US Embassy Requires Hikvision Cameras

Published Aug 29, 2016 15:50 PM
PUBLIC - This article does not require an IPVM subscription. Feel free to share.

The US Embassy in Kabul Afghanistan has required only Hikvision cameras in a new US federal government bid.

However:

Quiz: See how well you know the relationship between Hikvision and the Chinese government with this 5 question quiz.

Bid Requirement Hikvision

The US federal bid calls for:

And only Hikvision will be accepted:

bids containing substitutions will be viewed as UNACCEPTABLE. If you are not able to deliver the line item as requested, DO NOT BID.

The cameras required are $100 - $150 commercial EXIR models:

Those cameras are solid commercial offerings (see our Hikvision EXIR test results) common in small to medium sized businesses but, even without the Chinese government ownership, are a strange choice for the high standards of sole source justification for federal facilities.

But the US government has filed a request for that with no meaningful visible defense:


On the positive side for Hikvision, it is a great endorsement for them and their massively growing US sales and marketing organization to get locked in to US federal installations. 

On the other hand, it is a risk for the US government to be deploying Chinese government controlled surveillance cameras into high security federal facilities.

UPDATE Nov 2016

The State Department has cancelled this procurement and removed Hikvision cameras from this US embassy.

Vote - What Do You Think?

Second Poll (Updated)

By member request, here is a new second poll:

Comments (69)
WC
William Crews
Aug 29, 2016

What happened to the Buy America Act? I worked for State Department agencies for 9 years back in the late 80's and 90's. Back then Burle was the standard. Then the migrated to all Panasonic. It is a lucrative market when you start talking about maintenance and support. Things must have changed be we would get chastised for mentioning anything that was not US made. I also used to work with supplying armored vehicles for overseas posts and their weren't a lot of companies doing that work in the US back in those days even though BMW and Mercedes made great armored cars.

(10)
EK
Edward Knoch
Aug 29, 2016

Which BAA - there are two of them. The one signed in 1933 would most likely apply to this procurement, however, there are quick opt-outs that can be applied (In certain government procurements, the requirement purchase may be waived by the Contracting Officer or the Head of the Contracting Activity (HCA) if the domestic product is 25% or more expensive than an identical foreign-sourced product, if the product is not available domestically in sufficient quantity or quality, or if doing so is in the public interest.)

The BAA of 1983 is on US Federal Projects (in country) using Federal $$$ for infrastructure and is managed by the Department of Transportation.

All you need is a creative writer who can craft a justifiable reason for using the non-US made product. In this case, I would say that the 25% rule (expense wise) applies.

All that to say, I think that the use of a Chinese Government product by a sensitive US government entity is a bad idea. The real problem is - where are the US camera manufacturers? Are they here - advocating for their needs - providing product that can be substituted with the HikVision product and secondarily (and possibly more important) - WHY is our government not going after the Chinese Government with WTO on their massive subsidizing of this industry ...

(1)
(2)
UI
Undisclosed Integrator #1
Aug 29, 2016

Maybe the guys in the movie War Dogs could organise the bids.

(3)
(1)
UI
Undisclosed Integrator #2
Aug 29, 2016

What do you expect from the Department of State?

(3)
(3)
JS
Jack Sink
Aug 29, 2016
IPVMU Certified

It makes me wonder if the Senate or House Appropriations or Armed Services Committees might not fall out of their seats if aware of this? I support the "Buy American whenever possible" preference but in video, especially cameras it's extremely difficult to do. Given revelations of the nations most active in state sponsored hacks and back doors it has to give one pause.

(3)
UI
Undisclosed Integrator #3
Aug 29, 2016

Just shows the value they out in security. Kabul is a pretty safe place right...

(1)
(8)
U
Undisclosed #4
Aug 29, 2016

Time for some whistleblowing.

(6)
U
Undisclosed #4
Aug 29, 2016

My friend's uncle is a US diplomat... Time to make a call.

(4)
U
Undisclosed #4
Aug 29, 2016

Done.

U
Undisclosed #5
Aug 29, 2016

"Hikvision Achieves Risk Management Framework Certification from U.S. Army"

It means nothing to some members?

(1)
U
Undisclosed #6
Aug 29, 2016
IPVMU Certified

Normally I would argue the likelihood of a video data feed being viewed by foreign nationals and anything remotely actionable being discovered is slightly more than zero.

Not zero though, because of cases like this. Embassies are havens for in-country intelligence operations. Just access to the faces and times and groupings of visitors would no doubt be of substantial value to other governments.

Nobody likes a $700 hammer, but in cases like this I think we shouldn't mind paying more.

Its worth it.

(12)
UM
Undisclosed Manufacturer #16
Aug 31, 2016

I just pray that the system is on its own, completely separate, network. If it isn't, the video feeds are the least of my concern.

(1)
UM
Undisclosed Manufacturer #7
Aug 29, 2016

The presidential library is projected to cost 1Bil for starters...chump change for those donating...

(2)
UI
Undisclosed Integrator #8
Aug 29, 2016

Makes me a tad nervous to use Hikvision knowing the involvement that the Chinese government has with Hikvision.

(4)
(1)
U
Undisclosed #4
Aug 29, 2016

And now for everyone else to connect the dots.

CP
Chris Powell
Aug 29, 2016
IPVMU Certified

Given all the Chinese funding and R&D, you know that the HIK firmware is riddled with back doors. I mean, put it together: 1) if the NSA can do it with Cisco, Dell and so many other makers; 2) the NSA tools just got taken by someone, perhaps Russia, and 3) the Russians, Chinese, Iranians and others are all aligning, then: 4) the US might as well just open up the ports, default the passwords, and let www.shodan.io serve as the State Dept's global VMS. Jeeez.

(3)
(6)
U
Undisclosed #9
Aug 29, 2016

"..let www.shodan.io serve as the State Dept's global VMS"

That was funny :)

(2)
(1)
U
Undisclosed #6
Aug 29, 2016
IPVMU Certified

...their massively growing US sales and marketing organization to get locked in to US federal installations.

And throw away the key ;)

(1)
UD
Undisclosed Distributor #10
Aug 29, 2016

I keep waiting for HikVision to announce Eric Snowden as their Pitchman...

(7)
U
Undisclosed #6
Aug 31, 2016
IPVMU Certified

I keep waiting for HikVision to announce Eric Snowden as their Pitchman...

Or his brother ;)

MC
Marty Calhoun
Aug 29, 2016
IPVMU Certified

Please contact me when you do an Embassy job and they give you a "static IP" or port for your outside connection.

(1)
(4)
U
Undisclosed #9
Aug 29, 2016

What is reason for the applicant's sole source justification?

According to the document you linked to above, Mr. Stephen Cunningham signed off on this request to use 'Other Than Full And Open Competition' - and he gave his reasoning as follows:

The cameras are being used to monitor the inside of network closets and server rooms as part of a security/accountability measure.

The 'Information Technology Local Change Control Board at Post' (whomever they are) is the 'agency' mandating the use of this particular brand and model camera. This 'agency's' claim is that they can only ensure the security of their networks by standardizing their configuration guidelines - which requires using this one brand and model camera - and even state outright: "If another brand were to be used, we would not be able to ensure the same level of security."

Further, Mr. Cunningham cites FAR 6.302-1 - "Only one responsible source and no other supplies or services will satisfy Agency requirements" - as his sole source justification.

So the IT boys like that camera, can install and configure that camera - so there is a need for 'other than full and open competition?

Finally, Executive Order 12958 (which deals with identifying and protecting classified information) cited following Mr. Cunningham's signature is no longer in effect - and has been superseded by 2 other Executive Orders. Obamas EO13526 is current.

Video surveillance from a foreign embassy will most certainly be classified information.

So Americans will never get to see it.... unless they go to work for the Chinese government maybe? :)

(5)
(3)
UI
Undisclosed Integrator #3
Aug 29, 2016

Hikvision coming to a NSA, CIA, MI6 or MI5 near you.. lol

(1)
EK
Edward Knoch
Aug 29, 2016

Something to think about in regard to Foreign Manufactures introducing products to the US Federal Government market is how it fits into Information Assurance (IA). IA has effectively killed numerous products from entering service in the US DOJ/DoD. I guarantee that the HikVision products are not IA compliant (https://ia.signal.army.mil/docs/p52001r.pdf).

In anycase - this is going to continue to be an issue until the Federal Government controls it's FCO and ensures that they are following procurement code and executive orders.

HEY - I got no problem with this IF they open up ALL of their markets (including the Chinese Government's own institutions as a market we can directly sell to without restriction). That will never happen - guaranteed.

(3)
UM
Undisclosed Manufacturer #11
Aug 29, 2016

This should be leaked to the mainstream media.

(10)
U
Undisclosed #4
Aug 29, 2016

That moment you see John Honovich on Fox News...

Remember, John... Don't say "um."

(9)
UI
Undisclosed Integrator #12
Aug 29, 2016

There's an interesting read here and here. The government corporation that "owns" a large portion of Hikvision has been tasked to develop software to track and predict terrorism. Seems like a botnet of NVRs with ample data would help. Possibly relevant? Worth investigating? Not sure... not a fan of conspiracy theories though I may have just opened this one.

HOWEVER:

Has anyone ever performed a penetration test against Hikvision cameras, NVRs, and DVRs the same as was performed on Axis recently? It seems that it is unlikely there is a backdoor, but I would think someone must have tested it at some point by now. It would be nice to put this to rest rather than speculate.

(1)
(1)
(1)
UM
Undisclosed Manufacturer #13
Aug 30, 2016

It's funny that the vote has been carefully designed, you have added an "only" to the question so that the answer is “No”.

If the question is "Should US Embassy require Hikvision cameras (to protect their safety)" ? then the answer is most likely to be "yes".

I also don't agree that US Embassy should only buy Hikvision cameras, they should buy whatever that is good to protect their safety, and politically correct. if they have lot of fund, then they can buy whatever best products, but at Afghanistan, other US brands are probably either too difficult to buy, or too expensive to provide a service.

Question: Is it legal for US government to buy Hikvision product ? Is it more because of political reasons or just because of the product is insecure ?

(1)
(1)
UI
Undisclosed Integrator #3
Aug 30, 2016

Question: Is it in the National Security interests of the US government to buy Hikvision and Chinese government product ?

JH
John Honovich
Aug 30, 2016
IPVM

3, I added a variant of your question as a poll:

JH
John Honovich
Aug 30, 2016
IPVM

you have added an "only" to the question

That reflects the fact of what is happening here. The US Embassy requires only Hikvision cameras. LTS, Dahua, Arecont, Axis, Samsung, etc. etc., no one else is allowed.

Is it legal for US government to buy Hikvision product ?

The question is being raised of whether Hikvision meets Buy America requirements which are common for such federal purchasing programs. We are looking into that.

UI
Undisclosed Integrator #14
Aug 30, 2016

Hikvison is great for residential but for the Embassy!? No. If they have any smarts they would choose avigilon.

U
Undisclosed #6
Aug 31, 2016
IPVMU Certified

Hikvison is great for residential but for the Embassy...

Suites, maybe.

(1)
(4)
UI
Undisclosed Integrator #15
Aug 31, 2016

Do you mean Securities or security? What camera manufacturer is actually making their cameras in the states? I'm not any happier about the cameras coming down so much in cost but if they set up shop here they're making an investment in US workers I am not concerned anymore about security of the camera and the Chinese monitoring it then I am about any other device on the network. I'd be less concerned about them spying through government firewalls then I would be about the consumer buying them installing them in their house. That all being said I'm still upset that the United States cannot buy product more relevant to here in the US but you can't fault his HikVision because of our stupidity. It's time to find a new Avenue to combat this low-cost manufacturer after all most Americans still walk into Walmart and buy an American flag that's made in China.

Avatar
Attila Szűcs
Aug 31, 2016

I was really surprised about the second vote result.

Do you really think that deploying Dahua, Hikvision, "Anyvision" cameras/NVRs are security risk? Why?

Anybody heard about network monitoring? About firewall, VPN, etc?

Securing security nowdays is much more about information security, than "what kind of camera you are using".

MC
Marty Calhoun
Aug 31, 2016
IPVMU Certified

I agree with you 100%. If the truth was know I would bet that 99% of the HikVision detractors are competitors.

CAMERAS CANNOT DO ANYTHING WITHOUT A NETWORK, PERIOD....

(3)
U
Undisclosed #4
Aug 31, 2016

(IP) CAMERAS CANNOT DO ANYTHING WITHOUT A NETWORK, PERIOD....

(2)
JH
John Honovich
Aug 31, 2016
IPVM

99% of the HikVision detractors are competitors.

And their supporters like you? ;)

There's no doubt that most Hikvision detractors are competitors just like most Hikvision supporters are partners.

Ultimately, we should be striving to find facts and real evidence.

To that end, and as those of you who read IPVM regularly know, I think the cybersecurity concern is much less important than the economic strategy that Hikvision / Chinese government is taking.

(3)
U
Undisclosed #9
Aug 31, 2016

"CAMERAS CANNOT DO ANYTHING WITHOUT A NETWORK, PERIOD...."

You think your networks are secure from snooping by interested governments?

Dream on...

https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden

(2)
(2)
U
Undisclosed #6
Aug 31, 2016
IPVMU Certified

...99% of the HikVision detractors are competitors...

80% of 132 = 105.

1% of 105 = 1

Don't I feel special.

U
Undisclosed #6
Aug 31, 2016
IPVMU Certified

CAMERAS CANNOT DO ANYTHING WITHOUT A NETWORK, PERIOD....

Ok, but please remove the comma, it's grammatically incorrect,.

(2)
EK
Edward Knoch
Aug 31, 2016

Not a competitor - consumer and installer.

UE
Undisclosed End User #17
Aug 31, 2016

Can you provide the link to the US Government bid referenced above?

JH
John Honovich
Aug 31, 2016
IPVM

17, this is the original link but for some reason Monday morning it was no longer publicly available. We had already downloaded the attached reports (which are the links / screenshots you see in the article).

UE
Undisclosed End User #17
Aug 31, 2016

I was mainly interested in reading / seeing the original government solicitation request. Odd the link doesn't work any more.

UE
Undisclosed End User #17
Sep 01, 2016

Just thought I would try one more time, and hopefully it comes out the woodwork...or someone knows where to look....but does anyone have a copy of the original government solicitation request?

Maybe it's squirrelled away on the the Fedbid.com website....

I have an old Upper Deck Ken Griffey Jr rookie card I could trade you...OBO.

(1)
UM
Undisclosed Manufacturer #18
Aug 31, 2016

I was searching for non-IPVM information on Hikvision and Afghanistan, and found that Hikvision's Afghan partner is a company called Tesla Engineering Services Co. - presumably NOT related to Tesla Motors in the US.

No idea whether this company would be used by the US Embassy, or if a US company would be brought in to perform the installation.

http://www.hikvisionindia.co.in/partners/distribution-partners/middle-east/tesla-engineering-services-co-kabl-afghanistan.html

http://www.tesla.com.af/aboutus.html

Avatar
Rian Schermerhorn
Aug 31, 2016

Honestly, I think this is shameful and I would never have believed it would ever happen. There is only one logical explanation...someone is getting greased in the process. We already know that that sort of thing is not beyond the Chinese government in any way, and sadly, our own government.

(1)
JH
John Honovich
Aug 31, 2016
IPVM

There is only one logical explanation...someone is getting greased in the process.

I have no idea why Hikvision was selected but I think their is a more banal likely explanation. They needed some cameras, they asked around, got some positive feedback on Hikvision, saw the price was so low, widely available, selected it.

That's based (1) on my experience dealing with government purchasing and (2) that greasing is typically connected to very expensive items (to include the greasing) rather than super cheap ones.

(2)
Avatar
Rian Schermerhorn
Aug 31, 2016

Possibly. I guess if we see more of this around the world and in our own country, then we know it's not just about 1 embassy. If we do see more Hik-only RFP's from our own fed, then I would say that said greasing is entirely realistic. We already know it's entirely possible.

JH
John Honovich
Aug 31, 2016
IPVM

If we do see more Hik-only RFP's from our own fed, then I would say that said greasing is entirely realistic.

I am sure there will be many more and with Hikvision ramping up its enterprise sales team that will accelerate it further.

I don't think greasing is the most sensible tactic. Better to just drop prices, like they are doing. So many of these bids are structured for low bid, and Hikvision excels at that.

As Edward mentions, I do think as Hikvision becomes better known other factors and concerns will block it but the super low price / super sized sales team combo is a good approach to government work.

EK
Edward Knoch
Aug 31, 2016

I think you have the most salient of responses here. As with any procurement, price is critical (moving forward). I think the FCO hasn't done their research on IA compliant and BAA requirements and is taking the path of least resistance. In any case, this will continue until it they are confronted with both the risk and violation of CFR. This really is a violation of the CFR - specifically IA compliance for sensitive sites, data encryption, and foreign purchase. China is not on the most favored list of countries you are allowed to buy from - in fact, they are specifically not listed for good reason.

U
Undisclosed #6
Aug 31, 2016
IPVMU Certified

Hey, I'm with you but how are they able to get diacap certification do you think?

MC
Marty Calhoun
Sep 01, 2016
IPVMU Certified

DiaCap was dropped March of 2015

U
Undisclosed #6
Sep 01, 2016
IPVMU Certified

By Hik?

EK
Edward Knoch
Aug 31, 2016

Great question - IA is pretty rigorous. Most European / SE Asian products don't meet IA Compliance. The real issue is the list of TAA (Trade Agreement Act) countries where BAA is designated. China is NOT on that list. So, even if they achieved diacap certification, they still don't pass muster with BAA. Sometimes, however, I think we have so many regulations on products that countermand each other and make navigating this very complicated. All I have to say is - Follow the Rules (BAA is listed in the procurement as applicable and so, therefore, is TAA Countries).

(1)
U
Undisclosed #6
Aug 31, 2016
IPVMU Certified

Though the BAA only applies to purchases over $3,000, right?

30 x 100 = ?

What are the odds of that?

JF
Jean-Pierre Forest
Aug 31, 2016

Should make you wonder why Chinese Companies are donating to Terry Mcauliffe And the Clinton Foundation, obvious Pay for Play.

http://www.thedailybeast.com/articles/2016/05/23/chinese-donor-linked-to-terry-mcauliffe-probe-also-caused-trouble-for-hillary.html

EK
Edward Knoch
Aug 31, 2016

I recently sent an email to the procurement officer on a "complimentary" purchase that was listed in this thread and designated as HikVision. Here is my request and their response.

John,

I'm inquiring about this procurement as you state that this is a HikVision or equivalent product. Are you aware that your request (without valid justification - other than cost) is a complete violation of the BAA act that you say applies to this procurement. I would believe that you are violating the BAA in addition to the fact that the HikVision product is produced by a company that is partially owned by the communist government of china. This is clearly not a friendly country to the US and is not on the approved list of countries from which the Federal Government may procure products. In addition, I believe that this product will not pass IA compliance.

Please consider pulling this procurement and specifying VALID products that are IA compliant and are considered approved under BAA.

: Response :

Thank you for inquiring about subject solicitation. After considerable research, I can assure you that we are not violating the Buy American Act.

DFARS 225.1101(2)(i) - directs me to use the DFARS 252.225-7001, Buy American and Balance of Payments Program clause for acquisition of commercial items (FAR Part 12)

DFARS 252.225-7001(b) states, This clause implements 41 U.S.C chapter 83, Buy American. In accordance with 41 U.S.C. 1907, the component test of the Buy American statute is waived for an end product that is a COTS item (see section 12.505(a)(1) of the Federal Acquisition Regulation). Unless otherwise specified, this clause applies to all line items in the contract.

