US Embassy Requires Hikvision Cameras

By: John Honovich, Published on Aug 29, 2016

The US Embassy in Kabul Afghanistan has required only Hikvision cameras in a new US federal government bid.

However:

Quiz: See how well you know the relationship between Hikvision and the Chinese government with this 5 question quiz.

Bid Requirement Hikvision

The US federal bid calls for:

And only Hikvision will be accepted:

bids containing substitutions will be viewed as UNACCEPTABLE. If you are not able to deliver the line item as requested, DO NOT BID.

The cameras required are $100 - $150 commercial EXIR models:

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Those cameras are solid commercial offerings (see our Hikvision EXIR test results) common in small to medium sized businesses but, even without the Chinese government ownership, are a strange choice for the high standards of sole source justification for federal facilities.

But the US government has filed a request for that with no meaningful visible defense:


On the positive side for Hikvision, it is a great endorsement for them and their massively growing US sales and marketing organization to get locked in to US federal installations. 

On the other hand, it is a risk for the US government to be deploying Chinese government controlled surveillance cameras into high security federal facilities.

UPDATE Nov 2016

The State Department has cancelled this procurement and removed Hikvision cameras from this US embassy.

Vote - What Do You Think?

Second Poll (Updated)

By member request, here is a new second poll:

8 reports cite this report:

US Issues Criminal Charges Against Aventura For Fraudulently Selling Hikvision And Other China Products on Nov 07, 2019
The US government has made an unprecedented move on the video surveillance...
NYPD Refutes False SCMP Hikvision Story on Jan 18, 2019
The NYPD has refuted the SCMP Hikvision story, the Voice of America has...
Chinese Government Blocks IPVM on Oct 22, 2018
IPVM has been blocked by the Chinese government without any notice or...
Australia and French National TV Investigate Hikvision, Australia Military To Remove Hikvision Cameras on Sep 12, 2018
An Australian National TV investigation on Chinese video surveillance has put...
Remove Dahua and Hikvision Gov Installs Required By US House Bill Ban on Jun 06, 2018
The final released US House Bill HR 5515 verifies that it not only prohibits...
Hikvision Discontinuing Online Service on Dec 12, 2016
Hikvision has declared it will discontinue its Hikvision online service, just...
Hikvision Removed From US Embassy Afghanistan on Nov 22, 2016
Hikvision cameras have been removed from the US Embassy Afghanistan and a...
Pelco Matrix End Of Life - End Of An Era on Oct 20, 2016
Pelco Matrix switchers, once the pinnacle of large SD analog installations,...

Comments (69)

Only IPVM Members may comment. Login or Join.

What happened to the Buy America Act? I worked for State Department agencies for 9 years back in the late 80's and 90's. Back then Burle was the standard. Then the migrated to all Panasonic. It is a lucrative market when you start talking about maintenance and support. Things must have changed be we would get chastised for mentioning anything that was not US made. I also used to work with supplying armored vehicles for overseas posts and their weren't a lot of companies doing that work in the US back in those days even though BMW and Mercedes made great armored cars.

Which BAA - there are two of them. The one signed in 1933 would most likely apply to this procurement, however, there are quick opt-outs that can be applied (In certain government procurements, the requirement purchase may be waived by the Contracting Officer or the Head of the Contracting Activity (HCA) if the domestic product is 25% or more expensive than an identical foreign-sourced product, if the product is not available domestically in sufficient quantity or quality, or if doing so is in the public interest.)

The BAA of 1983 is on US Federal Projects (in country) using Federal $$$ for infrastructure and is managed by the Department of Transportation.

All you need is a creative writer who can craft a justifiable reason for using the non-US made product. In this case, I would say that the 25% rule (expense wise) applies.

All that to say, I think that the use of a Chinese Government product by a sensitive US government entity is a bad idea. The real problem is - where are the US camera manufacturers? Are they here - advocating for their needs - providing product that can be substituted with the HikVision product and secondarily (and possibly more important) - WHY is our government not going after the Chinese Government with WTO on their massive subsidizing of this industry ...

Maybe the guys in the movie War Dogs could organise the bids.

What do you expect from the Department of State?

It makes me wonder if the Senate or House Appropriations or Armed Services Committees might not fall out of their seats if aware of this? I support the "Buy American whenever possible" preference but in video, especially cameras it's extremely difficult to do. Given revelations of the nations most active in state sponsored hacks and back doors it has to give one pause.

Just shows the value they out in security. Kabul is a pretty safe place right...

Time for some whistleblowing.

My friend's uncle is a US diplomat... Time to make a call.

Done.

"Hikvision Achieves Risk Management Framework Certification from U.S. Army"

It means nothing to some members?

Normally I would argue the likelihood of a video data feed being viewed by foreign nationals and anything remotely actionable being discovered is slightly more than zero.

Not zero though, because of cases like this. Embassies are havens for in-country intelligence operations. Just access to the faces and times and groupings of visitors would no doubt be of substantial value to other governments.

Nobody likes a $700 hammer, but in cases like this I think we shouldn't mind paying more.

Its worth it.

I just pray that the system is on its own, completely separate, network. If it isn't, the video feeds are the least of my concern.

The presidential library is projected to cost 1Bil for starters...chump change for those donating...

Makes me a tad nervous to use Hikvision knowing the involvement that the Chinese government has with Hikvision.

And now for everyone else to connect the dots.

Given all the Chinese funding and R&D, you know that the HIK firmware is riddled with back doors. I mean, put it together: 1) if the NSA can do it with Cisco, Dell and so many other makers; 2) the NSA tools just got taken by someone, perhaps Russia, and 3) the Russians, Chinese, Iranians and others are all aligning, then: 4) the US might as well just open up the ports, default the passwords, and let www.shodan.io serve as the State Dept's global VMS. Jeeez.

"..let www.shodan.io serve as the State Dept's global VMS"

That was funny :)

...their massively growing US sales and marketing organization to get locked in to US federal installations.

And throw away the key ;)

I keep waiting for HikVision to announce Eric Snowden as their Pitchman...

I keep waiting for HikVision to announce Eric Snowden as their Pitchman...

Or his brother ;)

Please contact me when you do an Embassy job and they give you a "static IP" or port for your outside connection.

What is reason for the applicant's sole source justification?

According to the document you linked to above, Mr. Stephen Cunningham signed off on this request to use 'Other Than Full And Open Competition' - and he gave his reasoning as follows:

The cameras are being used to monitor the inside of network closets and server rooms as part of a security/accountability measure.

The 'Information Technology Local Change Control Board at Post' (whomever they are) is the 'agency' mandating the use of this particular brand and model camera. This 'agency's' claim is that they can only ensure the security of their networks by standardizing their configuration guidelines - which requires using this one brand and model camera - and even state outright: "If another brand were to be used, we would not be able to ensure the same level of security."

Further, Mr. Cunningham cites FAR 6.302-1 - "Only one responsible source and no other supplies or services will satisfy Agency requirements" - as his sole source justification.

So the IT boys like that camera, can install and configure that camera - so there is a need for 'other than full and open competition?

Finally, Executive Order 12958 (which deals with identifying and protecting classified information) cited following Mr. Cunningham's signature is no longer in effect - and has been superseded by 2 other Executive Orders. Obamas EO13526 is current.

Video surveillance from a foreign embassy will most certainly be classified information.

So Americans will never get to see it.... unless they go to work for the Chinese government maybe? :)

Hikvision coming to a NSA, CIA, MI6 or MI5 near you.. lol

Something to think about in regard to Foreign Manufactures introducing products to the US Federal Government market is how it fits into Information Assurance (IA). IA has effectively killed numerous products from entering service in the US DOJ/DoD. I guarantee that the HikVision products are not IA compliant (https://ia.signal.army.mil/docs/p52001r.pdf).

In anycase - this is going to continue to be an issue until the Federal Government controls it's FCO and ensures that they are following procurement code and executive orders.

HEY - I got no problem with this IF they open up ALL of their markets (including the Chinese Government's own institutions as a market we can directly sell to without restriction). That will never happen - guaranteed.

This should be leaked to the mainstream media.

That moment you see John Honovich on Fox News...

Remember, John... Don't say "um."

There's an interesting read here and here. The government corporation that "owns" a large portion of Hikvision has been tasked to develop software to track and predict terrorism. Seems like a botnet of NVRs with ample data would help. Possibly relevant? Worth investigating? Not sure... not a fan of conspiracy theories though I may have just opened this one.

HOWEVER:

Has anyone ever performed a penetration test against Hikvision cameras, NVRs, and DVRs the same as was performed on Axis recently? It seems that it is unlikely there is a backdoor, but I would think someone must have tested it at some point by now. It would be nice to put this to rest rather than speculate.

It's funny that the vote has been carefully designed, you have added an "only" to the question so that the answer is “No”.

If the question is "Should US Embassy require Hikvision cameras (to protect their safety)" ? then the answer is most likely to be "yes".

I also don't agree that US Embassy should only buy Hikvision cameras, they should buy whatever that is good to protect their safety, and politically correct. if they have lot of fund, then they can buy whatever best products, but at Afghanistan, other US brands are probably either too difficult to buy, or too expensive to provide a service.

Question: Is it legal for US government to buy Hikvision product ? Is it more because of political reasons or just because of the product is insecure ?

Question: Is it in the National Security interests of the US government to buy Hikvision and Chinese government product ?

3, I added a variant of your question as a poll:

you have added an "only" to the question

That reflects the fact of what is happening here. The US Embassy requires only Hikvision cameras. LTS, Dahua, Arecont, Axis, Samsung, etc. etc., no one else is allowed.

Is it legal for US government to buy Hikvision product ?

The question is being raised of whether Hikvision meets Buy America requirements which are common for such federal purchasing programs. We are looking into that.

Hikvison is great for residential but for the Embassy!? No. If they have any smarts they would choose avigilon.

Hikvison is great for residential but for the Embassy...

Suites, maybe.

Do you mean Securities or security? What camera manufacturer is actually making their cameras in the states? I'm not any happier about the cameras coming down so much in cost but if they set up shop here they're making an investment in US workers I am not concerned anymore about security of the camera and the Chinese monitoring it then I am about any other device on the network. I'd be less concerned about them spying through government firewalls then I would be about the consumer buying them installing them in their house. That all being said I'm still upset that the United States cannot buy product more relevant to here in the US but you can't fault his HikVision because of our stupidity. It's time to find a new Avenue to combat this low-cost manufacturer after all most Americans still walk into Walmart and buy an American flag that's made in China.

I was really surprised about the second vote result.

Do you really think that deploying Dahua, Hikvision, "Anyvision" cameras/NVRs are security risk? Why?

Anybody heard about network monitoring? About firewall, VPN, etc?

Securing security nowdays is much more about information security, than "what kind of camera you are using".

I agree with you 100%. If the truth was know I would bet that 99% of the HikVision detractors are competitors.

CAMERAS CANNOT DO ANYTHING WITHOUT A NETWORK, PERIOD....

(IP) CAMERAS CANNOT DO ANYTHING WITHOUT A NETWORK, PERIOD....

99% of the HikVision detractors are competitors.

And their supporters like you? ;)

There's no doubt that most Hikvision detractors are competitors just like most Hikvision supporters are partners.

Ultimately, we should be striving to find facts and real evidence.

To that end, and as those of you who read IPVM regularly know, I think the cybersecurity concern is much less important than the economic strategy that Hikvision / Chinese government is taking.

"CAMERAS CANNOT DO ANYTHING WITHOUT A NETWORK, PERIOD...."

You think your networks are secure from snooping by interested governments?

Dream on...

https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden

...99% of the HikVision detractors are competitors...

80% of 132 = 105.

1% of 105 = 1

Don't I feel special.

CAMERAS CANNOT DO ANYTHING WITHOUT A NETWORK, PERIOD....

Ok, but please remove the comma, it's grammatically incorrect,.

Not a competitor - consumer and installer.

Can you provide the link to the US Government bid referenced above?

17, this is the original link but for some reason Monday morning it was no longer publicly available. We had already downloaded the attached reports (which are the links / screenshots you see in the article).

I was mainly interested in reading / seeing the original government solicitation request. Odd the link doesn't work any more.

Just thought I would try one more time, and hopefully it comes out the woodwork...or someone knows where to look....but does anyone have a copy of the original government solicitation request?

Maybe it's squirrelled away on the the Fedbid.com website....

I have an old Upper Deck Ken Griffey Jr rookie card I could trade you...OBO.

I was searching for non-IPVM information on Hikvision and Afghanistan, and found that Hikvision's Afghan partner is a company called Tesla Engineering Services Co. - presumably NOT related to Tesla Motors in the US.

No idea whether this company would be used by the US Embassy, or if a US company would be brought in to perform the installation.

http://www.hikvisionindia.co.in/partners/distribution-partners/middle-east/tesla-engineering-services-co-kabl-afghanistan.html

http://www.tesla.com.af/aboutus.html

Honestly, I think this is shameful and I would never have believed it would ever happen. There is only one logical explanation...someone is getting greased in the process. We already know that that sort of thing is not beyond the Chinese government in any way, and sadly, our own government.

There is only one logical explanation...someone is getting greased in the process.

I have no idea why Hikvision was selected but I think their is a more banal likely explanation. They needed some cameras, they asked around, got some positive feedback on Hikvision, saw the price was so low, widely available, selected it.

That's based (1) on my experience dealing with government purchasing and (2) that greasing is typically connected to very expensive items (to include the greasing) rather than super cheap ones.

Possibly. I guess if we see more of this around the world and in our own country, then we know it's not just about 1 embassy. If we do see more Hik-only RFP's from our own fed, then I would say that said greasing is entirely realistic. We already know it's entirely possible.

If we do see more Hik-only RFP's from our own fed, then I would say that said greasing is entirely realistic.

I am sure there will be many more and with Hikvision ramping up its enterprise sales team that will accelerate it further.

I don't think greasing is the most sensible tactic. Better to just drop prices, like they are doing. So many of these bids are structured for low bid, and Hikvision excels at that.

As Edward mentions, I do think as Hikvision becomes better known other factors and concerns will block it but the super low price / super sized sales team combo is a good approach to government work.

I think you have the most salient of responses here. As with any procurement, price is critical (moving forward). I think the FCO hasn't done their research on IA compliant and BAA requirements and is taking the path of least resistance. In any case, this will continue until it they are confronted with both the risk and violation of CFR. This really is a violation of the CFR - specifically IA compliance for sensitive sites, data encryption, and foreign purchase. China is not on the most favored list of countries you are allowed to buy from - in fact, they are specifically not listed for good reason.

Hey, I'm with you but how are they able to get diacap certification do you think?

DiaCap was dropped March of 2015

By Hik?

Great question - IA is pretty rigorous. Most European / SE Asian products don't meet IA Compliance. The real issue is the list of TAA (Trade Agreement Act) countries where BAA is designated. China is NOT on that list. So, even if they achieved diacap certification, they still don't pass muster with BAA. Sometimes, however, I think we have so many regulations on products that countermand each other and make navigating this very complicated. All I have to say is - Follow the Rules (BAA is listed in the procurement as applicable and so, therefore, is TAA Countries).

Though the BAA only applies to purchases over $3,000, right?

30 x 100 = ?

What are the odds of that?

Should make you wonder why Chinese Companies are donating to Terry Mcauliffe And the Clinton Foundation, obvious Pay for Play.

http://www.thedailybeast.com/articles/2016/05/23/chinese-donor-linked-to-terry-mcauliffe-probe-also-caused-trouble-for-hillary.html

I recently sent an email to the procurement officer on a "complimentary" purchase that was listed in this thread and designated as HikVision. Here is my request and their response.

John,

I'm inquiring about this procurement as you state that this is a HikVision or equivalent product. Are you aware that your request (without valid justification - other than cost) is a complete violation of the BAA act that you say applies to this procurement. I would believe that you are violating the BAA in addition to the fact that the HikVision product is produced by a company that is partially owned by the communist government of china. This is clearly not a friendly country to the US and is not on the approved list of countries from which the Federal Government may procure products. In addition, I believe that this product will not pass IA compliance.

Please consider pulling this procurement and specifying VALID products that are IA compliant and are considered approved under BAA.

: Response :

Thank you for inquiring about subject solicitation. After considerable research, I can assure you that we are not violating the Buy American Act.

DFARS 225.1101(2)(i) - directs me to use the DFARS 252.225-7001, Buy American and Balance of Payments Program clause for acquisition of commercial items (FAR Part 12)

DFARS 252.225-7001(b) states, This clause implements 41 U.S.C chapter 83, Buy American. In accordance with 41 U.S.C. 1907, the component test of the Buy American statute is waived for an end product that is a COTS item (see section 12.505(a)(1) of the Federal Acquisition Regulation). Unless otherwise specified, this clause applies to all line items in the contract.

DFARS 252.225-7001 defines COTS as "Commercially available off-the-shelf (COTS) item"-

(i) Means any item of supply (including construction material) that is-

(A) A commercial item (as defined in paragraph (1) of the definition of "commercial item" in section 2.101 of the Federal Acquisition Regulation);

(B) Sold in substantial quantities in the commercial marketplace; and

(C) Offered to the Government, under a contract or subcontract at any tier, without modification, in the same form in which it is sold in the commercial marketplace; and

(ii) Does not include bulk cargo, as defined in 46 U.S.C. 40102(4), such as agricultural products and petroleum products.

FAR 12.505 Applicability of Certain Laws to Contracts for the Acquisition of COTS Items

COTS items are a subset of commercial items. Therefore, any laws listed in sections 12.503 and 12.504 are also inapplicable or modified in their applicability to contracts or subcontracts for the acquisition of COTS items. In addition, the following laws are not applicable to contracts for the acquisition of COTS items;

(a)(1) The portion of 41 U.S.C. 8302(a)(1) that reads "substantially all from articles, materials, or supplies mined, produced, or manufactured in the United States," Buy American--Supplies, component test (see 52.225-1 and 52.225-3).

FAR 52.225-1(b) 41 U.S.C. chapter 83, Buy American, provides a preference for domestic end products for supplies acquired for use in the United States. In accordance with 41 U.S.C. 1907, the component test of the Buy American statute is waived for an end product that is a COTS item (See 12.505(a)(1)).

These camera systems will never be connected to any outside or Air Force LAN.

Thank you again

The last line got me all hot and bothered - how are they going to ensure that this never gets connected to any outside or Airforce LAN .... how would you answer this?

NOTICE: This comment has been moved to its own discussion: Does Hikvision Violate The Buy American Act?

Much of this is a result of the Benghazi Accountability Review Board (ARB) and our government not funding an initiative. The ARB required high definition surveillance cameras at high risk facilities be upgraded, but across the board funding was slashed drastically. Before this embassy they'd been using analog but have been pushed to go to IP much quicker than they'd like, as analog product is becoming less available. Reality of this is that the federal employees that are making these decisions have experience with analog but are still learning network cameras. For many of us, when we transitioned from analog to IP, we didn't fully grasp the differences...analog is inherently a closed system...IP never will be. I think that is where DOS is now.

Don't know if somebody already saw this and posted it, but it's confusing and hilarious:

Honovich is in charge of the blog, "To Inform is to Influence?"

Honovich is in charge of the blog, "To Inform is to Influence?"

He's got another blog on the side?!

John, are you two-timing us?

;)

The 'To Inform Is to Influence' blog stole our article. I have filed a DMCA request to have Wordpress remove it.

