First US State, Vermont, Bans Dahua and Hikvision

By IPVM Team, Published Feb 21, 2019, 10:01am EST

The first US state, Vermont, has issued a ban on a number of Chinese and Russian manufacturers including the world's 2 largest video surveillance manufacturers, Dahua and Hikvision. This follows the August 2018 NDAA banning US Government use of such products. However, the Vermont ban goes even farther.

us state vermont bans dahua hikvision 2

Ban ***********

******* ****** * "************* Standard ****** **-**"**** ****** ***** ********, as *** ******* ***** declares:

****** *** ******* *** that ******* * *** year ****** ** ********* (i.e., ***** **** ****** August ****), ******* ** implementing **** *** ***********.

**** *** ** *** the ***** ** *******'* own '*********** *******' *** does *** ***** ** private ********** *********** ** state *******.

OEMs ********

*******'* **** ******** ******** confirmed ** ****, *** email, **** **** *** included:

***, ** **** ***** OEM ** ********** ******** or *** ***** ******* “white-labeling” ********.

Expidited *******

********, **** *** ********** removal ** ******** ********** ********, like ***** *** *********, from ***** *******:

Chinese *********

*** ***** ***** ** intelligence ********* ********** **** these ******* ***** ** used *** ******* *********:

********, *** * ******* companies ****** *** *** same * ** *** US **** *** - Huawei, ***, ****** **** Dahua, *** *********.

Vermont *****

*******,******* ** * ***** state ***** ********** ** **** ~620,000, **** *** ** 50 ****** **********. ** a ********* ******, *********, Dahua *** ********* **** not **** **** ********.

********, ******** ** ***** and *********'* ******** ******** where ~**% ** ***** revenue ** *********, ******* is **** **** ***********. For *******,***** *** *** ****** with**** * ******* ******. And***** *** ********* **** over $* ******* ********* just ** * ****** China ********, ************ ** *****'* **** network ** ************* *****.

Signaling / ******** / ***** ******

*** ****** ****** ** the ******* ** ***** against ***** *** *********'* products. **** **** ** entity **** ***** ********, it ***** ******* ****** proof *** ********** *** the **** ** ***** products.

Vote / ****

Comments (21)

Wonder if they will catch on to LTS and other OEM relabelers.
Agree: 7
Disagree
Informative
Unhelpful
Funny

I would be amazed if some Integrators in Vermont were not already working on a list of the numerous brands that OEM from the banned houses.

Agree: 6
Disagree
Informative
Unhelpful
Funny

Vermont's CISO Nicholas Andersen confirmed to IPVM that OEMs are included:

Yes, it does cover OEM of prohibited products or any other similar “white-labeling” scenario.

Some enterprising LTS salesperson might try it but probably not the best idea.

Agree
Disagree
Informative: 2
Unhelpful
Funny

Many of these Chinese entities lie with impunity though. I've discovered many out-right lies from people like LTS.

Agree: 1
Disagree
Informative
Unhelpful
Funny

IPVM does have a list of OEM Dahua and OEM Hikvision on this site.  

Agree
Disagree
Informative: 3
Unhelpful
Funny

Any ideas of what "or any vendor system" actually means? Would this mean 3rd party non-state vendors who provide services to the state?

Agree
Disagree
Informative
Unhelpful
Funny

#1, good question.

This section expands on that:

No State Agency shall procure or obtain or extend or renew a contract to procure or obtain any service or systems that use any product, service, system, or equipment referenced within this Directive; or enter into a contract (or extend or renew a contract) with an entity that processes, transmits, or stores State of Vermont data using any product, service, system, or equipment referenced within this Directive.

An example might be a company doing cloud video suveillance storage / management. If they used Hikvision NVRs or HikCentral as part of their 'system', they could not provide this as a 'service' to a Vermont state agency.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Which Russian companies are banned? Axxon soft? ISS?

Agree: 1
Disagree: 1
Informative
Unhelpful
Funny

Kaespersky is the only Russian company included:

Agree
Disagree
Informative: 1
Unhelpful
Funny

Somebody please tell Vermont about Axxon soft and ISS. They need to be added to the list of excluded Russian companies working in sensitive security areas.

