NSA Director Keynoting Dahua and Hikvision Sponsored Cybersecurity Conference [Canceled]

By: John Honovich, Published on Jun 13, 2019

The technical director for the NSA’s Cybersecurity Threat Operations Center will be keynoting a physical security cybersecurity conference that is being sponsored by Dahua and Hikvision, banned by the US government for security risks.

[CANCELED: the keynote has been canceled, with SIA, the organizer, only saying "The NSA canceled due to a scheduling conflict and requested they be kept in mind for future sessions."]

The organizer of the conference, the Security Industry Association, explained to IPVM that while Dahua and Hikvision are banned for US government use, they are not banned from sponsoring conferences where US government intelligence officials are keynoting, saying:

Cyber:Secured Forum is intended to provide attendees with a variety of perspectives and information that can help strengthen the cyber-hardening policies of the predominantly corporate attendees and their customers. It is not a federal government sales conference. Private sector attendees at industry events such as this conference frequently apply the insights provided by government and industry speakers, sponsors and fellow attendees to their commercial strategies. Moreover, nothing under Section 889 of the NDAA restricts the ability of affected companies to participate in any educational conferences as sponsors. We welcome the participation of SIA members and businesses which support the goal of educating the industry about cybersecurity. [emphasis added]

However, the NSA director keynotes many events and has made clear the risks from China, as the excerpt below shows, where he observes that 'China is everywhere', 'they are stealing our property', 'the greatest transfer of intellectual property in our nation':

In particular, Hikvision is owned and controlled by the Chinese government, as their 2018 financials confirm:

No alt text provided for this image

Plus Hikvision's Chairman and Communist Party Secretary is a member of the PRC government.

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Nonetheless, Hikvision is happy to sponsor and market this as their recent promotion showed:

  

From Hikvision's perspective, it certainly makes sense, positioning themselves as a PRC government-owned entity happily side by side with the NSA director at a cybersecurity conference. And this event sponsorship is inexpensive compared to the more than a million they have spent lobbying Congress and another million on political PR.

Buying Validation - United Front and Confucious Institutes

Dahua and Hikvision are buying validation, much like the PRC does, more generally, with the United Front and Confucious Institutes. This is something the US government, through the U.S.-China Economic and Security Review Commission is well aware of, as the 2018 "China’s Overseas United Front Work Background and Implications for the United States" report details. Indeed, the US government has banned the use of defense funding for organizations taking money from the PRC's Confucious Institutes.

Allowing Dahua and Hikvision to sponsor such events undermines US law and interests, allowing these PRC organizations and their paid-off partners (like SIA), to pretend everything is fine and that the US government is mistaken and that the real allies of the US are organizations like Dahua and Hikvision, happy to fund these events.

Industry Bought Off

Those outside the physical security industry may find it confusing that a US non-profit like SIA would accept cybersecurity sponsorships from PRC organizations banned for security risks, including one owned by the PRC government.

Unfortunately, many physical security 'leaders' have effectively been bought off by the unprecedented amount of marketing money these now US government banned organizations are willing to spend.

2 reports cite this report:

The Cowardly, Greedy "Leaders" of Video Surveillance - SIA on Nov 19, 2019
The video surveillance industry suffers from cowardly, greedy 'leaders'...
2019 Mid-Year Video Surveillance Guide on Jul 01, 2019
IPVM's new 400+ page Mid-Year Industry Guide brings all of these issues and...

Comments (32)

Only IPVM Members may comment. Login or Join.

As he is an appointed official as part of the NSA, do you have contact information for this individual so that we may contact him or anyone involved to voice our concern and disgust at this situation?

We don't have his direct contact information but I forwarded it through some US government contacts last week.

I bet he is not even aware of this, as he speaks at many conferences and I would assume he reasonably assumes that banned companies would not be allowed to sponsor him.

Allowing Dahua and Hikvision to sponsor such events undermines US law and interests, allowing these PRC organizations and their paid off partners (like SIA), to pretend everything is fine and that the US government is mistaken and that the real allies of the US are organizations like Dahua and Hikvision, happy to fund these events.
Industry Bought Off
Those outside the physical security industry may find it confusing that a US non-profit like SIA would accept cybersecurity sponsorships from PRC organizations banned for security risks, including one owned by the PRC government.
Unfortunately, many physical security 'leaders' have effectively been bought off by the unprecedented amount of marketing money these now US government banned organizations are willing to spend.

Great summary and conclusion to your article.  I am in no position to know the reasoning behind the decision to allow "The technical director for the NSA’s Cybersecurity Threat Operations Center will be keynoting a physical security cybersecurity conference that is being sponsored by Dahua and Hikvision, banned by the US government for security risks".  However, it deserves investigation and explanation. 

Hopefully, there is some logic to having an NSA cybersecurity official of this caliber, whose agency has "banned for US government uses" the very parties' products who are standing "shoulder to shoulder" with himself and the Security Industry Association officials at such an event.  At the same time we, as security solution integrators, are charged with making decisions as to whether these same manufacturer partners qualify for being specified and used in those facilities and communication networks other than the federal government owned and operated communication networks?

Mirrors to the video excerpt? No good anymore....

I fixed the video, viewable above and viewable here.

Thanks. Are government employee keynote speakers paid or is this a fee that goes directly to the agency/branch? I know someone would probably spin this as "NSA Director Paid By China!". 

 

Interesting how this will play out, but I can imagine his staff would probably at least let him know about this potential conflict now. 

I doubt the NSA director is being paid. This strikes me as more of an outreach to industry than a money-making opportunity. The NSA has a reported ~$11 billion budget so they have no need for handouts.

Hikvision excels at this game, like with the FIPS certification. They use it to cast doubt and sow confusion. "Hey all I can say is last week we sponsored the NSA director's keynote and they were really happy to have us."

I do not think it will be something where he is noted as being paid, but rather ignorant.  I have to admit that as much as the NSA seems like an omniscient cyber-boogeyman this article sure does show some serious flaws in the NSA intelligence gathering for this event.

Is this conference primarily sponsored by Hikua or are they one of many?

SIA is looking for 31 sponsors total:

There are 14 sponsors so far listed, no Gold and Platinum. Dahua and Hikvision are bronze.

I am in a position to purchase a sponsorship for this event, however it is clear this is going to be more of a superficial boondoggle than a worthwhile event. I wish more manufacturers would pressure SIA to actually have a backbone.

There are speaking fees, and then there are room comps, flights, car service, dinners, gifts, etc. How much does SIA provide to the keynote speaker? This would be where I would dig. As a Fed employee he should be barred from these comps as well. Right?

In an unrelated story, Deputy Administrator Andrew Wheeler of the Environmental Protection Agency will be the keynote speaker on global warming sponsored by Dow Chemicals, Westmoreland Coal and Exxon Mobile.

And the original shill, Ajit Pai, will continue to play Santa Claus at the Verizon Christmas party.

But Trump said global warming is a hoax and fake news anyway.

and we all know Trump knows more about both subjects than probably anyone else !  lol

Allowing Dahua and Hikvision to sponsor such events undermines US law and interests...

where are you placing blame here? the gov or SIA?

 

SIA, for sure. 

The NSA director does not go to a US telecom conference and expect it to be sponsored by Huawei, nor does he go to a physical security one and expect it to be sponsored by the Chinese's government video surveillance manufacturer.

SIA does not want to offend two of its largest members, even though it's pretty obvious that this is not the type of conference, given what US law is, that Dahua and Hikvision should be sponsoring.

I am curious to see how this will end up, will the NSA director really end up speaking behind a banner of sponsors featuring Dahua and Hikvision?

It's not "malum prohibitum" but, it's definitely "malum in se". In other words, it may not violate a statute but, IMHO, it's inherently wrong by nature, independent of regulations governing the conduct.

 

Some food for thought:

Consider the ultimate authority for Dave Hogue, Technical Director, NSA, Cybersecurity Threat Operations Center, who's actions and words are often malum in se AND malum prohibitum. 

Also, China's PLA Unit 61398 is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced persistent threat unit that "has been alleged to be" a source of Chinese Hackers. In 2013, China openly admitted to having secretive cyber warfare units in both the military and the civilian part of the government – however, the details of their activities were left to speculation. As a show of force towards the rest of the global community the Chinese government now openly lists their abilities when it comes to digital spying and network attack capabilities.

The Chinese government's involvement (directly through Hikvision and Dahua) in this Cybersecurity Conference is yet another action by our own government to subject the U.S. to vulnerabilities to known enemies. The words of Abraham Lincoln to honor soldiers that sacrificed their lives in order “that government of the people, by the people, for the people, shall not perish from the earth” were spoken at Gettysburg, but these words apply as well to the countless soldiers and intelligence officers that gave their lives or limbs for the cause of our democracy before and since Gettysburg. Allowing such vulnerabilities is yet another dishonor to the sacrifices of these heroes.

Let's not let our democracy perish from the earth from a catastrophic event or from the effect of "1,000 paper-cuts" (letting many seemingly innocuous vulnerabilities exist).

All this of course is my own humble opinion and not that of any other person or company.

Best,

David J. Coughlin, CPP, Esq.

 

Update: Now Hikvision has deleted their social media promotions of them sponsoring the NSA Director's keynote.

unproving “your point” :)

As a side note, SIA has reserved an hour for the manufacturers who are willing to pay them $25,000.  Only problem, no one wants to pay that so far, so it is empty:

This is, unfortunately, not unique, see: ASIS Sells GSX 2019 Education Sessions and 'Independent' Security Consultant Organization Sells Off Speaking Slots To Manufacturers, though the IAPSC refused to take sponsorship money from Dahua and Hikvision, citing cybersecurity concerns.

Update: the links announcing this keynote on SIA and the conference's website no longer work. We are checking with SIA to clarify what is the status (changed links, changed plans, etc.).

I predict that the speaker will pull out due to a scheduling conflict, as other staff members scheduled it without consulting.. 

Update: the keynote has been canceled, with SIA, the organizer, only saying "The NSA canceled due to a scheduling conflict and requested they be kept in mind for future sessions."

I wonder when SIA (and Hik) are going to get their act together and realize people are done putting up with their lack of ethics when it comes to cybersecurity and product positioning.

Good to see this keynote has been cancelled. It should have never been scheduled in the first place.

Furthermore, it would be nice if a requirement for sponsoring a cyber security event were that the sponsors didn't have a collection highly critical CVE's amassed.

 

putting up with their lack of ethics

On a related note, SIA has just started an ethics committee:

Ethics and Tech Working Group

The SIA Board of Directors recently approved the formation of a working group to develop SIA’s position on the topic of ethical use of security technologies. As policymakers in the U.S. and the EU consider developing guidelines for the responsible use of technology, this new SIA working group will make recommendations to the SIA board on the application of certain technologies, such as artificial intelligence, for security in an ethical and appropriate manner that builds trust throughout the security ecosystem and with the general public. For more information and to get involved, contact me at derickson@securityindustry.org.

I joined it a few weeks ago but have not yet received any further word on progress nor meetings.

Called it!! :)

Take a bow!

The 'scheduling conflict' is the conference equivalent of executives who resign to 'spend more time with their families'...

Update: Now, the entire Cyber Secured Forum is canceled. SIA confirmed that:

In lieu of a standalone event for 2020, Cyber:Secured Forum’s cybersecurity focused education will be incorporated into a dedicated track within PSA TEC 2020, and SIA will also continue to develop and deliver cybersecurity education via other online and in-person formats, including within the ISC events.

Note: here are the Dahua and Hikvision booths at the 2019 Cyber Secured Forum event:

Related Reports

US DoD Declares "Can No Longer Do Business" With Contractors Using Dahua, Hikvision, Huawei on Apr 08, 2020
The US Department of Defense has confirmed to IPVM that they fully support...
Intersec 2021 Is Open In Dubai on Sep 03, 2020
While ISC East November 2020 just cancelled and CES January 2021 has been...
ISC West 2020 Finally Cancelled on Jun 25, 2020
ISC West has now been cancelled for the third time, now for all of...
Trade Groups Request NDAA Blacklist Delay Citing Coronavirus on Apr 06, 2020
Two trade groups representing government contractors have asked Congress to...
School District Admits Not Following FDA Guidelines With 144, No Blackbody, Hikvision Fever Cameras on Aug 21, 2020
The Baldwin County School District has admitted it is not following FDA...
Huawei HiSilicon Shortage Impacts Surveillance Manufacturers on Aug 14, 2020
Huawei acknowledged problems and challenges for its HiSilicon chip business,...
SIA Coaches Sellers on NDAA 889B Blacklist Workarounds on Aug 05, 2020
Last month SIA demanded that NDAA 899B "must be delayed". Now that they have...
Honeywell Warns of Huawei, Advocates Futureproofing on Aug 31, 2020
For years, Honeywell has profited from OEMing Dahua and using Huawei...
Salesforce Drops Dahua and Hikvision on Aug 12, 2020
Salesforce has dropped Dahua and Hikvision as customers, forcing the two mega...
Integrators Avoiding Coronavirus Air Travel on May 29, 2020
IPVM asked integrators if air travel is part of their 2020 plans to see how...
US Surgeon General Unwittingly Showcases Sanctioned Dahua Temperature System on Jul 28, 2020
The US' top public health spokesperson, the Surgeon General, posted a photo...
Hikvision And Dahua Now Blocked From Conforming ONVIF Products on Apr 03, 2020
Dahua and Hikvision, sanctioned for human rights abuses, are now blocked from...
Genetec Goes Virtual, Drops Essen and GSX, Skeleton Crew to ISC West 2020 on May 05, 2020
Genetec is dropping Essen and GSX shows this year as well as planning to send...
Genetec Drops Support for Dahua and Hikvision on Jun 01, 2020
Genetec has dropped support for Dahua and Hikvision, citing US blacklisting...
The SIA Board Strongly Supports ISC West October 2020 on Apr 23, 2020
The SIA Board strongly supports the upcoming October 2020 ISC West, amidst...

Recent Reports

Mobile Access Control Usage Statistics 2020 on Sep 21, 2020
Most smartphones can be used as access control credentials, but how...
Axis Compares Fever Camera Sellers to 9/11 on Sep 18, 2020
Axis Communications, the West's largest surveillance camera manufacturer, has...
Chilean Official Investigated for Motorola And Hikvision Contracts on Sep 17, 2020
A corruption investigation is underway in Chile after a crime prevention...
Huawei HiSilicon Production Shut Down on Sep 17, 2020
Huawei HiSilicon chips are no longer being manufactured or supplied to...
Virtual ISC West and GSX+ Exhibiting Contrasted on Sep 17, 2020
Both ISC West and ASIS GSX are going virtual this year, just weeks apart, but...
X.Labs Sues FLIR on Sep 16, 2020
X.Labs, the maker of Feevr, has sued FLIR, the publicly traded thermal...
Video Surveillance 101 September Course - Last Chance on Sep 16, 2020
Today is the last chance to sign up for the Fall Video Surveillance 101...
No Blackbody Mistake, Half Million Dollar, Hikvision Fever Camera System in Georgia on Sep 16, 2020
A Georgia school district touted buying Hikvision fever screening "about...
Costar Technologies / Arecont H1 2020 Financials Examined on Sep 16, 2020
Costar's financial results have been hit by the coronavirus with the company...
Startup Cawamo Presents Live Alerts With Edge AI and Cloud VMS on Sep 15, 2020
Cawamo, an Israeli edge-to-cloud analytics and VMS startup, presented its...
Favorite Access Control Credentials 2020 on Sep 15, 2020
Credential choice is more debated than ever, with hacking risk for 125kHz and...
Dangerous Hikvision Fever Screening Marketing In Africa on Sep 15, 2020
A multi-national African Hikvision distributor is marketing dangerously...
New Products Show Fall 2020 Announced - Register Now on Sep 14, 2020
IPVM's sixth online show will feature New Products from over 25...
Hanwha 8K / 33MP Camera Tested on Sep 14, 2020
Hanwha Techwin has released an 8K / 33MP resolution camera, the TNB-9000 with...