I have filed a DMCA request to have Wordpress remove it.

In the true spirit of "Informing to Influence".

If the brief is simply to watch wiring closets wouldn't a secure solution be to simply use 3MP TVI cameras on a closed coax network with no outside network connection whatsoever. Then all they have to do is make sure no one knocks on the door that they don't know....simple no nasty red's under the bed problems.

Unless the Hilkvision cameras have hidden satellite uploading hardware built in to them that no one knows about. (cue spooky soundtrack)

With monitoring/playback only at the DVR?

Or does the TVI DVR have network access?

Yes monitor only connected at the DVR and no network connected to the LAN port. Surely no one needs to actually be monitoring cameras looking at wiring closets remotely.

Update: to those of you who protested, the State Department has addressed this: Hikvision Removed From US Embassy

Related Reports

Hikvision Impossible 30 People Simultaneously Fever Claim Dupes Baldwin Alabama on Sep 01, 2020
The Alabama school district which spent $1 million on Hikvision fever cameras...
Hikvision Global News Reports Directory on Aug 13, 2020
Hikvision has received the most global news reporting of any video...
Huawei HiSilicon Shortage Impacts Surveillance Manufacturers on Aug 14, 2020
Huawei acknowledged problems and challenges for its HiSilicon chip business,...
Hikvision Hides Xinjiang R&D Activities on Apr 22, 2020
Hikvision has systematically deleted evidence showing their R&D base and...
Dangerous Hikvision Fever Camera Showcased by Chilean City on Aug 07, 2020
Deploying a fever camera outdoors, in the rain, with no black body, is...
TVT / InVid White Light Camera Tested Vs Hikvision ColorVu on Mar 18, 2020
With mega China manufacturers Dahua and Hikvision facing both bans and human...
US Jail Uses China State Owned Fever Camera on Apr 30, 2020
Police in Ohio are boasting about their jail's new fever camera system, which...
Colombia's President Promotes Bad Hikvision Fever Camera Setup on Jun 17, 2020
Colombia's President Iván Duque has promoted a haphazard Hikvision fever...
IPVM Editorial Staff on Aug 01, 2020
IPVM has the largest and most experienced editorial team covering video...
Dahua and Hikvision Fever Cameras Endanger French and Scottish Nursing Homes on Jun 09, 2020
Dahua and Hikvision fever cameras are being used at, respectively, French and...
School District Admits Not Following FDA Guidelines With 144, No Blackbody, Hikvision Fever Cameras on Aug 21, 2020
The Baldwin County School District has admitted it is not following FDA...
Sunell is The First China Manufacturer to Market NDAA Compliance on Jul 30, 2020
Most China manufacturers are going to be impacted by the NDAA 'Blacklist...
Hikvision Put on US DoD "Communist Chinese Military Companies" List, Faces Risk of Presidential Sanctions on Jun 26, 2020
The US DoD has put Hikvision on a list of "Communist Chinese Military...
Startup Calipsa Presents AI False Alarm Filtering on Jul 21, 2020
Calipsa presented its AI false alarm filtering platform at the 2020 IPVM...
Hanwha and Hikvision Selling H.265 Without HEVC Licensing on Aug 19, 2020
IPVM has confirmed that Hanwha and Hikvision do not have H.265 licenses from...

Recent Reports

New Products Show Fall 2020 continues tomorrow with Genetec, Milestone, Avigilon, Microsoft and more! on Sep 29, 2020
IPVM's sixth online show continues tomorrow and will feature New Products...
Avigilon / Motorola VS Virtual ISC West on Sep 29, 2020
ISC West has historically been so dominant that no player would think of...
Dartmouth College Deploys K3 Temperature Screening on Sep 29, 2020
While Dartmouth College has a $6+ billion endowment, the College has bought...
Hanwha AI Object Detection Tested on Sep 28, 2020
Hanwha has added detection and classification of people, cars, clothing...
Favorite Access Control Manufacturers 2020 on Sep 28, 2020
200+ Integrators told IPVM "What is your favorite access control management...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...