Agree
Disagree: 1
Informative
Unhelpful
Funny

Undisclosed #9 - ISS is an American Company headquartered in NJ. Yes, we have offices around the world. If you want further clarification or information about our company, let me know, I would be happy to help: janet@issivs.com

Agree
Disagree
Informative: 1
Unhelpful
Funny

Undisclosed #2 - ISS is an American Company headquartered in NJ. Yes, we have offices around the world. If you want further clarification or information about our company, let me know, I would be happy to help: janet@issivs.com

Agree
Disagree
Informative
Unhelpful
Funny

Even though Vermont is small the impact is quite big.  I’m sure this covers all state entities:  Schools, IRS, Gaming if any and on and on.

Rember, once a VMS or group of cameras is connected to a network that is open to other networks, it is no longer a CCTV system.  

Of course you could dump every non secure camera in the world or one that is full of security vulnerabilities and it will be no problem if it is on a TRUE CCTV, air gapped.  Once you extend that branch, your open for a gang bang.

If they can not be trusted and you don’t know if they ever will be, ban them.  

Regroup and come up with a security standard that can be accomplished don’t just leave it installed. 

This is a pure example of Network “Gurus” taking on devices to their precious network that they have not investigated and or done any due digiliance security reviews on.

Agree
Disagree
Informative: 3
Unhelpful
Funny

The reality is that it's not just the lower end companies producing unwanted "prying eyes" goods in China.  Would it really be surprising to know most of the Korean MFR's moved to china manufacturing long ago?  They had to because of the lower labor cost in China, or they would have to had to close their doors. China is just playing a shell game with the US.  Same stuff, different packaging!  Some factories have moved to Vietnam, but few.   

Agree: 2
Disagree
Informative: 3
Unhelpful
Funny

Typical US paranoia

Agree: 2
Disagree: 12
Informative
Unhelpful
Funny

Paranoia and Substantiated Concern are not synonymous.

Agree: 5
Disagree
Informative
Unhelpful
Funny

My guess is that this can be used as a legal precedent in the US, and I would not be surprised that if 5 years half the states follow suite.

I would also imagine that the removed products will flood the domestic, and non-governmental business market, dropping the price of these products.

Agree: 2
Disagree
Informative: 1
Unhelpful
Funny

Impose a nationwide ban right now.

What do we accomplish day one?

Compare that to the year 2045.

Technology will evolve, will you keep up? Will you just sit inside a sandbox wondering what the rest or the world is doing? Will you wake up?

2070, wake up Neo. Matrix or not, unconnected paradigms in regional, cultural logic is broken. Every side freaks out without realizing, this is just the beginning. Take something like today's Wagu Beef, think this is the end to such a tasty meat? 500 years from now we might have 100% grass fed grass, cannibalistic plants plotting against other plants in a competition to become the next super food of humanity. Sorry AI, no pun intended(those that get it).

Technology acuity thus changes shape and form. The future may promise IPv99 and death to the MAC address (as symbiotic chips become reality) however are you prepared? Not for today but for tomorrow. Tomorrow the thread and threat will change, however what has changed?

Wake up Neo...Vermont just banned Hikvision technology. People are... 

 

Edit: Oh BTW, can I get a thumbs down? Thanks IPVMers.

Agree
Disagree
Informative
Unhelpful: 4
Funny

Not being an American, I did not want to speak on behalf of another country whose laws and regulations I do not fully understand; hence the use of broad terms and a realistic target of 5 years.

As for the rest of your points/argument, I feel they are just a bunch of words loosely held together by spaces and commas. I do not mean that as an insult, it's just you go from a suggestion to a question, then instead of answering it, jump straight into a Matrix dystopian hypothetical situation without cause.

If you could clarify these points, and the logical thoughts that lead you to them; I would be eager to read so I can follow your argument better.

Agree: 3
Disagree: 1
Informative
Unhelpful: 1
Funny

Does the ban include the likes of Bosch who have re-badged Dahua cameras within their portfolio ?

And what about Axis who still have a substantial amount of product manufactured in China ?

There are going to be very few manufacturer options available, once all the OEM's have been uncovered !!

Agree: 2
Disagree
Informative
Unhelpful: 2
Funny

And what about Axis who still have a substantial amount of product manufactured in China?

Axis says they only manufacturer cameras in China for China. Axis cameras sold in the US are typically manufactured in Thailand, Sweeden and now some in Mexico. Related Axis: Ends Made In China Products (Except For Domestic China Sales)

Does the ban include the likes of Bosch who have re-badged Dahua cameras within their portfolio ?

We've tested Bosch cameras made by Dahua. Those cameras have entirely Bosch own firmware. I still think it is a problem for Bosch but they are not 're-badged' like LTS or Honeywell, etc.

Agree
Disagree
Informative
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 6,904 reports, 921 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports