The Dumb Ones: PSA's Bozeman On Cybersecurity

By: John Honovich, Published on Jun 15, 2018

The smart ones are the hundred people who flew to Denver and spent $500+ on a 1.5-day conference featuring (now US government banned) Dahua as a 'cyber responsible partner', as PSA President Bill Bozeman declared:

The rest of you, well...

A few problems here:

Theater

This is literally (cyber) security theater. Get in a room, congratulate each other on being so smart, while the industry's worst cybersecurity offender headlines the event. And then showcase how out of touch these 'thought leaders' are:

The only thing fast about the worst vulnerabilities in our industry is how fast companies like Dahua, Hikvision, and Xiongmai push cheap products with little regard for cybersecurity. 

Now, surely this makes the event's sponsors feel good but it undermines real problems in this industry.

Making Manufacturers Take Responsibility

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

The reality is most manufacturers have taken cybersecurity far too lightly. And, worse, like Dahua, think they can pay to sponsor an event to buy that credibility back or falsely claim cybersecurity compliance.

But the manufacturers need to be responsible and need to improve their cybersecurity. The more manufacturers understand they have to lose by bad cybersecurity, the more they will put engineering resources (and not just press releases) into improving their products.

Stop Port Forwarding

While these conferences talk about Bitcoin and other such speculative, far-removed, topics, there is something much more fundamental that we all need to convince integrators to do. Stop port forwarding.

Why did all those Dahua recorders get hacked last year? Not just the backdoor but because Dahua directed their integrators to port forward. And port forwarding exposes one's video surveillance devices to the entire world so that any vulnerability found becomes a gold mine for hackers.

Worse, manufacturers like Hikvision continue to endorse port forwarding, even in their own hardening guides.

Doing Something To Help Integrators

Rather than sit around conference rooms and congratulate ourselves, IPVM has been hard at work building a tool to help integrators. We have released new software that allows video surveillance professionals to quickly and easily identify known vulnerabilities of products deployed in their systems. 

Comments (26) : PRO Members only. Login. or Join.

Related Reports

Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
US Government Ban of Dahua, Hikvision, Huawei Takes Effect Now on Aug 13, 2019
The 'prohibition on use or procurement' of Dahua, Hikvision and Huawei products and 'essential components' take effect today, August 13, 2019, one...
Proactive CCTV "Only Affordable Video Archiving Solution" Profile on Aug 12, 2019
Proactive CCTV is claiming to offer "the only affordable video archiving solution on the market", reducing the storage typically required for H.265...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
"Stats Don't Lie" Says Deceptive IFSEC on Jul 30, 2019
While IFSEC has declared #statsdontlie and trumpeted seemingly skyrocketing visitor numbers, they are decieving about their show's problems. On...
Responsibility Split Selecting Locks - Statistics on Jul 22, 2019
A heated access debate surrounds who should pick and install the locks. While responsible for selecting the control systems, integrators often...
Mobile Access Usage Statistics 2019 on Jul 18, 2019
The ability to use mobile phones as access credentials is one of the biggest trends in a market that historically has been slow in adopting new...
Poor OSDP Usage Statistics 2019 on Jul 09, 2019
OSDP certainly offers advantages over decades-old Wiegand (see our OSDP Access Control Guide) but new IPVM statistics show that usage of OSDP, even...
ADT Eliminating Acquired Brands, Unifying Under 'Commercial' Brand on Jun 14, 2019
ADT is eliminating the brands of the many integrators it has acquired over the past few years, including Red Hawk, Aronson Security Group (ASG),...
Favorite Wireless Manufacturers 2019 on Jun 12, 2019
Many wireless options exist for video surveillance but how are integrator's overall favorites? 170 integrators answered the question: What is...

Most Recent Industry Reports

Dahua 4K Camera Shootout on Aug 20, 2019
Dahua's new Pro Series 4K N85CL5Z claims to "deliver superior images in all lighting and environmental conditions", but how does this compare to...
ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Uniview Beats Intel In Trademark Lawsuit on Aug 19, 2019
Uniview has won a long-running trademark lawsuit brought by Intel, with Beijing's highest court reversing an earlier Intel win, centered on...
Verkada People And Face Analytics Tested on Aug 16, 2019
This week, Verkada released "People Analytics", including face analytics that they describe is a "game-changing feature" that "pushes the...
Dahua OEM Directory 2019 on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Installation Course - Register Now on Aug 15, 2019
Register Now for the September 2019 Video Surveillance Install Course. This is a unique installation course in a market where little practical...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...
Hikvision Scrutinized In The Netherlands on Aug 15, 2019
Hikvision is facing unprecedented scrutiny in the Netherlands, at the same time the US government ban has taken effect. This week, a Dutch...
Axis 4K Camera Shootout 2019 on Aug 14, 2019
Axis' 4K Q3518-LVE claims the "best video quality possible", with Lightfinder super low light performance, Axis' high end Forensic WDR, and...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact