US Army Base Specifies 70+ Outdated Hikvision Cameras (Cancelled)

Published Feb 22, 2018 13:06 PM

A US Army base has specified 70+ Hikvision IP cameras, a month after the WSJ reported a different Army base removed Hikvision IP cameras.

While this is a positive for the Chinese government-owned Hikvision's expansion into the US military, this raises security concerns. Moreover, US Army's Hikvision specifications are so low-end and outdated that it raises concerns about the security of the base.

In this note, we examine the specification and the issues involved.

[UPDATE March 2018: the RFP was canceled.]

US **** **** **** **** ********

*** ********* ** ***** ******* ****** ****, * ***** ********* **** *** the ** ****. ***** ** ** example ** * **** **** ******** ********* at *** ****:

Solicitation / ************* ********

*** ************ ********************* **--**** ********* **** ******* **** *** **** ***** ****** ** a ***** ******** ****** "***********************.****" (*** **** ****).

*** ****** ** *** * ********* (2470, ****, ****, & ****) *** consists ********* ** ******* ******** ******** (the ******* ***** ***), ** ******* 5MP ******** ("** *****") ******* *** 74 ********* ("** **********") *******.

******** ** **********  ** **** *** Vandal ********* **** ***** **** *******. Must ** ********** **** ******** ******** and ***** ******** **** *********.

    ***** ****** */*” *********** **** **** Min. ************ *.** ***@**.*, *** ** 0 *** **** ** ******* **** 1/30s ~ */***,**** **** *** @**.*, angle ** ****: **.*° (*.***, ***, 12mm ********) **** ***** *** ***** adjustment ***: *° ~ ***°, ****: ~ **° ******* ***** ********* 3D *** **** ******* ***** ******* WDR *** & ***** ********* *********** *.*** / ***** *.*** codec ******* **** ******* *** **** 32 **** ~ ** **** **** stream ***Image ***. ***** ********** **** × **** Yes, **** ************ ***** **** ****: 15fps (**** * ****), ***** (**** × ****),***** (**** * ***) ***** settings **********, **********, ******** ********** ******* client ******** ** *** ******* *** ******* ******* *** ***** ******* ****** detection, ********* ***** ********* ***/**, ****, DHCP, ***, ****, ***, ****, *****, SMTP, ***, ****, *****, ***, ***.**, Qos ****** ************* *****, ****, *** General *************** **** **************, ********************** ********* * **** *** / 100M ******** ****al ********* ********** -**°* ~ **°* (-**°* ~ ***°*) ******** **% ** **** (non-condensing) ***** ****** ** *** ± 10%, *** (***.***) ***** *********** ***. 5W (** **** *** **) ****** protection ********-*****, ***; *******, ** ** IK10 ******* ********** **** / **** IR ***** ****** ** ** ** meters **********Φ*** × ** ** ****** ****

Hikvision ***** ********* **********

*************, **** ** ** *** *** ****** *** and ***** **** * ************ *************.

*** *********** ******* *** '***** ******' Hikvision **-********-**, ****** * ***** ***, **** a**** ********* ***** **** *****. ********* ****** *** ******** ****** cameras *** ***** ** **** *****, e.g., *** **-**********-* **** *.***+, ****** ** range, '***********', ***.

** ****, *** ***** *** ********** specify **** ** * ********, ***** as **** * ***** ** **** base.

*******, *********** **** *********'* *.* ******** upgrade, **** ***** **** *** ******* PSIA (** ********* ******* **). **** is *** * ********* ** ********* (since **** ** ***********) *** ** the ********* *** *** *** ****** specifications **** *** ********** *** *** undermine ****** *********.

*******

**** ** ********* ******** *** *********, showing *** ********-******* ********* ******** ** ****** off.

** *** ***** ****, **** *** US ******* ** ******* **** ********* specified ***-*** ********* *******, ** **** raise ******** **** *** *** ************* of *** **** *** *** ******* of ************ *** ** ********** ** using.

** **** ******* *** ** **** Sill *** **** ******* **** ******* as *** ************ ********.

Comments (17)
Avatar
Ari Erenthal
Feb 22, 2018
Chesapeake & Midlantic

I wonder how many of these are just the results of somebody getting excited about the new funding increase and dusting off old quotes from two years ago without looking at it too closely. 

(10)
JH
John Honovich
Feb 22, 2018
IPVM

About funding / pricing, one thing atypical here is that its being conducted as a reverse auction:

An Offeror may submit a series of pricing bids, which descend in price during the specified period of time for the aforementioned reverse auction. 

(1)
(1)
UI
Undisclosed Integrator #1
Feb 22, 2018

At this point I have to ask: does the US military ever use anything other than Hikvision?

(3)
(7)
JH
John Honovich
Feb 22, 2018
IPVM

I am not sure if that prospect excites or scares you :)

It's a good question. I've asked one of our team members to research more systematically. Hopefully, in 2 weeks or so, we can provide more information from different solicitations and government documents.

(2)
(2)
(1)
UI
Undisclosed Integrator #1
Feb 22, 2018

I am not sure if that prospect excites or scares you :)

Neither, I don't sell Hikvision and don't work on US military bases.  I do question their decision making and/or knowledge level.  I think we should all use our 1 month IPVM invites and send to US military email addresses.

This appears to be a symptom of not caring what the product is as long as it is cheap with no further research done.

(6)
(1)
Avatar
Ari Erenthal
Feb 22, 2018
Chesapeake & Midlantic

Yes, but they've been on a pretty tight budget for the past several years. Some program managers have been getting creative. 

(1)
(1)
Avatar
Tom Sharples
Feb 28, 2018

Well we did do a wireless surveillance installation at Ft Riley in KS some years ago, using Bosch IP cams (at the client's request). A rather bizarre deal in which the client had us install an eight-channel D/A converter at the end of the chain so they could continue to use their ancient analog recording setup :-(

Avatar
Brian Karas
Feb 22, 2018
Pelican Zero

The document is titled "Salient_Characteristics.docx" and does not even specify Salient products. There is some sad irony in that.

(3)
(9)
Avatar
Chris Anderson
Feb 22, 2018

Not uncommon for public agencies to take years to actually get a project approved (from the time of specification to procurement) so you see this type of old equipment being requested more often than you'd think. It sure helps to complicate public contracting!  That's all regardless of the obvious challenges with whats being requested in this particular case...

(3)
U
Undisclosed #3
Feb 27, 2018

Working on one that started in 2014. With all the processes in place, I can understand why some don't go through redesign after the funding is finally approved. 

(1)
Avatar
Michael Gonzalez
Feb 22, 2018
Confidential

Yikes...I expected this from the Marines...they're too busy licking windows to read specs, but the Army...say it ain't so!

(3)
(9)
Avatar
Craig Mc Cluskey
Feb 22, 2018

In 2018, you would not reasonably specify this in a pizzeria, might as well a major US army base.

Yes, indeed.

We have reached out to Fort Sill and will respond with updates as the solicitation proceeds.

Perhaps offering them a 30-day membership as was suggested above would be a good idea.

I look forward to your updates.

(2)
UI
Undisclosed Integrator #2
Feb 23, 2018

Good to see that useless specifications are a global phenomenon.

(3)
(2)
U
Undisclosed
Feb 26, 2018

I thought government agencies dusting off antiquated specs and putting out a request was "normal" (for some depressing value of normal.)  I've seen this sort of thing before with access control (well after PIV was allegedly mandated govvies seem to spec all sort of junk.)  Is this a new phenomenon or simply the same old bad problem, using this specific vendor as an example?

(2)
DO
Daniel Olson
Feb 27, 2018

Many times a unit that needs a security upgrade will get a local area security company to come out and give them an estimate based on a quick site walk. This unfortunately becomes the basis of their budget and the subsequent RFP that goes out so they can get their required three bids. Generally the RFP that goes out will reference a lot of guidelines and regulations that are supposedly relevant to the project.  There is usually an approved products list and that depends on which agency or branch generates the RFP.  Most approved lists I have seen are very outdated and include a lot of obsolete equipment that you couldn't even find on eBay anymore.

Also, developing the approved products lists is another bureaucratic endeavor which just takes a lot of time.  By the time a product gets on the list it could be two or three years old.  Getting something off the list is challenging.

Companies that work in this space are very savvy in ways to work around these types of problems. 

(2)
U
Undisclosed
Feb 27, 2018

That's what they taught me back in the day when you could get two tin cans and a piece of string procured as long as you somehow wrote up paperwork on how it was "GOSIP compliant networking equipment".  And there were "beltway bandits" who were highly skilled at this dark art.

This would suggest there's a treasure trove of outdated / weird items being requested many perhaps as questionable as Chinese-sourced cameras.  Because the beltway bandits are still around...

 

JH
John Honovich
Apr 10, 2018
IPVM

Update: The RFP was canceled on March 9th. The Army has not explained why it was canceled nor if it will be re-bid. If or when we receive more information, we will update accordingly.

(3)