** avoid ***** ****** ***** **** ******* who **** **** **** ***** ** smaller ***-********** ******* ******.
*** ****** *********** (*.*., *** / Tyco *** ***) *** *** **** likely ** ** ******** ** **** as ***** ********* **** ** *** a ***** ** ******** **** *******, price-sensitive ********* *** ******* ** ***** and ********* ***** ** *** **** time ******* ****** ** ******* ********.
******* *** ***** **** **** *** be ******** ** * *** ** selling ** *** ******* ********** *** also ************* **** *** ***** *** federal ********** **.
*** *** ******* ***** *** **** to *** ******** ** *** ***, but **** ************* **** *** ***** Guard (***** ** *** *****), *** *******'* ******** ** ** office (***** *** *** ** ************* ** ******** *******), ** *** ****** **** ** the *********** *********** (***** ********** ** *** ******* **********.)
Potential **** ******* ******
*** ********'* ******* ************** ** ****, to ****, ** **** *** *** only ******* **** ** **** ** the ** ********** (***/** ********** ******, critical **************, ***.).
*** ** **** *********** ***** * far ******* *** ******* ****** - effectively ********* **** ** ****** ******* selling ***** *** ********* ** *** vs ***** ******** **** *** ** government. **** **** ******, **** *********** who ***** **** ************ ** *********** sell ***** ******** *** ****** ** forgo **** ** ***.
***** ** **** * *********** **** that *** ******* *** ******* ** state *** ***** ***********. **** ** already *********: *** **** ** ******* in ******** ****** *** ** ***** and ********* ********* **** ***** *** NDAA's ******* (***** ** **** **** *********).
Expect **** **********
** ****** ************* **** ********** **** the ******** ** ****, ********** **** the ******* ******* ** *** ******** who **** ** ******** ***** **** businesses ** ****** ***** **** *** US ********** *** ***** *****-********* *********. Moreover, ** ****** ********** **** *** private ****** *** **** **** ** an ********* ** *** ** ********** into **** *** ** **** / offered ** ******* **********.
Rule / ********** ****** ******
** **** *****, ** ****** ****** rules ** ********** ** ** ****** by ******** ** ********** ******** ***** how *** *** ** ***** ***********. When **** ******* ** *******. ***** then, ** ***** ****** *********** ******** and ****** ***** *** *** *** should ** ***********.
Poll / ****
Now THIS... THIS just got interesting.
No doubt this article ruined Marty Calhoun’s morning BM.
Leave Marty alone...
In all seriousness, for the handful of Hikvision dealers that sell heavily to the US government, the ban, as is, was already a problem.
This is more of a problem for companies that only do a minority of business to the US government but most to SMB / residential. What do they do, if this comes to pass? Do you drop Hikua to keep your small US gov business but potentially lose / cause disruptions in your main market? That's not an easy call.
Do you drop Hikua to keep your small US gov business but potentially lose / cause disruptions in your main market? That's not an easy call.
If this really gets teeth and causes problems I expect to see more instances of "Bob's Cameras, Inc." and "Bob's Hikvision Outlet, Inc." - one person setting up two legal entities to get around the issue of being banned from government sales if you sell Hikua.
While it looks dramatic on the surface, given how poorly GSA is administered and the lack of penalties for companies that knowingly sell banned product that is miscategorized, I am not sure there will be much enforcement behind this.
I was just thinking about a soon to be increase in LLC creations.
AAA Camera Company - Pro Hikua
AAA government Security - No Hikua
All with the same backend management/staff/owners.
We do not disclose who is or is not a member. And I do not want to speak for Marty.
Generally, anyone who is a Hikvision dealer and has non-trivial US government business is in a difficult position.
I have to think there are some website partner pages being edited feverishly at the moment.
there is one simple solution to the totally retarded rule from the government: just split your business in two formal entities. takes some work, but you can sell to/from both. you can even have the same physical store, but webshops would need to buy an additional domain name.
This is definitely an interesting development. I'm wondering how quickly these companies that work with government can drop Hikvision/Banned Camera manufactures from their lineup.
So is this just Hikvision or Dahua or does this include all the OEMs?
Yes, good point. As discussed in the original ban passage, products 'produced' and sold by 'affiliates' would be impacted.
So when will DVtel change their Hik OEM encoder? Or is that ok to have "just a little bit of Hik" in your line up and not draw any attention to it?
John - don't forget to add Stanley who just acquired 3xLogic (HiK OEM) to the list of major players impacted
How is this a good thing? It seems that the US has security concerns with these cameras and are blatantly ignoring the litany of other unsecured devices from numerous other vendors. Do I trust the security of a Hik camera? No. Do I trust a Bosch, Panasonic, Axis? No, no, no. Why do I sell/install them then? I HAVE NO CHOICE, the camera market has moved in to the IT space.
IP cameras are IT devices. Whether or not you lock them down, they are network cameras, NETWORK. Today, IP cameras are really computers with lenses on them. How could this not move into the IT space?
That's pretty well on the money. Security is, well - security. Vulnerabilities are actually all IT based, created by a generation of geeks without a shred of knowledge of CCTV. The ball started rolling years ago when Axis just looked to IT departments and disregarded integrators to grow their model. Now look where we are - every IP camera manufacture is complicit in compromising the very essence of security. It may well be the way of the world that it was always going to go to IT but there are absolute basics that's should still apply. Never place any security system on an internet facing platform. never share a network with any other IOT device other than the security devices that comprise the system. If you you have to use the network, ensure the very basics of firewalls, password changes, and full security configuration is used. If its a particularly sensitive camera, that doesn't need to be send over the internet - then leave it off. Think analogue and remember the very first letter of "C"ctv. You'd be amazed how easy it is to lock down a system by simply removing the RJ45 from the link to the outside world. At some point common sense will kick in...….
Never place any security system on an internet facing platform. never share a network with any other IOT device other than the security devices that comprise the system.
While that does improve security, that is increasingly unrealistic as users value remote access and manufacturers can improve products with cloud services (e.g., better analytics, off-site storage, etc.). Look at current stats - Surveillance Systems Remote Access Usage Statistics. Remote access is most common already and will increase as the utility of cloud-connected systems expand.
The future is certainly Internet connected video surveillance. Systems need to be good enough and trustworthy enough to support that.
The future is certainly Internet connected video surveillance. Systems need to be good enough and trustworthy enough to support that.
John I fully agree. That's why I feel pushing for legistation/a clear rule set would make much more sense. Way more sense compared to this bill.
I don't disagree, but the issue is that remote access is being sold as system capability without the caveat that its leaving your system wide open to hacking.
As for cloud storage, well that's a very pretty concept that just fills millennials with all the aspiration they need. But who really trusts the cloud when in essence you ae sending off private, confidential, potentially compromising, commercial and operational data to an unknown facility, operated by unknown persons with unknown resilience to hacking. We know how weak iCloud and Yahoo was - so what makes CCTV or access cloud any better?
People are being sold a myth and expecting CCTV manufacturers to pick up the full responsibility for LAN/WAN/Cloud resilience, which is not practicable. They are part of the solution, but not solely responsible.
Ask yourself another question - just how much of the US Government and Defence data is hosted by external Cloud storage and has this storage been under the same microscope as Hikvision for it's integrity or are people just blindly accepting that its tighter than the Trump/Putin make bonding?
A security solution is end to end and nothing should be looked at in isolation.
What can I sell? I need a new low cost CCTV solution. :(
Vitek is just a TVT OEM, you can just buy Qsee or avycon or ENS for the same thing.
see above for Vitek. DW is very similar. MOST of their lineup is coming from Korea. Their turrets are TVT OEMs.
Not entirely true. They have a product mix of both Korean and Chinese products. The Transcendent lineup is TVT OEM, the OnCue recorders and Virtuoso camera lineup come from Korean facilities.
@John Honovic: this is my point, people will search the next brand with good/decent quality at the hik/dahua pricepoint.
With this knowledge the next series of articles/ban requests/lobby efforts can be started. Just leave out the brand name for now and add it at a moment of choice.
people will search the next brand with good/decent quality at the hik/dahua pricepoint.
Disagree not about Dahua nor Hikvision but about how brands gain significant share. Some people will 'search' for the next brand but most people make purchasing decisions based on heavy sales and marketing expenditures plus local support.
If Uniview steps up with tens of millions of investment in US sales, marketing and local support, hiring 100+ people, Uniview has the chance to become a major player.
Otherwise, sales will go up for Uniview, given the Hikua situation but they will remain minor players since most dealers want local 'factory' salespeople and local support.
Well for EU, Hik sales started before the Hik footprint with local staff really started.
It has helped their growth no doubt. My point is not it will be UNV, my point is that the door is wide open for any Chinese brand to be funded right into the spot.
If so many installers and intergrators (and thereby also end users) have gotten used to the pricepoint, I am certain there will be a big demand in that space.
My points have been eloquently worded by Robert Shih:
1. If foreign state ownership is the issue, then Dahua should not have been included. Also, a more comprehensive electronics bill should be drawn up to cover more potential threats from China.
2. If this is trade related, then tariffs would have sufficed rather than completely forcing the market's hand. Also, the Buy America act would have been sufficient if properly enforced.
3. If cyber security were truly the issue, then there should be a governing body that upholds these standards across the board that all manufacturers should abide by.
Adding that if a company sells these brands anywere excludes them from government business is really strang.
If you feel their judgement is off because of selling these brands, the list should be more comprehensive.
Genius Interpretation! They must think the thousands of companies selling Dahua and Hikvision are secret Chinese spys and had to act accordingly.
If this isnt a clear indicator of how mindless the ban was and still is, i dont know what is.
If they hate Hikvision and Dahua that bad, just ban them completely already and stop beating around the bush.
SMDH
Or, they think integrators selling those products are ignorant to the risks they pose, and thus don't want to deal with them at all. I am only slightly exaggerating here. If you can't recognize the risks posed with those products, you shouldn't be advising the government and selling them anything "security" related.
What specific risks does a current Dahua and Hikvision camera have that other non-banned manufacturers have such as an Axis camera or you name it?
That it is manufactured by a company with a track record of intentionally placing back doors into their products, a company no less owned by a hostile foreign government.
There, I summed up the Hikua dilemma in one sentence.
When’s the liquidation sale?
Oh, and sorry for interrupting your morning BM.
I understand that you must be happy that it actually takes an act of congress for you to compete but honestly thats not something to be proud so lets keep the argument sensible and free from undisclosed sarasm. Oh an BTW, ban or not, I still eat competitors like you for breakfast and BM them out each morning so your statement is not entirely false.
The backdoors were not intentional. Vulnerabilities are found in every manufacturer. Dahua is not owned by China. And to call China hostile is debatable. I shut down your summation in 4 sentences.
I'll let you know when the liquidation sale is, perhaps then you can actually make some money. ;)
Absolutely correct UD#7 - China has blatantly stated their hostility to the US, both militarily and economically.
I agree. All you have to do is follow what's going on in South China Sea.
China is no more hostile than the US. Trump initiate the hostile tariffs against many of its "allies" as well as it's perceived foes. That is hostile.
Hey Sean, it worked! I looked at your web site to get an understanding of what you like for breakfast. My pallet is more refined, so I will not be able to understand your perspective very well.
While I prefer all government stay out of my business; It appears that the federal government must pass laws to prevent ignorant people from knowingly and willfully risking security for personal gain. It seems to me this is a new concept by the federal government over the past few years.
Not to worry Sean, there is plenty of other government entities that prefer personal gain over security, you will be fine and have plenty of breakfast to feast.
Thanks Gary. This conversation is starting to get wierd. Nonethless, I cant stay silent to subtle trash talk, although its respectful that you disclosed yourself. I said I eat competitors for breakfast via our sales, I dont eat my own products which is what you alluded to. While you may be fasting, I dont necessarily consider that a "refined" pallete choice.
Yet the size and number of back doors and vulnerabilities is astounding!!
Selling these manufacturers is a security risk to the US gov, and critical infrastructure...
You seem more concerned to your profits in selling such cameras than you are to the risks they present.
As for your Chinese breakfast... enjoy while you can...
Saying that selling these manufacturers poses a security risk to the US gov depicts a certain level of naivety.
The day you started using IP cameras is the day you created a whole new set of security risks. I feel I should inform you all that IT security is more complicated than China = Bad/Anything else = Good.
You have almost no ability to keep an educated and determined intruder out of your home, we all know that. We don't however seem to know that that logic also applies to our IT infrastructure. Try as you may, you can't really keep the Russians, Chinese, FBI, NSA, 16yo hackers etc off of your network. Did you ever really think you could?
Do you think the Chinese have a problem hacking in to Axis systems?
Blame Hik if you want to, but as an IT and technical security systems auditor, all you guys are fucked.
It's the wild west of CCTV systems hacking and the manufacturers don't even give us the proper tools to secure the network.
Run a Shodan search and see how many systems out there are still affected by Shellshock.
Sounds to me like you're bitter you cant install cheap shit anymore.
every integrator that employs this kind of argument that basically says "any camera poses the same amount of risk as all other brands" is putting their head in the sand.
Also, NO I don't think Chinese have issues hacking into an Axis system. They are also the same country that blocks Axis out of almost all installs in their nation. China is going for world domination and they unfairly discriminate against other manufacturers from other parts of the world.
Answer this: Why is it NOT okay for the US to do the exact same thing as China and essentially block Hikua out of our nation?
Bitter that I can't install cheap shit? Sorry, but even at $150 for a 4k camera,, that ain't cheap. Less than $1k for a full system? That's ALLOT of money for us regular folk.
I wouldn't say each camera has the same amount or risk. I'm saying they -for the most part- all have the same TYPE of risk.
You put your camera on my network, now you have all the risks of every other client on my LAN.
So, you are worried that a camera system may be vulnerable to China, yet you admit that the Chinese can hack in to other systems anyway. Now you are becoming a Security Specialist.
Asking if China can hack into an Axis camera system is like asking if Stephen Curry can hit a 3 pointer. You're talking about a country that admits it has an army of hackers.
I'm not claiming to be a security specialist. But at least I'm a realist.
Really? And your kit has no vulnerabilities - prove it. So your benevolent company is not interested in profits - is that because its a pseudo charity (Bosch) or is it because it's commercially ignorant?
Built your wall and use your own US manufactured kit....oh hang on....
Yes 4 sentences, that make little to no sense, while no one can say the back doors are intentional, neither can you say they are not...
As for whether China is a hostile government to the US, I suggest you try reading the news in general...
While I empathize, with the impact that this might have on your business, it is not the governments concern if you base it off cheap OEM cameras, with little care to the security impact to the end user, Public or private!!
"The backdoors were not intentional"
How can you be so sure Sean?
Just because Hik told you so?
Are you insinuating every company that has placed a backdoor should succumb to the same fate of crony capitalism? Goodbye, Microsoft, Juniper, Cisco, Sony, EA Sports, Blackberry. The question should be, what company did NOT provide a backdoor? When I find that company, I'll let you know.
Direct State control is all I can think of. All of the other IP camera manufacturers suffer similar issues as a lot of these devices will utilize many of the same software libraries. That's why when you see an openssh patch published, you'll soon notice vendors downstream start to patch their hardware.
thats fair but Dahua is not state owned, thereby invalidating this argument.
Sean - you really don't now exactly how involved the China government is with Dahua, do you? You don't know for sure if the backdoors and vulnerabilities discovered so far were intentional or not.
All you "know" is what they have told you. Keep in mind both Dahua and Hikvision have been shown to be dishonest and untrustworthy in multiple ways.
You have not invalidated any arguments or "shut down" anyone's arguments here. You have only continuously shown how ill informed and blind you are.
Sean - you really don't now exactly how involved the China government is with Dahua, do you? You don't know for sure if the backdoors and vulnerabilities discovered so far were intentional or not.
Please enlighten me on your insider knowledge and how Dahua compares to every other Chinese company that is or isnt involved with the China government.
Sure, once you acknowledge my comment that you are talking out your ass and don't actually "know" one way or the other how much China is involved with Dahua, or the motivation behind the backdoors put in Hikvision's products.
I never admitted this, therefore no ass talking. I asked you to enlighten me with your knowledge. Looking forward to your ass-talk free insider knowledge.
Can you both stop? I usually enjoy reading the comments as I tend to learn something new from an installer/integrator's perspective. If you two want to go at it, please do it offline.
Sean, you're business and therefore livelihood is Hikvision, thereby invalidating most arguments you make.
Objectivity and safeguards against manufacturer influence are why IPVM is the most respected source of information in our industry.
If Objectivity is the aim you would make a rule set ANY manufacturer needs to meet. Banning two that are now the biggest is far from objective
Banning two that are now the biggest is far from objective
Worth keeping in mind that those two are now the biggest because China blocked out their foreign competitors, ironic given the issue we are discussing here.
If that’s China’s plan, what’s stopping them from now backing UNV or another company and doing it all over again?
The ban leaves room for any Chinese company not mentioned by name, and that’s a lot
This is a stellar oppurtunity for UNV right now, but then again, they should obviously tread lightly of capturing too much attention. Danged if you do, Danged if you dont.
Nobody (seemingly even Dahua and Hikvision themselves) really knows for sure what current risks are in those devices. The Hikvision IP Camera Critical Vulnerability 2018 report shows that new vulnerabilities are constantly being found in Hikvision devices.
Hikvision and Dahua have an extensive history of critical easily exploited vulnerabilities. Far more so than Axis or other non-banned manufacturers. Couple that with the fact that these products originate from a country (China) that is not really considered to be a US ally. This makes those products significant risks.
If the Swedes (Axis) elect a Communist dictator and start pumping out firmware riddled with comparable vulnerabilities I would be all over the suggestion to ban them as well.
Of course, this has been presented to you multiple times, but you don't seem to be able to evaluate it beyond "Axis has some vulnerabilities also" and "Hikvision makes me money, therefore we shouldn't pick on them".
I've said this before, let Hikvision go a year or two with no critical vulnerabilities being reported against them AND have their response to vulnerabilities not be spin and victimization, and maybe they could be considered a more trustable device. Let's see if we can get through the next 11 months with no new Hikvision cyber security snafu's.
Much bigger footprint for Dahua and Hikvision to be exposed than Axis or the others. No telling how many vulnerabilities still havent been found in those products. Axis is a great company, and has great products, but they are more expensive and traditionally geared towards enterprise market which are typically installed on much more closed networks. Much smaller footprint.
Sean, the footprint argument is BS!!! Regardless of how many cameras are sold, there is no correlation to the number of vulnerabilities... If I manufacture 5 cameras, it does not make them secure under that reasoning..
Enterprise systems, are not necessarily closed systems, I have dozens of customers that are based across the world, I can get in to the their systems for diagnostics etc...
And again you lay yourself bare by the statement that that AXIS is more expensive... Cheap is cheap, the expansion of Hik footprint has been done by vast investment and loans by the Chinese Government, and the Chinese Government keeping rivals out of their own domestic market...
As they say in China 感谢上帝,推迟Sean Nelson购买我们的产品!!
What, in your opinion, has more vulnerabilities? Hikvision or Windows OS? Or even for this sake Apple products?
let me ask you another question
Who has been hacked the least among the above manufacturers?
Footprint.
What, in your opinion, has more vulnerabilities? Hikvision or Windows OS? Or even for this sake Apple products?
Sean, you ask a lot of questions, and pose a lot of (misinformed) opinions about why you think Hik is not a threat, but you rarely state anything definitive that can be independently verified.
Maybe try posting some data and numbers of your own, instead of "asking" people for responses. Do some research on what you think is comparable data and come back with an information-supported argument.
Would you also like me to provide data that the earth is round and the sky is blue?
Would you also like me to provide data that the earth is round and the sky is blue?
Nah, just start with backing up your claims about Hikvision with actual verifiable data.
Or, if you can't do that, just keep deflecting and asking stupid questions.
This is senseless Sean. Windows has more bug and cracks than Hik ever will, but it's American. So it's safe and Bill Gates allways had everyones interest at hart.
Just like Facebook always wanted you to just enjoy their games. They never did anyone any harm right?
If they don't want to see the big picture, they never will.
LOL. We don't want to see the big picture. That is funny. Thanks for the chuckle.
Hik......for a device that does so little in comparison to the others, the number of vulnerabilities is astounding!!
If you disagree, please provide accurate verifiable information, not reheated Hik/Dahau misinformation....
That is a strawman argument. Microsoft Windows version x or y is an operating system, designed by huge teams, and designed to run on hundreds of manufacturers of systems. It is an operating system designed to run tens of thousands of software programs and allow user interaction, etc.
An IP camera is an IoT device or embedded device with a few APIs and designed to do one primary thing - capture video and send it out the network.
Yes, there are cameras that can run apps, but let's ignore that for now. There are only 3 or 4 manufacturers that do that, on a limited set of models. And there are only a handful - maybe a hundred apps in the world.
Any complex system, like an operating system designed to run 3rd party code, and to run on different hardware platforms is going to have vulnerabilities. The question is how forthcoming are they with info and with updates.
Can you imagine if a car company didn't acknowledge defects or issues or recalls... Oh wait... That is why certain car companies don't make it to the US... There are dozens of Indian or Chinese or other car companies that we have banned, Maybe it is due to their track record, or simply product safety.
Same thing here.
An embedded device should be easier to harden because you don't need to expose the internal modules. Everything should be parsed and sanitized and filtered before the OS gets the data.
A companies track record is SO important here. Personally, the ONLY way Hik or Dahua can make this better is to 1) actually become open vs. sending out poorly worked fluff marketing bulletins and 2) start over from the ground up - get rid of 100% legacy code and actually design a new camera & NVR & DVR & VMS. Design it with cybersecurity in mind. Yeah, it may require a new API and integration, but heck - with thousands of engineers it shouldn't take too long :). Yeah, I now that adding more engineers doesn't actually speed up a project based on man-hours needed....
Start from the ground up stating no more plugins and only HTML5. Use ONVIF and known encryption protocols. Don't hide the encryption in a special FIPS firmware, but trumpet that YOU ARE THE ONLY COMPANY WITH FIPS COMPLIANT CAMERAS, when they are not publicly available.
Finally, you HAVE to solve the grey market/OEM issues. I know that is how you started and you sell a ton of products, but you have to pick your channel. Either be a B2B product and cut out the OEM or stick to OEM and be honest about it.
We have all seen the OEM > direct backstabbing. It is shameful home many large "manufacturers" with a nice brand name don't actually manufacture cameras. I have a feeling that in the next 12 months much of this will shake down due to the ban and the Honeywells, etc. will have to bail out of the game or pick a different OEM and be honest about it or actually make their own products!!!!
The OSs on camera/NVR equipment is a full fledged Operating System. Complete with a TCP/IP stack, DDNS, HTTPD. You can install anything else you want if you know how to compile by source and are strong willed enough to endure dependency-hell as packaging software has normally been pulled from the base images.
In other words, it's a pain to install other apps, but it's certainly not impossible.
The OS on an IP camera or NVR SHOULD NOT be a full-fledged OS. It should be a stripped down OS that has removed ALL of the unneeded features, functions, libraries, and servers/daemons.
Maybe that is the difference between the different tiers of manufacturers. Some re-write the OS and remove the unneeded things, others just use the stock firmware or lock things down but don't really remove things (think telnet).
Another big piece is that some manufacturers use Trusted Platform Modules (TPM). This makes it so that a skilled hacker can NOT change the OS or recombine firmware (Hikvision). Thus better securing the camera.
Excellent way to point out the blatantly obvious. There is almost zero analogy between an OS that must run on hundreds to thousands of different hardware options, and run thousands of different programs/drivers/etc., versus a very limited purpose device where the maker has full control over both hardware and software. Anyone suggesting the 2 are comparable has no clue.
How obvious is it that IPVM and others will not spend the time and effort in analysing vulnerabilities of a small manufacturer? Yes, Hik and Dahua have a built a huge glass house for themselves and are there to be pilloried whilst the myriad of start-ups, non-Chinese OEM and plenty of others go under the radar and are pushing kit out that leaks like a sieve.
This a simply a jingoistic monologue that is as boring as it is repetitive.
Are small startup OEM companies being sold to and installed in US federal Government facilities? That is the point of this discussion. I am sure that these small companies have cyber issues, and should be discussed, but that is separate from this discussion of Hik and Dahua and related being banned by the US bill.
If this is your point, ban all Chinese, not just the two biggest at this moment.
At least that would be a clear statement.
At best, you kill the Hik and Dahua business in the USA and in a few years a new lobby for a new ban will try to kill whichever Chinese company has stepped into the void hik and Dahua leave.
People won’t go back up to the high prices lower quality of pelco and the likes of them.
Call me ignorant because I like Hik but banning two brands just makes little sense. It’s a bandaid.
People won’t go back up to the high prices lower quality of pelco and the likes of them.
That's a strawman. The Pelco buyer has largely moved to Axis, Avigilon, Hanwha, Genetec, Exacq, Milestone, etc., with or without the Chinese.
At best, you kill the Hik and Dahua business in the USA and in a few years a new lobby for a new ban will try to kill whichever Chinese company has stepped into the void hik and Dahua leave.
You've made this argument now a few times so I'll address. Hikvision and Dahua are way bigger (on the order of 5 - 12x as large) as the next biggest Chinese video surveillance manufacturer plus Dahua and Hikvision have been taking market share away from other Chinese companies inside of China. Because of that, your assumption that other Chinese companies will easily fill the 'void' is much more questionable than you imply.
And given that you seem to be granting that Hikua is effectively a cancer, the US might as well treat that now.
I never granted hikua to be a cancer.
Firstly I prefer not to use a desease that hurts so many in any way or form, even an argument.
Secondly, already on IPVM people are discussing alternatives and the likes of UNV are popping up.
Another Chinese brand at the Hikua price point.
the likes of UNV are popping up.
Another Chinese brand at the Hikua price point.
Would you be happy if the ban includes UNV too?
UNV is certainly the 3rd most common Chinese branded option but they are a distant, distant 3rd in the West. They will need to invest tens of millions in overseas sales and marketing to attempt to be a serious factor, which they have refused / been incapable of to date.
No I don’t want UNV on the list. My point is the uselessness of this ban.
The door is wide open for UNV if China decides to fund it.
instead a clear bar could be set to any product should meet before being sold.
if you now switch to a US built camera that is so weak the Chinese can break in is that any better?
if you now switch to a US built camera that is so weak the Chinese can break in is that any better?
That's a genuinely laughable assumption that Dahua and Hikvison cybersecurity is somehow comparably strong. Keep in mind, both companies, among various issues, continue to maintain an unremovable side door that lets them access any system (e.g. Hikvision Responds To Cracked Security Codes).
If this is your point, ban all Chinese, not just the two biggest at this moment.
OK, I have no problem with that. I'd like to see any Chinese surveillance cameras, access control equipment, DVR/NVRs, software and similar components banned in the commercial surveillance sector. It would probably be worth banning them in the consumer sector as well, but I think that is impractical. Similarly, I have always felt the ban of Huawei equipment from the telecom market was logical as well.
China is not our ally. We ("we" being the general American population) like their cheap goods, I get that, and it is probably a necessary evil on a number of fronts to import low-cost mainstream consumer stuff from China. At the commercial level, and particularly at the Government level, that stuff should be strictly banned. I stopped buying Lenovo laptops a decade ago for similar reasons when I was in charge of IT-related purchases for various companies. If a country is hostile to us (directly, or passively) I don't think we should be plugging their equipment into our networks.
For this bill, I think Hikvision was named because they have direct government control, and they have a history of cyber security vulnerabilities across basically all of their products. Dahua is mostly guilty by association, they have proved to have similar gaping and mishandled vulnerabilities, and if we suspect the Chinese government would use Hikvision as an attack vector, it is logical to assume that cutting off Hik would just have them move to Dahua, so might as well just cut that off right from the start.
In all seriousness, if XM, Longse, or any other large(ish) Chinese manufacturers try to step into Hik/Dahua's shoes here and fill the void, I would expect their names to be directly added as well.
I don't think the bill named Hikvision and Dahua in the sense of listing the entirety of the threatening or suspect companies, they were just the two most popular and visible companies to start with. There is likely more to come.
You’re the first or at least one of the first to just say that’s right ban all Chinese.
Most others try to give reasons that make no sense and misguided info.
we may not agree but I appreciate your clear view and explanation
Hikua is the biggest threat because of several factors. Mitigate the largest threats first but maintain the market for low priced camera systems that do have a good use in society. If another threat emerges, ban them too.
You went from one extreme to the other, naming Hikua and then Pelco to misrepresent options available in the market. There are several options of price and quality between those two brands.
I think a really great thing Hikvision did for themselves (and horrible for the industry) is changing the perception people have for what a professional camera should cost. They were able to do this because of an infinite government-sponsored budget and because the camera industry is very underregulated, so specification sheets can easily hide cut-corners, low-grade components, build quality issues and swiss cheese firmware.
I think a really great thing Hikvision did for themselves (and horrible for the industry) is changing the perception people have for what a professional camera should cost.
Interesting point. No doubt competing on low price was a key Hikvision tactic and important to their early success but it had very negative downsides:
(1) Their brand and general consumer perception became centered around low-cost because of their literally constant sales. They devalued other manufacturers but they also devalued themselves.
(2) By being so cutthroat on price (while spending so much on sales and marketing), Hikvision created many enemies among their rivals. This is a key reason why competitors are largely cheering the US government's actions.
I genuinely think that Hikvision's long-term outcome would have been better not being so centered on cutting prices.
gutting pricing - in any global industry/market they choose to seek domination of - is an overt and well-documented practice that the PRC uses as SOP#1.
it is what they do.
I disagree. Price compared with Quality is what made them so popular. Market Disruptors tend to have enemies in their respective market so its not surprising that competitors are cheering this. Can you imagine the cheers from ADT and the likes if Simplisafe got banned?
Price compared with Quality is what made them so popular.
Actually, it is price compared to quality + massive sales spending + marketing spending.
Market Disruptors tend to have enemies in their respective market
For example, Axis was a market disruptor (think back to 2008). Competitors did not hate them because (1) they competed on quality, not price and (2) they are not funded by an authoritarian government.
Im not disagreeing there are ways to disrupt markets other than prices. Look at apple. Companies like that are often more respected for the value they add to the industry. Axis is respected because of this and because they were pioneers in the IP camera industry. Companies like this rarely put others out of business because they are in a class among themselves or created a new industry altogether.
Nevertheless, there are companies who disrupt based solely on pricing and/or demolishing old ineffecient sales models. These companies are generally hated in their respective industries because it makes other companies lower their margins or become uncompetitive altogether. Again Simplisafe is a great example. Amazon could be mixed in the group. Red box. Netflix. Etc.
"Nevertheless, there are companies who disrupt based solely on pricing and/or demolishing old ineffecient sales models."
historically, I would argue this point. As it is willfully obtuse and ignores all the prior debate about fair trade practices and sustainability.
But I long ago recognized that you are not debating, and instead are content to parrot the hikua propaganda to the end...
Couldn't disagree more with your examples. The foundation of disruption for those companies was technology. This technology allowed them to challenge the conventional sales model and/or price. Hikvision just undercut everyone else dramatically with no differentiation in technology or innovative sales model.
So you’ve gone from government owned to government funded...
Does that mean that to you any Chinese company is government funded?
I have not gone anywhere. Hikvision is both owned and funded by the Chinese government.
This is going in circles. Dahua is not government owned and has as much government backing as the next manufacturer would.
Dahua won nearly a billion dollars in Chinese government contracts for concentration camps in the past year, so they have ton more government backing that every non Chinese video surveillance manufacturer combined.
Yes you are right again, the price of Hik, is reflected in the quality of the cameras, especially the firmware and software that has had so many vulnerabilities uncovered over the last decade....
You can stop sucking Hik dick now....go find a replacement manufacturer..
ROFL, typical emotional uneducated reply. I know you undisclosed manufacturers are giddy and can hardly contain yourself but wow!
Really, yet you are not sycophantic towards your Chinese suppliers... You sit on this discussion, make false, illogical arguments,
My business is not circling the bowl.....you made your money by buying cheap vulnerable cameras, and now that your going to be excluded from a market space, you regurgitate Hik/Dahau talking points...Claim that there is little to no correlation between price a quality, and cannot even agree that our Government would be safer without the Chinese own and sponsored manufacturers installed in its facilities!!
Get off your knees
I enjoy a good debate but im starting to feel sorry for you and its no fun anymore. I wont allow you to make yourself look any more foolish than you already have.
As this is a professional forum, I am kindly asking everyone to refrain from profanity.
Thanks.
Remember, they are not banning the Chinese. They are banning US (Security Professionals) from selling Chinese products. The US government has displaced it's political/economic responsibility on us, without actually banning any product.
Not fair at all if you ask me.
Either let the market decide or step in with politics. Don't force every Security Professional to enforce your ill-thought plan.
Good luck enforcing Trumps ban on HikHau y'all.
Good Point.
My same thoughts are with the tarriffs. You arent hurting the Chinese. You are hurting the consumer.
I voted for trump but he has pulled some doozies lately. One of them saying Google is biased. I dont think they are biased at all, but even if they are, who cares, they are a private company they can be as biased as they want.
Stay out Government!!
Do you actually read IPVM on a regular basis? Simply look for the articles regards these manufacturers and you will see that the number of threats and issues from these manufacturers dwarfs any other manufacturer....
I do not think that "they think thousands of companies are Chinese spies", I think it is a true concern over the Chinese government being so entwined in camera companies, that the US Government cannot trust or rely on them.
Anyone that has read IPVM over the last 5 years or so can see one security failure after another from these manufacturers, Other countries are excluded from Chinese government projects because of their own security concerns......
What is good for the goose is good for the gander...
Right, I was referring to Hik.
I don't mean to politicize this topic, but usually people in significant government and political positions equip their homes and private offices with extensive security measures, including, but not limited to, surveillance equipment. What are the chances that some of these folks used the equipment, which is the subject of our discussion, in their homes and private office, and through this equipment the Chinese Government got into their network? We're now hearing that the Chinese Government was monitoring a certain politician's network in "real time", got emails as soon as they were sent and received. I don't know how factual this particular story is, but I think it is possible to do such a thing. How embarrassing, to our industry, would this be if we learn that it was equipment we use that enabled our adversaries to compromise these networks?
Also, I wouldn't expect our government to spell out how any government official, or politician's network was breached other than a general statement that the breach occurred. It's possible that our government has specific information about hacking, that they will not divulge for fear of giving away methods and abilities of our intelligence gathering folks.
I'd be more willing to bet many have cameras they've now banned in their homes and don't even know it.
If you are going to ban Dahua and Hikvision you must ban all other China cams the basis of the ban is a threat to national security. I am actually less worried about hik and dahua because of their volume, there is way more effort put in to detect backdoors/vulnerabilities. This is not the case with low volume vendors. Using those cameras can actually be a greater threat since they are not likely put under the microscope. The ban should also require the removal of such systems already in place, which it does not.
If you are going to ban Dahua and Hikvision you must ban all other China cams the basis of the ban is a threat to national security. I am actually less worried about hik and dahua because of their volume, there is way more effort put in to detect backdoors/vulnerabilities
Whats even more sad about the ban is that Hikvision probably has the most cyber secure Chinese made surveillance product right now. Unfortunately they were too late in the game.
Whats even more sad about the ban is that Hikvision probably has the most cyber secure Chinese made surveillance product right now.
Seriously, just stop trolling. It's getting ridiculous.
I have definetely trolled many times in the past, but this is not one of them.
So they are the "best of the worst??" Not sure that is the standard of a successful security model. I think that is the point lost in all of this - we are in the security business. We are not making Lego.
we are in the security business. We are not making Lego.
I fully agree with that statement. That's why making clear rules and minimum requirements make way more sense. For traditional CCTV (with no network connections) it might not have been needed, but it's very needed today.
It would take work but make a better industry. More usefull then a ban on a few brands.
The standard for a successful security product would start with not being listed by CERT or DHS or whomever with having a vulnerability, especially a 9 or 10 rating. Obviously, there can be vulnerabilities or other issues and not be listed (yet), but that is a good start.
Let's go through the camera calculator and see which products made in China do NOT have any vulnerabilities listed.
Hikvision is NOWHERE near the top of the best in cybersecurity. They constantly have vulnerabilities disclosed, and often due to sloppy coding, and not due to other libraries (openSSL, etc.) finding a vuln.
LMAO!!!!!!!!!! Oh Sean, you are precious!!!!
I have the least flammable Pinto on the road!!!!
I can understand this argument, however, Hikau's risk factor is 100x that of other Chinese brands like TVT, Longse, etc. simply by the market penetration into enterprise\government sectors in the USA and marketing power to expand that. I think it makes sense to ban the largest threats while still allowing for the low price market to exist. Banning all Chinese cameras could have an impact on the safety and security of millions of people who may not be able to afford anything but a $500 8 channel kit on Amazon.
You are confused. First, the ban does not apply to amazon shoppers. Second, if dahua and hik were selected because they are the largest, then why not mandate removal of old systems? A better solution if they felt the ban was needed would be to list acceptable manufactures.
You are confused. First, my English language, grammatically correct and cohesive sentence tied the banning of all Chinese cameras to Amazon shoppers, not this federal ban. Second, removal of currently installed Hikua systems in federally owned, operated, or funded facilities is mandated. An even worse solution would be listing acceptable manufacturers since there are thousands of acceptable ones and only two banned ones.
Yet again, incorrect. The ban does not require removal. IPVM's reporting on it is incorrect. Take the time and actually read the legislation. There is nothing in the language that requires removal of equipment already in place.
If you intended to suggest an alternative to the federal ban you should have said so cohesively. It does not read that way, so much so that you had to defend it in the way you did. :)
Finally, my point with respect to white listing when right over your head. There are not thousands of acceptable brands. All china brands are suspect. The smaller manufactures more so because they are not tested extensively. If the feds are actually concerned about security they should vet 10 or so quality brands and white list them. Problem solved. I understand though that as a manufacture you feel threatened.
I emphasize, YET AGAIN, that Dahua is NOT equivalent to Hikvision. This Bill does NOT work for all threats and it limits the market unnaturally.
Robert,
In my perspective, Hikvision ban is a reactive law (as laws usually are) and Dahua ban is a proactive one. It is amazing to witness the very rare occurrence when the US government is proactive!
Funny, but not productive IMO.
The issue of ownership separates them. Dahua is not the same exact threat as Hikvision, because of this.
Dahua CAN (not guaranteeing they WILL) change if given guidelines to follow and may be able to EARN trust (not that they have it now).
Hikvision, even in following guidelines, can't ever be trusted on the basis of its ownership.
That's the crux of my argument.
I'm sure I'm quite naive about cyber security beyond VPN's and strong passwords, but this ban may be simply folly in preventing or stemming cyber attacks, and will have little to no impact on China's, or any other adversarial country's, ability to breach our critical networks. There are many pathways into a network, by a multitude of other network connected devices, not limited to surveillance equipment or particular manufacturers.
A US manufacturer of network client devices may use all components manufactured in the USA, which is highly unlikely. But that same manufacturer may later switch to components sourced from other manufacturers in countries that may or may not be adversarial to the US. Would this make the product subject to scrutiny or a ban?
A WiFi thermostat or Wifi controlled lighting, among a host of other connected devices can be used to attack a network. It seems like it's going to be a monumental task to ban so many things, and this may not solve this problem.
I don't think the Chinese government, or any other adversarial country for that matter, will simply limit their efforts to breach our networks to just a few industries' products.
Agreed, especially when you are starting to see the mainstream adoption of smart home devices on residential networks. This is a recipe for a disastrous DDOS attack. However, as a standard cybersecurity practice, end users should avoid technology with a track record of vulnerabilities, poor best practice methods for network integration, and lag and\or denial of those vulnerabilities, no matter what manufacturer or country of origin.
US Senator criticizes Hikvision on social media overnight:
Chinese spy company was rightfully barred by Congress from getting any U.S. govt contracts. So what did #China do? They hired Mercury Public Affairs,the go-to lobbyists for war criminals,human rights abusers & U.S. adversaries to try & change the law. https://t.co/2ESbuaxL7i
— Marco Rubio (@marcorubio) August 28, 2018
This is not the type of attention Hikvision wants nor needs.
That "Chinese Spy Company" tagline could really catch on, seriously. Hikvision is going to be spending a boatload of PR cash to dig out of this.
Hikvision is going to be spending a boatload of PR cash to dig out of this.
Stop looking on the negative side. Think about how many jobs Hikvision can create for American PR people ;)
I don't always spy on government networks, but when I do, I use ********* cameras, the Chinese Spy Company...
That's definitely bad press.
I vaguely recognised the name so I asked google for more info on.
They could have hired him for their lobby! (pun intended)
Vaguely recognized the name? He ran for president 2 years ago. Did fairly well.
Sorry Rich I am not a US citizen, or even resident. I needed Google and got more than I was expecting.
I got an option to consider- Go Vivotek (Taiwanese) and enjoy a ringside seat until the fight is over...
I'd like to add that this is not just affecting the govt projects.
I was in a meeting with a large retail company yesterday and was told the reason they are completely moving away from Hikvision is because they were shown the hacked hik camera map by a consultant.
They immediately freaked out and demanded the removal of all Hik cameras and replacement with a premium brand moving forward. The negative exposure Hik is receiving right now is at an all time high and buying decisions are being changed and reversed more than I have ever seen.
Then jump right on it and sell them the premium brand they are comfortable with...
they were shown the hacked hik camera map
It's a great tool for showing just how poor Hikvision's cyber security has been.
In 2014, the Nest WiFi thermostat was hacked at a Black Hat Conference in 15 minutes. They were able to get root to the network through the device.
You can watch this on Youtube and there are lots of articles about it if you want to do the research.
So, how many products are being looked at in this same light? How difficult would it be for foreign actors to use their products, or our products, to spy?
Hopefully, they're aware that thousands of products can be used this way, and these countries won't put all their eggs in one basket, should one line of devices be banned.
yep your right.....lets not do anything then....
As we move into the internet of things we need to start looking at all manufacturers this is true, but that does not mean that as security vendors, we should not be looking at the most blatant offenders first.
Standards are needed, for all devices that are attached to the network, but that does not mean until we have every last item is secure we should do nothing...
I'm not suggesting we do nothing.... Just pointing out how the problem is much larger than just camera equipment manufacturers. If I were working in a hostile regime and wanted to breach the network of a target country, I'd look to do it with their own devices, manufactured in their own country, thereby not raising suspicion and completely going under the radar. The Chinese must know that any device originating in China and exported to the USA or elsewhere is going to be held with suspicion on it's face.
The fact that IPVM replied to Marco Rubio's tweet total dispels it's repeated argument that it is being impartial to Hik/Dahua. IPVM has an agenda and it is revealing that more everyday.
We responded with a title and link to a relevant report:
I could understand the accusation if we responded with something juvenile or ad hominem. However, criticizing us for sharing related information is a stretch.
But, hey, we are not the PRC. You are welcome to criticize us here.
Trump had better hire Mercury quickly.....
On a separate note, Rubio seems to be man who is more than a little confused. IPVM loves a Wikipedia trawl...so lets have it Marco...
"He favors collection of bulk metadata for purposes of national security"
"....he hopes for greater economic growth as a result of trading with that country (China)"
"In February 2018 he attracted controversy following the Stoneman Douglas High School shooting at a town hall event held by CNN when he was questioned by a survivor of the shooting about the supposed $3,303,355 he had received in donations from the NRA. Rubio replied, "I will always accept the help of anyone who agrees with my agenda". (mmm.....I think I can read into that one pretty easily...).
"He disputes the scientific understanding of climate change, arguing that human activity does not play a major role in global warming"
Yep - lets all listen to Marco, because he's all about credibility and integrity.
I've got $20 that says you don't even know what "Mike's Nature Trick" is. Until you've done at least a few hundred hours of researching the global warming scam, from both sides, I suggest leaving the now named "climate change" out of discussions about security cameras.
I'm not sure how the statement "... as a substantial or essential component of any system, or as critical technology as part of any system." can be interpreted as blocking purchase from those companies selling multiple brands (including Hikvision or Dahua). I would interpret this as anyone selling a system, like an inspection system that happens to have a Hikvision camera as a "component" of the system. They key word is "system".
Dennis, thanks for your first comment. Ultimately, neither my nor your interpretation will matter. The ultimate judgment will be the purchasing rules the government puts in place next year.
This was such great information and is an important topic to educate others on. We really felt this was a great topic to link within our article, "How to Choose the Best Security Systems Provider for your Facility." Check it out! https://umbrellatech.co/choosing-the-best-security-systems-provider-for-commercial-facilities/
Are you able to clarify this scenario. An integrator sells Honeywell/Interlogix Intrusion Panels. Both of these companies OEM cameras to banned manufacturers. Can you not sell to the federal government because you are selling non-camera products from a manufacturer who OEMs to a banned firm?
As an integrator, you would only potentially be banned if you sold Dahua or Hikvision products (or their OEMs). If you resell products from a company that OEMs Dahua or Hikvision but you do not resell those Dahua/Hikvision specific OEM products, you would not be affected.
The 'blacklist' element is still being debated / evaluated, see: Ban Proceeds But White House Requests Delay of Hikvision / Dahua Partner Blacklist