First US State, Vermont, Bans Dahua and Hikvision

Published Feb 21, 2019 15:01 PM

The first US state, Vermont, has issued a ban on a number of Chinese and Russian manufacturers including the world's 2 largest video surveillance manufacturers, Dahua and Hikvision. This follows the August 2018 NDAA banning US Government use of such products. However, the Vermont ban goes even farther.

us state vermont bans dahua hikvision 2

Ban ***********

******* ****** * "************* ******** ****** 19-01"**** ****** ***** ********, ** *** excerpt ***** ********:

****** *** ******* *** **** ******* a *** **** ****** ** ********* (i.e., ***** **** ****** ****** ****), Vermont ** ************ **** *** ***********.

**** *** ** *** *** ***** of *******'* *** '*********** *******' *** does *** ***** ** ******* ********** unconnected ** ***** *******.

OEMs ********

*******'* **** ******** ******** ********* ** IPVM, *** *****, **** **** *** included:

***, ** **** ***** *** ** prohibited ******** ** *** ***** ******* “white-labeling” ********.

Expidited *******

********, **** *** ********** ******* ** existing ********** ********, **** ***** *** *********, from ***** *******:

Chinese *********

*** ***** ***** ** ************ ********* assessment **** ***** ******* ***** ** used *** ******* *********:

********, *** * ******* ********* ****** are *** **** * ** *** US **** *** - ******, ***, Hytera **** *****, *** *********.

Vermont *****

*******,******* ** * ***** ***** ***** ********** ** **** ~***,***, **** out ** ** ****** **********. ** a ********* ******, *********, ***** *** Hikvision **** *** **** **** ********.

********, ******** ** ***** *** *********'* domestic ******** ***** ~**% ** ***** revenue ** *********, ******* ** **** less ***********. *** *******,***** *** *** ****** ******** * ******* ******. ******** *** ********* **** **** $* billion ********* **** ** * ****** China ********, ************ ** *****'* **** ******* ** concentration *****.

Signaling / ******** / ***** ******

*** ****** ****** ** *** ******* US ***** ******* ***** *** *********'* products. **** **** ** ****** **** these ********, ** ***** ******* ****** proof *** ********** *** *** **** of ***** ********.

Vote / ****

Comments (21)
MD
Matthew Del Salto
Feb 21, 2019
Hudson Security
Wonder if they will catch on to LTS and other OEM relabelers.
(7)
DE
Dennis Eversole
Feb 21, 2019

I would be amazed if some Integrators in Vermont were not already working on a list of the numerous brands that OEM from the banned houses.

(6)
JH
John Honovich
Feb 21, 2019
IPVM

Vermont's CISO Nicholas Andersen confirmed to IPVM that OEMs are included:

Yes, it does cover OEM of prohibited products or any other similar “white-labeling” scenario.

Some enterprising LTS salesperson might try it but probably not the best idea.

(2)
UD
Undisclosed Distributor #8
Feb 25, 2019

Many of these Chinese entities lie with impunity though. I've discovered many out-right lies from people like LTS.

(1)
Avatar
Rich Moore
Feb 21, 2019

IPVM does have a list of OEM Dahua and OEM Hikvision on this site.  

(3)
U
Undisclosed #1
Feb 21, 2019

Any ideas of what "or any vendor system" actually means? Would this mean 3rd party non-state vendors who provide services to the state?

JH
John Honovich
Feb 21, 2019
IPVM

#1, good question.

This section expands on that:

No State Agency shall procure or obtain or extend or renew a contract to procure or obtain any service or systems that use any product, service, system, or equipment referenced within this Directive; or enter into a contract (or extend or renew a contract) with an entity that processes, transmits, or stores State of Vermont data using any product, service, system, or equipment referenced within this Directive.

An example might be a company doing cloud video suveillance storage / management. If they used Hikvision NVRs or HikCentral as part of their 'system', they could not provide this as a 'service' to a Vermont state agency.

(1)
U
Undisclosed #2
Feb 22, 2019

Which Russian companies are banned? Axxon soft? ISS?

(1)
(1)
JH
John Honovich
Feb 22, 2019
IPVM

Kaespersky is the only Russian company included:

(1)
UI
Undisclosed Integrator #9
Feb 25, 2019

Somebody please tell Vermont about Axxon soft and ISS. They need to be added to the list of excluded Russian companies working in sensitive security areas.

(1)
Avatar
Janet Fenner
Feb 25, 2019

Undisclosed #9 - ISS is an American Company headquartered in NJ. Yes, we have offices around the world. If you want further clarification or information about our company, let me know, I would be happy to help: janet@issivs.com

(1)
Avatar
Janet Fenner
Feb 25, 2019

Undisclosed #2 - ISS is an American Company headquartered in NJ. Yes, we have offices around the world. If you want further clarification or information about our company, let me know, I would be happy to help: janet@issivs.com

Avatar
Ryan Karpilo
Feb 22, 2019

Even though Vermont is small the impact is quite big.  I’m sure this covers all state entities:  Schools, IRS, Gaming if any and on and on.

Rember, once a VMS or group of cameras is connected to a network that is open to other networks, it is no longer a CCTV system.  

Of course you could dump every non secure camera in the world or one that is full of security vulnerabilities and it will be no problem if it is on a TRUE CCTV, air gapped.  Once you extend that branch, your open for a gang bang.

If they can not be trusted and you don’t know if they ever will be, ban them.  

Regroup and come up with a security standard that can be accomplished don’t just leave it installed. 

This is a pure example of Network “Gurus” taking on devices to their precious network that they have not investigated and or done any due digiliance security reviews on.

(3)
U
Undisclosed #3
Feb 23, 2019

The reality is that it's not just the lower end companies producing unwanted "prying eyes" goods in China.  Would it really be surprising to know most of the Korean MFR's moved to china manufacturing long ago?  They had to because of the lower labor cost in China, or they would have to had to close their doors. China is just playing a shell game with the US.  Same stuff, different packaging!  Some factories have moved to Vietnam, but few.   

(2)
(3)
UI
Undisclosed Integrator #4
Feb 24, 2019

Typical US paranoia

(2)
(12)
UD
Undisclosed Distributor #8
Feb 25, 2019

Paranoia and Substantiated Concern are not synonymous.

(5)
UM
Undisclosed Manufacturer #5
Feb 24, 2019

My guess is that this can be used as a legal precedent in the US, and I would not be surprised that if 5 years half the states follow suite.

I would also imagine that the removed products will flood the domestic, and non-governmental business market, dropping the price of these products.

(2)
(1)
U
Undisclosed #6
Feb 25, 2019

Impose a nationwide ban right now.

What do we accomplish day one?

Compare that to the year 2045.

Technology will evolve, will you keep up? Will you just sit inside a sandbox wondering what the rest or the world is doing? Will you wake up?

2070, wake up Neo. Matrix or not, unconnected paradigms in regional, cultural logic is broken. Every side freaks out without realizing, this is just the beginning. Take something like today's Wagu Beef, think this is the end to such a tasty meat? 500 years from now we might have 100% grass fed grass, cannibalistic plants plotting against other plants in a competition to become the next super food of humanity. Sorry AI, no pun intended(those that get it).

Technology acuity thus changes shape and form. The future may promise IPv99 and death to the MAC address (as symbiotic chips become reality) however are you prepared? Not for today but for tomorrow. Tomorrow the thread and threat will change, however what has changed?

Wake up Neo...Vermont just banned Hikvision technology. People are... 

 

Edit: Oh BTW, can I get a thumbs down? Thanks IPVMers.

(4)
UM
Undisclosed Manufacturer #5
Feb 25, 2019

Not being an American, I did not want to speak on behalf of another country whose laws and regulations I do not fully understand; hence the use of broad terms and a realistic target of 5 years.

As for the rest of your points/argument, I feel they are just a bunch of words loosely held together by spaces and commas. I do not mean that as an insult, it's just you go from a suggestion to a question, then instead of answering it, jump straight into a Matrix dystopian hypothetical situation without cause.

If you could clarify these points, and the logical thoughts that lead you to them; I would be eager to read so I can follow your argument better.

(3)
(1)
(1)
UD
Undisclosed Distributor #7
Feb 25, 2019

Does the ban include the likes of Bosch who have re-badged Dahua cameras within their portfolio ?

And what about Axis who still have a substantial amount of product manufactured in China ?

There are going to be very few manufacturer options available, once all the OEM's have been uncovered !!

(2)
(2)
JH
John Honovich
Feb 26, 2019
IPVM

And what about Axis who still have a substantial amount of product manufactured in China?

Axis says they only manufacturer cameras in China for China. Axis cameras sold in the US are typically manufactured in Thailand, Sweeden and now some in Mexico. Related Axis: Ends Made In China Products (Except For Domestic China Sales)

Does the ban include the likes of Bosch who have re-badged Dahua cameras within their portfolio ?

We've tested Bosch cameras made by Dahua. Those cameras have entirely Bosch own firmware. I still think it is a problem for Bosch but they are not 're-badged' like LTS or Honeywell, etc.