The Dumb Ones: PSA's Bozeman On Cybersecurity

Author: John Honovich, Published on Jun 15, 2018

The smart ones are the hundred people who flew to Denver and spent $500+ on a 1.5-day conference featuring (now US government banned) Dahua as a 'cyber responsible partner', as PSA President Bill Bozeman declared:

The rest of you, well...

A few problems here:

Theater

This is literally (cyber) security theater. Get in a room, congratulate each other on being so smart, while the industry's worst cybersecurity offender headlines the event. And then showcase how out of touch these 'thought leaders' are:

The only thing fast about the worst vulnerabilities in our industry is how fast companies like Dahua, Hikvision, and Xiongmai push cheap products with little regard for cybersecurity.

Now, surely this makes the event's sponsors feel good but it undermines real problems in this industry.

Making Manufacturers Take Responsibility

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

The reality is most manufacturers have taken cybersecurity far too lightly. And, worse, like Dahua, think they can pay to sponsor an event to buy that credibility back or falsely claim cybersecurity compliance.

But the manufacturers need to be responsible and need to improve their cybersecurity. The more manufacturers understand they have to lose by bad cybersecurity, the more they will put engineering resources (and not just press releases) into improving their products.

Stop Port Forwarding

While these conferences talk about Bitcoin and other such speculative, far-removed, topics, there is something much more fundamental that we all need to convince integrators to do. Stop port forwarding.

Why did all those Dahua recorders get hacked last year? Not just the backdoor but because Dahua directed their integrators to port forward. And port forwarding exposes one's video surveillance devices to the entire world so that any vulnerability found becomes a gold mine for hackers.

Worse, manufacturers like Hikvision continue to endorse port forwarding, even in their own hardening guides.

Doing Something To Help Integrators

Rather than sit around conference rooms and congratulate ourselves, IPVM has been hard at work building a tool to help integrators. We have released new software that allows video surveillance professionals to quickly and easily identify known vulnerabilities of products deployed in their systems.

Comments (26) : PRO Members only. Login. or Join.

Related Reports

Avigilon Favorability Results 2019 on Jan 15, 2019
Since IPVM's 2017 Avigilon favorability results, the company was acquired by Motorola and has shifted from being an aggressive startup to a more...
Pelco Favorability Results 2019 on Jan 11, 2019
Pelco had a significant favorability problem amongst integrators in our previous study (see 2016 Pelco results). Now, in the first edition of our...
Winter 2019 IP Networking Course on Jan 10, 2019
Today is the last day to register for the Winter 2019 IP Networking course. This is the only networking course designed specifically for video...
The Battle For The VSaaS Market Begins 2019 - Alarm.com, Arcules, Eagle Eye, OpenEye, Qumulex, Verkada, More on Jan 02, 2019
2019 will be the year that VSaaS finally becomes a real factor for professional video surveillance. While Video Surveillance as a Service (VSaaS)...
US Gov China Ban Rules Process, SIA Lobbies Against 'Blacklisting', For 'Risk-Based Protocol' on Dec 27, 2018
Details have emerged about when the rules implementing the federal ban on Hikvision, Dahua, Huawei and others will be made public for official...
Bosch VDOO 2018 Vulnerability on Dec 20, 2018
Security research firm VDOO has discovered a critical vulnerability in Bosch IP cameras. Inside, we cover the available details of this new...
Genetec UL Cybersecurity Certificate (2900-2-3) Examined on Dec 19, 2018
Proving a company is cybersecure has become a major concern for security companies. But how trustworthy are these certificates? Earlier in 2018, a...
Scam Research And The $86 Billion IP Camera Market on Dec 19, 2018
Scam. The most widely cited research numbers in many, if not most, industries come from a growing number of Indian 'market research firms'. We...
Top 2019 Trend - AI Video Analytics on Dec 10, 2018
160+ Integrators answered: What do you think the top industry trend will be in 2019? Why? AI / video analytics was the run-away winner with...
ADT Wins Fire Death Suit But Faces Appeal on Dec 05, 2018
ADT/Protection 1 has won a wrongful death court case in which it was sued by the estate of a deceased customer. However, the attorney for the...

Most Recent Industry Reports

The IP Camera Lock-In Trend: Meraki and Verkada on Jan 18, 2019
Open systems and interoperability have not only been big buzzwords over the past decade, but they have also become core features of video...
NYPD Refutes False SCMP Hikvision Story on Jan 18, 2019
The NYPD has refuted the SCMP Hikvision story, the Voice of America has reported. On January 11, 2018, the SCMP alleged that the NYPD was using...
Mobile Surveillance Trailers Guide on Jan 17, 2019
Putting cameras in a place for temporary surveillance where power and communications are not readily available can be complicated and expensive....
Exacq Favorability Results 2019 on Jan 17, 2019
Exacq favorability amongst integrators has declined sharply, in new IPVM statistics, compared to 2017 IPVM statistics for Exacq. Now, over 5 since...
Testing Bandwidth Vs. Low Light on Jan 16, 2019
Nighttime bandwidth spikes are a major concern in video surveillance. Many calculate bandwidth as a single 24/7 number, but bit rates vary...
Access Control Records Maintenance Guide on Jan 16, 2019
Weeding out old entries, turning off unused credentials, and updating who carries which credentials is as important as to maintaining security as...
UK Fines Security Firms For Illegal Direct Marketing on Jan 16, 2019
Two UK security firms have paid over $200,000 in fines for illegally making hundreds of thousands of calls to people registered on a government...
Access Control Cabling Tutorial on Jan 15, 2019
Access Control is only as reliable as its cables. While this aspect lacks the sexiness of other components, it remains a vital part of every...
Avigilon Favorability Results 2019 on Jan 15, 2019
Since IPVM's 2017 Avigilon favorability results, the company was acquired by Motorola and has shifted from being an aggressive startup to a more...
Gorilla Technology AI Provider, Raises $15 Million, Profiled on Jan 15, 2019
Gorilla Technology is a Taiwanese video analytics manufacturer that recently announced a $15 million investment from SBI Group, saying this...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact