SIA Plays Dumb On OEMs And Hikua BanBy John Honovich, Published on Sep 20, 2018
OEMs widely pretend to be 'manufacturers', deceiving their customers and putting them at risk for cybersecurity attacks and, soon, violation of US law.
Unfortunately, the Security Industry Association (SIA) is playing dumb about OEMs in its attempts to undermine the ban in the NDAA 2019 law. More specifically, SIA is clearly protecting their many OEM members who profit greatly from pretending to be manufacturers.
the statute also does not address the extent to which, if any, the prohibition could apply to any equipment produced by U.S. or other manufacturers that incorporates elements supplied by one or more of the companies named in the prohibition, as original equipment manufacturers [emphasis added]
SIA is trying to separate non-China pretend 'manufacturers' from the equipment they get from Dahua and Hikvision.
This is laughable. The standard OEM practice is to simply take Chinese equipment (such as Dahua and Hikvision) and reskin it (change the brand name, change the colors, sell it). The firmware and the hardware are essentially unchanged. An OEM like LTS is no more producing equipment than you 'building' a computer on Dell's website. Related, LTS / Hikvision OEM test results or worse see Interlogix Vs Hikvision Tested.
The reason SIA is doing this is because the bill specifically calls out equipment 'produced' by Dahua and Hikvision, i.e.:
video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua [emphasis added]
Magically, by putting an American skin on a Hikua product, it becomes 'produced' by a US manufacturer, or so SIA evidently hopes.
Despite 5 attempts back and forth with SIA, SIA refused to answer IPVM's questions, most directly:
In SIA's expert opinion, if a product is produced in China but then an American company applies their label and their colors to the UI of a product, does SIA consider that product still produced in China or produced in America?
Vote / Poll
Pretend Manufacturers Hurt Security Users
Security 'manufacturers' make money off this. And, cynically, maybe that is all that matters for an organization like SIA that represents their interests.
But it harms security users as (1) they are deceived about the true source of their products, (2) the equipment is generally from Chinese providers with poor software development practices and high cybersecurity risk and (3) now undermine US law, if organizations like SIA and the pretend manufacturer members have their way.