DFARS 252.225-7001 defines COTS as "Commercially available off-the-shelf (COTS) item"-

(i) Means any item of supply (including construction material) that is-

(A) A commercial item (as defined in paragraph (1) of the definition of "commercial item" in section 2.101 of the Federal Acquisition Regulation);

(B) Sold in substantial quantities in the commercial marketplace; and

(C) Offered to the Government, under a contract or subcontract at any tier, without modification, in the same form in which it is sold in the commercial marketplace; and

(ii) Does not include bulk cargo, as defined in 46 U.S.C. 40102(4), such as agricultural products and petroleum products.

FAR 12.505 Applicability of Certain Laws to Contracts for the Acquisition of COTS Items

COTS items are a subset of commercial items. Therefore, any laws listed in sections 12.503 and 12.504 are also inapplicable or modified in their applicability to contracts or subcontracts for the acquisition of COTS items. In addition, the following laws are not applicable to contracts for the acquisition of COTS items;

(a)(1) The portion of 41 U.S.C. 8302(a)(1) that reads "substantially all from articles, materials, or supplies mined, produced, or manufactured in the United States," Buy American--Supplies, component test (see 52.225-1 and 52.225-3).

FAR 52.225-1(b) 41 U.S.C. chapter 83, Buy American, provides a preference for domestic end products for supplies acquired for use in the United States. In accordance with 41 U.S.C. 1907, the component test of the Buy American statute is waived for an end product that is a COTS item (See 12.505(a)(1)).

These camera systems will never be connected to any outside or Air Force LAN.

Thank you again

The last line got me all hot and bothered - how are they going to ensure that this never gets connected to any outside or Airforce LAN .... how would you answer this?

NOTICE: This comment has been moved to its own discussion: Does Hikvision Violate The Buy American Act?

(1)
UM
Undisclosed Manufacturer #19
Sep 01, 2016

Much of this is a result of the Benghazi Accountability Review Board (ARB) and our government not funding an initiative. The ARB required high definition surveillance cameras at high risk facilities be upgraded, but across the board funding was slashed drastically. Before this embassy they'd been using analog but have been pushed to go to IP much quicker than they'd like, as analog product is becoming less available. Reality of this is that the federal employees that are making these decisions have experience with analog but are still learning network cameras. For many of us, when we transitioned from analog to IP, we didn't fully grasp the differences...analog is inherently a closed system...IP never will be. I think that is where DOS is now.

(1)
UM
Undisclosed Manufacturer #20
Sep 04, 2016

Don't know if somebody already saw this and posted it, but it's confusing and hilarious:

Honovich is in charge of the blog, "To Inform is to Influence?"

(1)
U
Undisclosed #6
Sep 04, 2016
IPVMU Certified

Honovich is in charge of the blog, "To Inform is to Influence?"

He's got another blog on the side?!

John, are you two-timing us?

;)

(1)
JH
John Honovich
Sep 04, 2016
IPVM

The 'To Inform Is to Influence' blog stole our article. I have filed a DMCA request to have Wordpress remove it.

U
Undisclosed #6
Sep 04, 2016
IPVMU Certified

I have filed a DMCA request to have Wordpress remove it.

In the true spirit of "Informing to Influence".

UI
Undisclosed Integrator #1
Sep 04, 2016

If the brief is simply to watch wiring closets wouldn't a secure solution be to simply use 3MP TVI cameras on a closed coax network with no outside network connection whatsoever. Then all they have to do is make sure no one knocks on the door that they don't know....simple no nasty red's under the bed problems.

Unless the Hilkvision cameras have hidden satellite uploading hardware built in to them that no one knows about. (cue spooky soundtrack)

U
Undisclosed #6
Sep 04, 2016
IPVMU Certified

With monitoring/playback only at the DVR?

Or does the TVI DVR have network access?

UI
Undisclosed Integrator #1
Sep 04, 2016

Yes monitor only connected at the DVR and no network connected to the LAN port. Surely no one needs to actually be monitoring cameras looking at wiring closets remotely.

Avatar
John Day
Oct 28, 2016
LMN Software Corp
(1)
JH
John Honovich
Nov 22, 2016
IPVM

Update: to those of you who protested, the State Department has addressed this: Hikvision Removed From US Embassy