The Dumb Ones: PSA's Bozeman On Cybersecurity

Author: John Honovich, Published on Jun 15, 2018

The smart ones are the hundred people who flew to Denver and spent $500+ on a 1.5-day conference featuring (now US government banned) Dahua as a 'cyber responsible partner', as PSA President Bill Bozeman declared:

The rest of you, well...

A few problems here:

Theater

This is literally (cyber) security theater. Get in a room, congratulate each other on being so smart, while the industry's worst cybersecurity offender headlines the event. And then showcase how out of touch these 'thought leaders' are:

The only thing fast about the worst vulnerabilities in our industry is how fast companies like Dahua, Hikvision, and Xiongmai push cheap products with little regard for cybersecurity.

Now, surely this makes the event's sponsors feel good but it undermines real problems in this industry.

Making Manufacturers Take Responsibility

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

The reality is most manufacturers have taken cybersecurity far too lightly. And, worse, like Dahua, think they can pay to sponsor an event to buy that credibility back or falsely claim cybersecurity compliance.

But the manufacturers need to be responsible and need to improve their cybersecurity. The more manufacturers understand they have to lose by bad cybersecurity, the more they will put engineering resources (and not just press releases) into improving their products.

Stop Port Forwarding

While these conferences talk about Bitcoin and other such speculative, far-removed, topics, there is something much more fundamental that we all need to convince integrators to do. Stop port forwarding.

Why did all those Dahua recorders get hacked last year? Not just the backdoor but because Dahua directed their integrators to port forward. And port forwarding exposes one's video surveillance devices to the entire world so that any vulnerability found becomes a gold mine for hackers.

Worse, manufacturers like Hikvision continue to endorse port forwarding, even in their own hardening guides.

Doing Something To Help Integrators

Rather than sit around conference rooms and congratulate ourselves, IPVM has been hard at work building a tool to help integrators. We have released new software that allows video surveillance professionals to quickly and easily identify known vulnerabilities of products deployed in their systems.

Comments (26) : PRO Members only. Login. or Join.

Related Reports

Favorite Request-to-Exit (RTE) Manufacturers 2018 on Sep 19, 2018
Request To Exit devices like motion sensors and lock releasing push-buttons are a part of almost every access install, but who makes the equipment...
Favorite Intercom Manufacturers 2018 on Sep 14, 2018
Intercoms are certainly increasing in popularity, driven by the integration of video and IP networking. But who is the favorite? On the one side,...
Stanley Security Acquires 3xLogic, Kushner Becomes Product President on Sep 10, 2018
Stanley Security acquired 3xLogic a few months ago. However, the company has still not officially publicly announced it, leading many to wonder...
Dell Launches IoT for Surveillance on Sep 05, 2018
Historically, Dell has been a PC and server provider (e.g., "Dude, you're getting a Dell") and widely used for surveillance storage. However, in...
Sell Dahua or Hikvision At All, Banned From Selling to US Federal Government, Says US HASC on Aug 29, 2018
The US House Armed Services Committee (HASC) Communications Director has confirmed to IPVM that if a company sells Dahua or Hikvision at all, they...
Hikvision FIPS 140-2 Cybersecurity Certification Examined on Aug 27, 2018
A week after the US government passed a law banning Hikvision, Hikvision announced it had obtained a FIPS 140-2 certification from the US...
France Political Scandal Reveals Video Surveillance Problems on Aug 22, 2018
In what French media describes as "the most damaging crisis yet for" French President Marcon, a political scandal has revealed major gaps in the...
ISS VMS / Video Analytics Company Profile on Aug 16, 2018
Who is ISS? In the past few months, they had one of the craziest ISC West promo items in years. Then, they hired industry veteran and ex-Dahua...
RealNetworks Free School Facial Recognition on Aug 03, 2018
The company that created RealPlayer is moving beyond media delivery and into the security space with a new facial recognition platform they have...
Sony Gen 5 IP Cameras Critical Vulnerabilities on Jul 26, 2018
Cybersecurity vulnerabilities remain prevalent in video surveillance devices. Now Talos researchers have discovered multiple vulnerabilities in...

Most Recent Industry Reports

BluePoint Aims To Bring Life-Safety Mind-Set To Police Pull Stations on Sep 20, 2018
Fire alarm pull stations are commonplace but police ones are not. A self-funded startup, BluePoint Alert Solutions is aiming to make police pull...
SIA Plays Dumb On OEMs And Hikua Ban on Sep 20, 2018
OEMs widely pretend to be 'manufacturers', deceiving their customers and putting them at risk for cybersecurity attacks and, soon, violation of US...
Axis Vs. Hikvision IR PTZ Shootout on Sep 20, 2018
Hikvision has their high-end dual-sensor DarkfighterX. Axis has their high-end concealed IR Q6125-LE. Which is better? We bought both and tested...
Avigilon Announces AI-Powered H5 Camera Development on Sep 19, 2018
Avigilon will be showcasing "next-generation AI" at next week's ASIS GSX. In an atypical move, the company is not actually releasing these...
Favorite Request-to-Exit (RTE) Manufacturers 2018 on Sep 19, 2018
Request To Exit devices like motion sensors and lock releasing push-buttons are a part of almost every access install, but who makes the equipment...
25% China Tariffs Finalized For 2019, 10% Start Now, Includes Select Video Surveillance on Sep 18, 2018
A surprise move: In July, when the most recent tariff round was first announced, the tariffs were only scheduled for 10%. However, now, the US...
Central Stations Face Off Against NFPA On Fire Monitoring on Sep 18, 2018
Central stations are facing off against the NFPA over what they call anti-competitive language in NFPA 72, the standard that covers fire alarms....
Hikvision USA Starts Layoffs on Sep 18, 2018
Hikvision USA has started layoffs, just weeks after the US government ban was passed into law. Inside this note, we examine: The important...
Chinese Government Praises Hikvision For Following Xi Jinping on Sep 17, 2018
The Chinese government council responsible for managing China's state-owned companies praised Hikvision’s obedience to China’s authoritarian leader...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact