The US House Armed Services Committee (HASC) Communications Director has confirmed to IPVM that if a company sells Dahua or Hikvision at all, they will be banned from selling to the US federal government.
In all seriousness, for the handful of Hikvision dealers that sell heavily to the US government, the ban, as is, was already a problem.
This is more of a problem for companies that only do a minority of business to the US government but most to SMB / residential. What do they do, if this comes to pass? Do you drop Hikua to keep your small US gov business but potentially lose / cause disruptions in your main market? That's not an easy call.
Do you drop Hikua to keep your small US gov business but potentially lose / cause disruptions in your main market? That's not an easy call.
If this really gets teeth and causes problems I expect to see more instances of "Bob's Cameras, Inc." and "Bob's Hikvision Outlet, Inc." - one person setting up two legal entities to get around the issue of being banned from government sales if you sell Hikua.
While it looks dramatic on the surface, given how poorly GSA is administered and the lack of penalties for companies that knowingly sell banned product that is miscategorized, I am not sure there will be much enforcement behind this.
there is one simple solution to the totally retarded rule from the government: just split your business in two formal entities. takes some work, but you can sell to/from both. you can even have the same physical store, but webshops would need to buy an additional domain name.
How is this a good thing? It seems that the US has security concerns with these cameras and are blatantly ignoring the litany of other unsecured devices from numerous other vendors. Do I trust the security of a Hik camera? No. Do I trust a Bosch, Panasonic, Axis? No, no, no. Why do I sell/install them then? I HAVE NO CHOICE, the camera market has moved in to the IT space.
That's pretty well on the money. Security is, well - security. Vulnerabilities are actually all IT based, created by a generation of geeks without a shred of knowledge of CCTV. The ball started rolling years ago when Axis just looked to IT departments and disregarded integrators to grow their model. Now look where we are - every IP camera manufacture is complicit in compromising the very essence of security. It may well be the way of the world that it was always going to go to IT but there are absolute basics that's should still apply. Never place any security system on an internet facing platform. never share a network with any other IOT device other than the security devices that comprise the system. If you you have to use the network, ensure the very basics of firewalls, password changes, and full security configuration is used. If its a particularly sensitive camera, that doesn't need to be send over the internet - then leave it off. Think analogue and remember the very first letter of "C"ctv. You'd be amazed how easy it is to lock down a system by simply removing the RJ45 from the link to the outside world. At some point common sense will kick in...….
Never place any security system on an internet facing platform. never share a network with any other IOT device other than the security devices that comprise the system.
While that does improve security, that is increasingly unrealistic as users value remote access and manufacturers can improve products with cloud services (e.g., better analytics, off-site storage, etc.). Look at current stats - Surveillance Systems Remote Access Usage Statistics. Remote access is most common already and will increase as the utility of cloud-connected systems expand.
The future is certainly Internet connected video surveillance. Systems need to be good enough and trustworthy enough to support that.
I don't disagree, but the issue is that remote access is being sold as system capability without the caveat that its leaving your system wide open to hacking.
As for cloud storage, well that's a very pretty concept that just fills millennials with all the aspiration they need. But who really trusts the cloud when in essence you ae sending off private, confidential, potentially compromising, commercial and operational data to an unknown facility, operated by unknown persons with unknown resilience to hacking. We know how weak iCloud and Yahoo was - so what makes CCTV or access cloud any better?
People are being sold a myth and expecting CCTV manufacturers to pick up the full responsibility for LAN/WAN/Cloud resilience, which is not practicable. They are part of the solution, but not solely responsible.
Ask yourself another question - just how much of the US Government and Defence data is hosted by external Cloud storage and has this storage been under the same microscope as Hikvision for it's integrity or are people just blindly accepting that its tighter than the Trump/Putin make bonding?
A security solution is end to end and nothing should be looked at in isolation.
people will search the next brand with good/decent quality at the hik/dahua pricepoint.
Disagree not about Dahua nor Hikvision but about how brands gain significant share. Some people will 'search' for the next brand but most people make purchasing decisions based on heavy sales and marketing expenditures plus local support.
If Uniview steps up with tens of millions of investment in US sales, marketing and local support, hiring 100+ people, Uniview has the chance to become a major player.
Otherwise, sales will go up for Uniview, given the Hikua situation but they will remain minor players since most dealers want local 'factory' salespeople and local support.
Or, they think integrators selling those products are ignorant to the risks they pose, and thus don't want to deal with them at all. I am only slightly exaggerating here. If you can't recognize the risks posed with those products, you shouldn't be advising the government and selling them anything "security" related.
I understand that you must be happy that it actually takes an act of congress for you to compete but honestly thats not something to be proud so lets keep the argument sensible and free from undisclosed sarasm. Oh an BTW, ban or not, I still eat competitors like you for breakfast and BM them out each morning so your statement is not entirely false.
The backdoors were not intentional. Vulnerabilities are found in every manufacturer. Dahua is not owned by China. And to call China hostile is debatable. I shut down your summation in 4 sentences.
I'll let you know when the liquidation sale is, perhaps then you can actually make some money. ;)
Hey Sean, it worked! I looked at your web site to get an understanding of what you like for breakfast. My pallet is more refined, so I will not be able to understand your perspective very well.
While I prefer all government stay out of my business; It appears that the federal government must pass laws to prevent ignorant people from knowingly and willfully risking security for personal gain. It seems to me this is a new concept by the federal government over the past few years.
Not to worry Sean, there is plenty of other government entities that prefer personal gain over security, you will be fine and have plenty of breakfast to feast.
Thanks Gary. This conversation is starting to get wierd. Nonethless, I cant stay silent to subtle trash talk, although its respectful that you disclosed yourself. I said I eat competitors for breakfast via our sales, I dont eat my own products which is what you alluded to. While you may be fasting, I dont necessarily consider that a "refined" pallete choice.
Saying that selling these manufacturers poses a security risk to the US gov depicts a certain level of naivety.
The day you started using IP cameras is the day you created a whole new set of security risks. I feel I should inform you all that IT security is more complicated than China = Bad/Anything else = Good.
You have almost no ability to keep an educated and determined intruder out of your home, we all know that. We don't however seem to know that that logic also applies to our IT infrastructure. Try as you may, you can't really keep the Russians, Chinese, FBI, NSA, 16yo hackers etc off of your network. Did you ever really think you could?
Do you think the Chinese have a problem hacking in to Axis systems?
Blame Hik if you want to, but as an IT and technical security systems auditor, all you guys are fucked.
It's the wild west of CCTV systems hacking and the manufacturers don't even give us the proper tools to secure the network.
Run a Shodan search and see how many systems out there are still affected by Shellshock.
Sounds to me like you're bitter you cant install cheap shit anymore.
every integrator that employs this kind of argument that basically says "any camera poses the same amount of risk as all other brands" is putting their head in the sand.
Also, NO I don't think Chinese have issues hacking into an Axis system. They are also the same country that blocks Axis out of almost all installs in their nation. China is going for world domination and they unfairly discriminate against other manufacturers from other parts of the world.
Answer this: Why is it NOT okay for the US to do the exact same thing as China and essentially block Hikua out of our nation?
Really? And your kit has no vulnerabilities - prove it. So your benevolent company is not interested in profits - is that because its a pseudo charity (Bosch) or is it because it's commercially ignorant?
Built your wall and use your own US manufactured kit....oh hang on....
Yes 4 sentences, that make little to no sense, while no one can say the back doors are intentional, neither can you say they are not...
As for whether China is a hostile government to the US, I suggest you try reading the news in general...
While I empathize, with the impact that this might have on your business, it is not the governments concern if you base it off cheap OEM cameras, with little care to the security impact to the end user, Public or private!!
Are you insinuating every company that has placed a backdoor should succumb to the same fate of crony capitalism? Goodbye, Microsoft, Juniper, Cisco, Sony, EA Sports, Blackberry. The question should be, what company did NOT provide a backdoor? When I find that company, I'll let you know.
Direct State control is all I can think of. All of the other IP camera manufacturers suffer similar issues as a lot of these devices will utilize many of the same software libraries. That's why when you see an openssh patch published, you'll soon notice vendors downstream start to patch their hardware.
Sure, once you acknowledge my comment that you are talking out your ass and don't actually "know" one way or the other how much China is involved with Dahua, or the motivation behind the backdoors put in Hikvision's products.
Nobody (seemingly even Dahua and Hikvision themselves) really knows for sure what current risks are in those devices. The Hikvision IP Camera Critical Vulnerability 2018 report shows that new vulnerabilities are constantly being found in Hikvision devices.
Hikvision and Dahua have an extensive history of critical easily exploited vulnerabilities. Far more so than Axis or other non-banned manufacturers. Couple that with the fact that these products originate from a country (China) that is not really considered to be a US ally. This makes those products significant risks.
If the Swedes (Axis) elect a Communist dictator and start pumping out firmware riddled with comparable vulnerabilities I would be all over the suggestion to ban them as well.
Of course, this has been presented to you multiple times, but you don't seem to be able to evaluate it beyond "Axis has some vulnerabilities also" and "Hikvision makes me money, therefore we shouldn't pick on them".
I've said this before, let Hikvision go a year or two with no critical vulnerabilities being reported against them AND have their response to vulnerabilities not be spin and victimization, and maybe they could be considered a more trustable device. Let's see if we can get through the next 11 months with no new Hikvision cyber security snafu's.
Much bigger footprint for Dahua and Hikvision to be exposed than Axis or the others. No telling how many vulnerabilities still havent been found in those products. Axis is a great company, and has great products, but they are more expensive and traditionally geared towards enterprise market which are typically installed on much more closed networks. Much smaller footprint.
Sean, the footprint argument is BS!!! Regardless of how many cameras are sold, there is no correlation to the number of vulnerabilities... If I manufacture 5 cameras, it does not make them secure under that reasoning..
Enterprise systems, are not necessarily closed systems, I have dozens of customers that are based across the world, I can get in to the their systems for diagnostics etc...
And again you lay yourself bare by the statement that that AXIS is more expensive... Cheap is cheap, the expansion of Hik footprint has been done by vast investment and loans by the Chinese Government, and the Chinese Government keeping rivals out of their own domestic market...
What, in your opinion, has more vulnerabilities? Hikvision or Windows OS? Or even for this sake Apple products?
Sean, you ask a lot of questions, and pose a lot of (misinformed) opinions about why you think Hik is not a threat, but you rarely state anything definitive that can be independently verified.
Maybe try posting some data and numbers of your own, instead of "asking" people for responses. Do some research on what you think is comparable data and come back with an information-supported argument.
This is senseless Sean. Windows has more bug and cracks than Hik ever will, but it's American. So it's safe and Bill Gates allways had everyones interest at hart. Just like Facebook always wanted you to just enjoy their games. They never did anyone any harm right?
If they don't want to see the big picture, they never will.
That is a strawman argument. Microsoft Windows version x or y is an operating system, designed by huge teams, and designed to run on hundreds of manufacturers of systems. It is an operating system designed to run tens of thousands of software programs and allow user interaction, etc.
An IP camera is an IoT device or embedded device with a few APIs and designed to do one primary thing - capture video and send it out the network.
Yes, there are cameras that can run apps, but let's ignore that for now. There are only 3 or 4 manufacturers that do that, on a limited set of models. And there are only a handful - maybe a hundred apps in the world.
Any complex system, like an operating system designed to run 3rd party code, and to run on different hardware platforms is going to have vulnerabilities. The question is how forthcoming are they with info and with updates.
Can you imagine if a car company didn't acknowledge defects or issues or recalls... Oh wait... That is why certain car companies don't make it to the US... There are dozens of Indian or Chinese or other car companies that we have banned, Maybe it is due to their track record, or simply product safety.
Same thing here.
An embedded device should be easier to harden because you don't need to expose the internal modules. Everything should be parsed and sanitized and filtered before the OS gets the data.
A companies track record is SO important here. Personally, the ONLY way Hik or Dahua can make this better is to 1) actually become open vs. sending out poorly worked fluff marketing bulletins and 2) start over from the ground up - get rid of 100% legacy code and actually design a new camera & NVR & DVR & VMS. Design it with cybersecurity in mind. Yeah, it may require a new API and integration, but heck - with thousands of engineers it shouldn't take too long :). Yeah, I now that adding more engineers doesn't actually speed up a project based on man-hours needed....
Start from the ground up stating no more plugins and only HTML5. Use ONVIF and known encryption protocols. Don't hide the encryption in a special FIPS firmware, but trumpet that YOU ARE THE ONLY COMPANY WITH FIPS COMPLIANT CAMERAS, when they are not publicly available.
Finally, you HAVE to solve the grey market/OEM issues. I know that is how you started and you sell a ton of products, but you have to pick your channel. Either be a B2B product and cut out the OEM or stick to OEM and be honest about it.
We have all seen the OEM > direct backstabbing. It is shameful home many large "manufacturers" with a nice brand name don't actually manufacture cameras. I have a feeling that in the next 12 months much of this will shake down due to the ban and the Honeywells, etc. will have to bail out of the game or pick a different OEM and be honest about it or actually make their own products!!!!
The OSs on camera/NVR equipment is a full fledged Operating System. Complete with a TCP/IP stack, DDNS, HTTPD. You can install anything else you want if you know how to compile by source and are strong willed enough to endure dependency-hell as packaging software has normally been pulled from the base images.
In other words, it's a pain to install other apps, but it's certainly not impossible.
The OS on an IP camera or NVR SHOULD NOT be a full-fledged OS. It should be a stripped down OS that has removed ALL of the unneeded features, functions, libraries, and servers/daemons.
Maybe that is the difference between the different tiers of manufacturers. Some re-write the OS and remove the unneeded things, others just use the stock firmware or lock things down but don't really remove things (think telnet).
Another big piece is that some manufacturers use Trusted Platform Modules (TPM). This makes it so that a skilled hacker can NOT change the OS or recombine firmware (Hikvision). Thus better securing the camera.
Excellent way to point out the blatantly obvious. There is almost zero analogy between an OS that must run on hundreds to thousands of different hardware options, and run thousands of different programs/drivers/etc., versus a very limited purpose device where the maker has full control over both hardware and software. Anyone suggesting the 2 are comparable has no clue.
How obvious is it that IPVM and others will not spend the time and effort in analysing vulnerabilities of a small manufacturer? Yes, Hik and Dahua have a built a huge glass house for themselves and are there to be pilloried whilst the myriad of start-ups, non-Chinese OEM and plenty of others go under the radar and are pushing kit out that leaks like a sieve.
This a simply a jingoistic monologue that is as boring as it is repetitive.
Are small startup OEM companies being sold to and installed in US federal Government facilities? That is the point of this discussion. I am sure that these small companies have cyber issues, and should be discussed, but that is separate from this discussion of Hik and Dahua and related being banned by the US bill.
People won’t go back up to the high prices lower quality of pelco and the likes of them.
That's a strawman. The Pelco buyer has largely moved to Axis, Avigilon, Hanwha, Genetec, Exacq, Milestone, etc., with or without the Chinese.
At best, you kill the Hik and Dahua business in the USA and in a few years a new lobby for a new ban will try to kill whichever Chinese company has stepped into the void hik and Dahua leave.
You've made this argument now a few times so I'll address. Hikvision and Dahua are way bigger (on the order of 5 - 12x as large) as the next biggest Chinese video surveillance manufacturer plus Dahua and Hikvision have been taking market share away from other Chinese companies inside of China. Because of that, your assumption that other Chinese companies will easily fill the 'void' is much more questionable than you imply.
And given that you seem to be granting that Hikua is effectively a cancer, the US might as well treat that now.
UNV is certainly the 3rd most common Chinese branded option but they are a distant, distant 3rd in the West. They will need to invest tens of millions in overseas sales and marketing to attempt to be a serious factor, which they have refused / been incapable of to date.
if you now switch to a US built camera that is so weak the Chinese can break in is that any better?
That's a genuinely laughable assumption that Dahua and Hikvison cybersecurity is somehow comparably strong. Keep in mind, both companies, among various issues, continue to maintain an unremovable side door that lets them access any system (e.g. Hikvision Responds To Cracked Security Codes).
If this is your point, ban all Chinese, not just the two biggest at this moment.
OK, I have no problem with that. I'd like to see any Chinese surveillance cameras, access control equipment, DVR/NVRs, software and similar components banned in the commercial surveillance sector. It would probably be worth banning them in the consumer sector as well, but I think that is impractical. Similarly, I have always felt the ban of Huawei equipment from the telecom market was logical as well.
China is not our ally. We ("we" being the general American population) like their cheap goods, I get that, and it is probably a necessary evil on a number of fronts to import low-cost mainstream consumer stuff from China. At the commercial level, and particularly at the Government level, that stuff should be strictly banned. I stopped buying Lenovo laptops a decade ago for similar reasons when I was in charge of IT-related purchases for various companies. If a country is hostile to us (directly, or passively) I don't think we should be plugging their equipment into our networks.
For this bill, I think Hikvision was named because they have direct government control, and they have a history of cyber security vulnerabilities across basically all of their products. Dahua is mostly guilty by association, they have proved to have similar gaping and mishandled vulnerabilities, and if we suspect the Chinese government would use Hikvision as an attack vector, it is logical to assume that cutting off Hik would just have them move to Dahua, so might as well just cut that off right from the start.
In all seriousness, if XM, Longse, or any other large(ish) Chinese manufacturers try to step into Hik/Dahua's shoes here and fill the void, I would expect their names to be directly added as well.
I don't think the bill named Hikvision and Dahua in the sense of listing the entirety of the threatening or suspect companies, they were just the two most popular and visible companies to start with. There is likely more to come.
Hikua is the biggest threat because of several factors. Mitigate the largest threats first but maintain the market for low priced camera systems that do have a good use in society. If another threat emerges, ban them too.
You went from one extreme to the other, naming Hikua and then Pelco to misrepresent options available in the market. There are several options of price and quality between those two brands.
I think a really great thing Hikvision did for themselves (and horrible for the industry) is changing the perception people have for what a professional camera should cost. They were able to do this because of an infinite government-sponsored budget and because the camera industry is very underregulated, so specification sheets can easily hide cut-corners, low-grade components, build quality issues and swiss cheese firmware.
I think a really great thing Hikvision did for themselves (and horrible for the industry) is changing the perception people have for what a professional camera should cost.
Interesting point. No doubt competing on low price was a key Hikvision tactic and important to their early success but it had very negative downsides:
(1) Their brand and general consumer perception became centered around low-cost because of their literally constant sales. They devalued other manufacturers but they also devalued themselves.
(2) By being so cutthroat on price (while spending so much on sales and marketing), Hikvision created many enemies among their rivals. This is a key reason why competitors are largely cheering the US government's actions.
I genuinely think that Hikvision's long-term outcome would have been better not being so centered on cutting prices.
I disagree. Price compared with Quality is what made them so popular. Market Disruptors tend to have enemies in their respective market so its not surprising that competitors are cheering this. Can you imagine the cheers from ADT and the likes if Simplisafe got banned?
Im not disagreeing there are ways to disrupt markets other than prices. Look at apple. Companies like that are often more respected for the value they add to the industry. Axis is respected because of this and because they were pioneers in the IP camera industry. Companies like this rarely put others out of business because they are in a class among themselves or created a new industry altogether.
Nevertheless, there are companies who disrupt based solely on pricing and/or demolishing old ineffecient sales models. These companies are generally hated in their respective industries because it makes other companies lower their margins or become uncompetitive altogether. Again Simplisafe is a great example. Amazon could be mixed in the group. Red box. Netflix. Etc.
Couldn't disagree more with your examples. The foundation of disruption for those companies was technology. This technology allowed them to challenge the conventional sales model and/or price. Hikvision just undercut everyone else dramatically with no differentiation in technology or innovative sales model.
Really, yet you are not sycophantic towards your Chinese suppliers... You sit on this discussion, make false, illogical arguments,
My business is not circling the bowl.....you made your money by buying cheap vulnerable cameras, and now that your going to be excluded from a market space, you regurgitate Hik/Dahau talking points...Claim that there is little to no correlation between price a quality, and cannot even agree that our Government would be safer without the Chinese own and sponsored manufacturers installed in its facilities!!
Remember, they are not banning the Chinese. They are banning US (Security Professionals) from selling Chinese products. The US government has displaced it's political/economic responsibility on us, without actually banning any product.
Not fair at all if you ask me.
Either let the market decide or step in with politics. Don't force every Security Professional to enforce your ill-thought plan.
My same thoughts are with the tarriffs. You arent hurting the Chinese. You are hurting the consumer.
I voted for trump but he has pulled some doozies lately. One of them saying Google is biased. I dont think they are biased at all, but even if they are, who cares, they are a private company they can be as biased as they want.
Do you actually read IPVM on a regular basis? Simply look for the articles regards these manufacturers and you will see that the number of threats and issues from these manufacturers dwarfs any other manufacturer....
I do not think that "they think thousands of companies are Chinese spies", I think it is a true concern over the Chinese government being so entwined in camera companies, that the US Government cannot trust or rely on them.
Anyone that has read IPVM over the last 5 years or so can see one security failure after another from these manufacturers, Other countries are excluded from Chinese government projects because of their own security concerns......
What is good for the goose is good for the gander...
I don't mean to politicize this topic, but usually people in significant government and political positions equip their homes and private offices with extensive security measures, including, but not limited to, surveillance equipment. What are the chances that some of these folks used the equipment, which is the subject of our discussion, in their homes and private office, and through this equipment the Chinese Government got into their network? We're now hearing that the Chinese Government was monitoring a certain politician's network in "real time", got emails as soon as they were sent and received. I don't know how factual this particular story is, but I think it is possible to do such a thing. How embarrassing, to our industry, would this be if we learn that it was equipment we use that enabled our adversaries to compromise these networks?
Also, I wouldn't expect our government to spell out how any government official, or politician's network was breached other than a general statement that the breach occurred. It's possible that our government has specific information about hacking, that they will not divulge for fear of giving away methods and abilities of our intelligence gathering folks.
If you are going to ban Dahua and Hikvision you must ban all other China cams the basis of the ban is a threat to national security. I am actually less worried about hik and dahua because of their volume, there is way more effort put in to detect backdoors/vulnerabilities. This is not the case with low volume vendors. Using those cameras can actually be a greater threat since they are not likely put under the microscope. The ban should also require the removal of such systems already in place, which it does not.
If you are going to ban Dahua and Hikvision you must ban all other China cams the basis of the ban is a threat to national security. I am actually less worried about hik and dahua because of their volume, there is way more effort put in to detect backdoors/vulnerabilities
Whats even more sad about the ban is that Hikvision probably has the most cyber secure Chinese made surveillance product right now. Unfortunately they were too late in the game.
So they are the "best of the worst??" Not sure that is the standard of a successful security model. I think that is the point lost in all of this - we are in the security business. We are not making Lego.
we are in the security business. We are not making Lego.
I fully agree with that statement. That's why making clear rules and minimum requirements make way more sense. For traditional CCTV (with no network connections) it might not have been needed, but it's very needed today.
It would take work but make a better industry. More usefull then a ban on a few brands.
The standard for a successful security product would start with not being listed by CERT or DHS or whomever with having a vulnerability, especially a 9 or 10 rating. Obviously, there can be vulnerabilities or other issues and not be listed (yet), but that is a good start.
Let's go through the camera calculator and see which products made in China do NOT have any vulnerabilities listed.
Hikvision is NOWHERE near the top of the best in cybersecurity. They constantly have vulnerabilities disclosed, and often due to sloppy coding, and not due to other libraries (openSSL, etc.) finding a vuln.
I can understand this argument, however, Hikau's risk factor is 100x that of other Chinese brands like TVT, Longse, etc. simply by the market penetration into enterprise\government sectors in the USA and marketing power to expand that. I think it makes sense to ban the largest threats while still allowing for the low price market to exist. Banning all Chinese cameras could have an impact on the safety and security of millions of people who may not be able to afford anything but a $500 8 channel kit on Amazon.
You are confused. First, the ban does not apply to amazon shoppers. Second, if dahua and hik were selected because they are the largest, then why not mandate removal of old systems? A better solution if they felt the ban was needed would be to list acceptable manufactures.
You are confused. First, my English language, grammatically correct and cohesive sentence tied the banning of all Chinese cameras to Amazon shoppers, not this federal ban. Second, removal of currently installed Hikua systems in federally owned, operated, or funded facilities is mandated. An even worse solution would be listing acceptable manufacturers since there are thousands of acceptable ones and only two banned ones.
Yet again, incorrect. The ban does not require removal. IPVM's reporting on it is incorrect. Take the time and actually read the legislation. There is nothing in the language that requires removal of equipment already in place.
If you intended to suggest an alternative to the federal ban you should have said so cohesively. It does not read that way, so much so that you had to defend it in the way you did. :)
Finally, my point with respect to white listing when right over your head. There are not thousands of acceptable brands. All china brands are suspect. The smaller manufactures more so because they are not tested extensively. If the feds are actually concerned about security they should vet 10 or so quality brands and white list them. Problem solved. I understand though that as a manufacture you feel threatened.
I'm sure I'm quite naive about cyber security beyond VPN's and strong passwords, but this ban may be simply folly in preventing or stemming cyber attacks, and will have little to no impact on China's, or any other adversarial country's, ability to breach our critical networks. There are many pathways into a network, by a multitude of other network connected devices, not limited to surveillance equipment or particular manufacturers.
A US manufacturer of network client devices may use all components manufactured in the USA, which is highly unlikely. But that same manufacturer may later switch to components sourced from other manufacturers in countries that may or may not be adversarial to the US. Would this make the product subject to scrutiny or a ban?
A WiFi thermostat or Wifi controlled lighting, among a host of other connected devices can be used to attack a network. It seems like it's going to be a monumental task to ban so many things, and this may not solve this problem.
I don't think the Chinese government, or any other adversarial country for that matter, will simply limit their efforts to breach our networks to just a few industries' products.
Agreed, especially when you are starting to see the mainstream adoption of smart home devices on residential networks. This is a recipe for a disastrous DDOS attack. However, as a standard cybersecurity practice, end users should avoid technology with a track record of vulnerabilities, poor best practice methods for network integration, and lag and\or denial of those vulnerabilities, no matter what manufacturer or country of origin.
US Senator criticizes Hikvision on social media overnight:
Chinese spy company was rightfully barred by Congress from getting any U.S. govt contracts. So what did #China do? They hired Mercury Public Affairs,the go-to lobbyists for war criminals,human rights abusers & U.S. adversaries to try & change the law. https://t.co/2ESbuaxL7i
I'd like to add that this is not just affecting the govt projects.
I was in a meeting with a large retail company yesterday and was told the reason they are completely moving away from Hikvision is because they were shown the hacked hik camera map by a consultant.
They immediately freaked out and demanded the removal of all Hik cameras and replacement with a premium brand moving forward. The negative exposure Hik is receiving right now is at an all time high and buying decisions are being changed and reversed more than I have ever seen.
As we move into the internet of things we need to start looking at all manufacturers this is true, but that does not mean that as security vendors, we should not be looking at the most blatant offenders first.
Standards are needed, for all devices that are attached to the network, but that does not mean until we have every last item is secure we should do nothing...
I'm not suggesting we do nothing.... Just pointing out how the problem is much larger than just camera equipment manufacturers. If I were working in a hostile regime and wanted to breach the network of a target country, I'd look to do it with their own devices, manufactured in their own country, thereby not raising suspicion and completely going under the radar. The Chinese must know that any device originating in China and exported to the USA or elsewhere is going to be held with suspicion on it's face.
On a separate note, Rubio seems to be man who is more than a little confused. IPVM loves a Wikipedia trawl...so lets have it Marco...
"He favors collection of bulk metadata for purposes of national security"
"....he hopes for greater economic growth as a result of trading with that country (China)"
"In February 2018 he attracted controversy following the Stoneman Douglas High School shooting at a town hall event held by CNN when he was questioned by a survivor of the shooting about the supposed $3,303,355 he had received in donations from the NRA. Rubio replied, "I will always accept the help of anyone who agrees with my agenda". (mmm.....I think I can read into that one pretty easily...).
"He disputes the scientific understanding of climate change, arguing that human activity does not play a major role in global warming"
Yep - lets all listen to Marco, because he's all about credibility and integrity.
I've got $20 that says you don't even know what "Mike's Nature Trick" is. Until you've done at least a few hundred hours of researching the global warming scam, from both sides, I suggest leaving the now named "climate change" out of discussions about security cameras.
I'm not sure how the statement "... as a substantial or essential component of any system, or as critical technology as part of any system." can be interpreted as blocking purchase from those companies selling multiple brands (including Hikvision or Dahua). I would interpret this as anyone selling a system, like an inspection system that happens to have a Hikvision camera as a "component" of the system. They key word is "system".
Are you able to clarify this scenario. An integrator sells Honeywell/Interlogix Intrusion Panels. Both of these companies OEM cameras to banned manufacturers. Can you not sell to the federal government because you are selling non-camera products from a manufacturer who OEMs to a banned firm?
As an integrator, you would only potentially be banned if you sold Dahua or Hikvision products (or their OEMs). If you resell products from a company that OEMs Dahua or Hikvision but you do not resell those Dahua/Hikvision specific OEM products, you would not be affected.