US Army Base Specifies 70+ Outdated Hikvision Cameras (Cancelled)

By: John Honovich, Published on Feb 22, 2018

A US Army base has specified 70+ Hikvision IP cameras, a month after the WSJ reported a different Army base removed Hikvision IP cameras.

While this is a positive for the Chinese government-owned Hikvision's expansion into the US military, this raises security concerns. Moreover, US Army's Hikvision specifications are so low-end and outdated that it raises concerns about the security of the base.

In this note, we examine the specification and the issues involved.

[UPDATE March 2018: the RFP was canceled.]

* ** **** **** has ********* **+ ********* IP *******, * ***** after ****** ******** * ********* Army **** ******* ********* IP *******.

***** **** ** * positive *** ********** **********-***** *********'********** **** *** ** military, **** ****** ******** concerns. ********, ** ****'* Hikvision ************** *** ** ***-*** and outdated **** ** ****** concerns ***** *** ******** of *** ****.

** **** ****, ** examine *** ************* *** the ****** ********.

[****** ***** ****: *** RFP *** ********.]

[***************]

US **** **** **** **** ********

*** ********* ** ***** cameras ****** ****, * ***** ********* base *** *** ** Army. ***** ** ** example ** * **** fire ******** ********* ** *** base:

Solicitation / ************* ********

*** ************ ********************* **--**** ********* **** ******* **** *** **** ***** listed ** * ***** document ****** "***********************.****" (*** **** ****).

*** ****** ** *** 4 ********* (****, ****, 4401, & ****) *** consists ********* ** ******* Watchdog ******** (*** ******* Optix ***), ** ******* 5MP ******** ("** *****") cameras *** ** ********* ("or **********") *******.

******** ** **********  ** each *** ****** ********* Wide ***** **** *******. Must ** ********** **** watchdog ******** *** ***** monition **** *********.

    ***** ****** */*” *********** scan **** ***. ************ 0.19 ***@**.*, *** ** 0 *** **** ** Shutter **** */*** ~ 1/100,000s **** *** @**.*, angle ** ****: **.*° (2.8mm, ***, **** ********) Lens ***** *** ***** adjustment ***: *° ~ 355°, ****: *° ~ 65° ******* ***** ********* 3D *** **** ******* range ******* *** *** & ***** ********* *********** *.*** / MJPEG *.*** ***** ******* Main ******* *** **** 32 **** ~ ** Mbps **** ****** ***Image ***. ***** ********** **** × **** ***, **** configurable ***** **** ****: 15fps (**** * ****), 30fps (**** × ****),***** (1280 * ***) ***** settings **********, **********, ******** adjustable ******* ****** ******** or *** ******* *** ******* ******* *** ***** trigger ****** *********, ********* alarm ********* ***/**, ****, DHCP, ***, ****, ***, RTSP, *****, ****, ***, SNMP, *****, ***, ***.**, Qos ****** ************* *****, PSIA, *** ******* *************** User **************, ********************** ********* * **** 10M / **** ******** portal ********* ********** -**°* ~ 60°C (-**°* ~ ***°*) humidity **% ** **** (non-condensing) ***** ****** ** VDC ± **%, *** (802.3af) ***** *********** ***. 5W (** **** *** on) ****** ********** ********-*****, 50J; *******, ** ** IK10 ******* ********** **** / **** ** ***** approx ** ** ** meters **********Φ*** × ** ** Weight ****

Hikvision ***** ********* **********

*************, **** ** ** *** *** common *** *** ***** from * ************ *************.

*** *********** ******* *** 'Value ******' ********* **-********-**, ****** * ***** old, **** ***** ********* ***** **** sheet. ********* ****** *** numerous ****** ******* *** equal ** **** *****, e.g., *** **-**********-* **** *.***+, longer ** *****, '***********', etc.

** ****, *** ***** not ********** ******* **** in * ********, ***** as **** * ***** US **** ****.

*******, *********** **** *********'* 5.5 ******** *******, **** model **** *** ******* PSIA (** ********* ******* it). **** ** *** a ********* ** ********* (since **** ** ***********) but ** *** ********* who *** *** ****** specifications **** *** ********** and *** ********* ****** selection.

*******

**** ** ********* ******** for *********, ******* *** ********-******* marketing ******** ** ****** off.

** *** ***** ****, much *** ** ******* in ******* **** ********* specified ***-*** ********* *******, it **** ***** ******** both *** *** ************* of *** **** *** the ******* ** ************ the ** ********** ** using.

** **** ******* *** to **** **** *** will ******* **** ******* as *** ************ ********.

Comments (17)

I wonder how many of these are just the results of somebody getting excited about the new funding increase and dusting off old quotes from two years ago without looking at it too closely. 

About funding / pricing, one thing atypical here is that its being conducted as a reverse auction:

An Offeror may submit a series of pricing bids, which descend in price during the specified period of time for the aforementioned reverse auction. 

At this point I have to ask: does the US military ever use anything other than Hikvision?

I am not sure if that prospect excites or scares you :)

It's a good question. I've asked one of our team members to research more systematically. Hopefully, in 2 weeks or so, we can provide more information from different solicitations and government documents.

I am not sure if that prospect excites or scares you :)

Neither, I don't sell Hikvision and don't work on US military bases.  I do question their decision making and/or knowledge level.  I think we should all use our 1 month IPVM invites and send to US military email addresses.

This appears to be a symptom of not caring what the product is as long as it is cheap with no further research done.

Yes, but they've been on a pretty tight budget for the past several years. Some program managers have been getting creative. 

Well we did do a wireless surveillance installation at Ft Riley in KS some years ago, using Bosch IP cams (at the client's request). A rather bizarre deal in which the client had us install an eight-channel D/A converter at the end of the chain so they could continue to use their ancient analog recording setup :-(

The document is titled "Salient_Characteristics.docx" and does not even specify Salient products. There is some sad irony in that.

Not uncommon for public agencies to take years to actually get a project approved (from the time of specification to procurement) so you see this type of old equipment being requested more often than you'd think. It sure helps to complicate public contracting!  That's all regardless of the obvious challenges with whats being requested in this particular case...

Working on one that started in 2014. With all the processes in place, I can understand why some don't go through redesign after the funding is finally approved. 

Yikes...I expected this from the Marines...they're too busy licking windows to read specs, but the Army...say it ain't so!

In 2018, you would not reasonably specify this in a pizzeria, might as well a major US army base.

Yes, indeed.

We have reached out to Fort Sill and will respond with updates as the solicitation proceeds.

Perhaps offering them a 30-day membership as was suggested above would be a good idea.

I look forward to your updates.

Good to see that useless specifications are a global phenomenon.

I thought government agencies dusting off antiquated specs and putting out a request was "normal" (for some depressing value of normal.)  I've seen this sort of thing before with access control (well after PIV was allegedly mandated govvies seem to spec all sort of junk.)  Is this a new phenomenon or simply the same old bad problem, using this specific vendor as an example?

Many times a unit that needs a security upgrade will get a local area security company to come out and give them an estimate based on a quick site walk. This unfortunately becomes the basis of their budget and the subsequent RFP that goes out so they can get their required three bids. Generally the RFP that goes out will reference a lot of guidelines and regulations that are supposedly relevant to the project.  There is usually an approved products list and that depends on which agency or branch generates the RFP.  Most approved lists I have seen are very outdated and include a lot of obsolete equipment that you couldn't even find on eBay anymore.

Also, developing the approved products lists is another bureaucratic endeavor which just takes a lot of time.  By the time a product gets on the list it could be two or three years old.  Getting something off the list is challenging.

Companies that work in this space are very savvy in ways to work around these types of problems. 

That's what they taught me back in the day when you could get two tin cans and a piece of string procured as long as you somehow wrote up paperwork on how it was "GOSIP compliant networking equipment".  And there were "beltway bandits" who were highly skilled at this dark art.

This would suggest there's a treasure trove of outdated / weird items being requested many perhaps as questionable as Chinese-sourced cameras.  Because the beltway bandits are still around...

 

Update: The RFP was canceled on March 9th. The Army has not explained why it was canceled nor if it will be re-bid. If or when we receive more information, we will update accordingly.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

2020 Camera Book Released on Jan 10, 2020
This is the best, most comprehensive security camera training in the world, based on our unprecedented testing. Now, all IPVM PRO Members can get...
2020 IP Networking Book Released on Jan 06, 2020
The new IP Networking Book 2020 is a 280 page in-depth guide that teaches you how IT and telecom technologies impact modern security systems,...
Manufacturer Favorability Guide 2019 on Jun 12, 2019
The 259 page PDF guide may be downloaded inside by all IPVM members. It includes our manufacturer favorability rankings and individual...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
Hanwha Techwin Dropping Huawei on Jun 06, 2019
Hanwha Techwin is dropping Huawei Hisilicon from all of their products, the company has confirmed to IPVM. Inside this note, we examine Hanwha's...
Dahua Shipping To Mexican Manufacturer on Jun 07, 2019
Dahua has shipped ~300,000 pounds of parts to a Mexico manufacturing facility, IPVM has verified in shipping records. Inside this note, we...
How To See If Your Camera Uses Huawei Hisilicon Chips on Aug 30, 2019
Rarely do manufacturers disclose what SoCs (System on a Chip) they use, even though it is the core of IoT devices. Interest in this has increased...
3 Weeks Later, Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping [Now Admits] on Aug 27, 2019
The Dahua wiretapping vulnerability and Dahua's decision to delay disclosing it until IPVM inquired underscored problems with cybersecurity and...
US Army Base To Buy Banned Honeywell Surveillance on Sep 17, 2019
The U.S. Army's Fort Gordon, home to their Cyber Center of Excellence, has issued a solicitation to purchase Honeywell products that are US...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...

Most Recent Industry Reports

Favorite Video Analytic Manufacturers 2020 on Feb 25, 2020
Video analytics is now as hot as ever, driven by the excitement of advancing deep learning offers. But what are actually integrator's...
Latest London Police Facial Recognition Suffers Serious Issues on Feb 24, 2020
On February 20, IPVM visited another live face rec deployment by London police, but this time the system was thwarted by technical problems and...
Masks Cause Major Facial Recognition Problems on Feb 24, 2020
Coronavirus is spurring an increase in the use of medical masks, which new IPVM test results show cause major problems for facial recognition...
Every VMS Will Become a VSaaS on Feb 21, 2020
VMS is ending. Soon every VMS will be a VSaaS. Competitive dynamics will be redrawn. What does this mean? VMS Historically...
Video Surveillance 101 Course - Last Chance on Feb 20, 2020
This is the last chance to join IPVM's first Video Surveillance 101 course, designed to help those new to the industry to quickly understand the...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see, especially because most look and feel the same. Even insecure 125 kHz...
AI/Smart Camera Tutorial on Feb 20, 2020
Cameras with video analytics, sometimes called 'Smart' camera or 'AI' cameras, etc. are one of the most promising growth areas of video...
China Manufacturer Suffers Coronavirus Scare on Feb 20, 2020
Uniview suffered a significant health scare last week after one of its employees reported a fever and initially tested positive for coronavirus....
Cheap Camera Problems at Night on Feb 19, 2020
Cheap cameras generally have problems at night, despite the common perception that integrated IR makes cameras mostly the same, according to new...