White House Proposes Blacklist of Dahua, Hikvision Users
The White House is proposing to blacklist Hikvision and Dahua users from federally-funded contracts, even if their use of this equipment is unrelated.
The new proposal, subject to public comment until March 22, uses the strongest language so far from the federal government, reflecting the Trump administration's broad interpretation of the NDAA's blacklist clause.
In this post, we examine this important development.
**********
******* ********* **** **********: *****, * *********** ** *** federal ********** ****** *********/*****/****** *********, *** second, * *********** ** *** ******* government ***** ******** **** *** ****** that “****” ***** ****** ******** (*** the ********* ******, *** ***** ** full):
— (*) *** **** ** ** executive ****** *** ***— (*) ***** into * ******** (** ****** ** renew * ********) ****an ****** that uses any equipment, system, or service that uses ******* telecommunications *********** ******** ** * *********** ** essential ********* ** *** ******, ** as ******** ********** ** **** ** any ******. [******** *****]
*** ********* ****** **** ***** **** effect ** ****** ** ****, *.*. two ***** ***** *** **** *** passed **** ***.
OMB *********** *******
** ******* **, *** ***** *****’* Office *** ********** *** ****** (***), which ******** *** ******* ******,****** * ********** ** ** “** ********* ** revise” *** ***********.
*** *** ********* ** ***** ******* a *** ****, * *** ***.***, that ********** *** ****’* ********* ****** for "******* ***** [*****/****] **********" *** are "***** ********** *****". *********, *** OMB ********* **** ******** **** ***** prohibit **********-****** ********* **** ******** **** "use" ****** *********, ********** ** ******* this *** ** ******* ** *** federal **********:
**** *********** *******even ** *** ******** ** *** ******** to procure or obtain, any equipment, system, or service that uses covered telecommunications equipment or services. [emphasis added]
Trump **************'* "***** **************" *********
**** *** ******** **** **** *** been *** ******** ******* ** *** blacklist ****** **** *** *****, ***** on ******** ** ** **** * Congressional ********* ************ (******* ***** ** ********* ** ***, Banned **** ******* ** ** ******* Government, **** ** ****.)
*******, ***** ***, *** ******* ********** itself *** *** **** ** ******** about ************ ******** *** ***** ****** equipment ** ********* ********. ************, *** OMB ******** ** *** "******* ***** recipients" ***** "********** *****", ***** ** more ********* **** ****** ******* ********** agencies **********; *** *******, ** ***** encompass * ******* ********* ***** * federal ***** ** ******** ********.
** ** *** ***** **** *** Trump ************** ***** ** ************ * "broad **************" ** *** ****, ** D.C. *** **** **** ********* ** ** ********:
*** ******** ******** * ***** ************** of § ***’* ***** *** ****-******* statutory ***********
Impact ** *********** ****
**** *** **** ****** **** ***** mean * ********* ***** ************** **** be ******* ***** ******* *********** *************** ** ***** ******* ** ********* the ********* ****** *** *** ******* government ****** ************:
[****] *** ****** *** ***** **************’* intention ** ****** * ********* ***** approach ** *** *********** ********** ************ procurement *********** ***** § ***(*)(*)(*), ***** will **** ****** ********* ****** **, 2020.
** ** *** ************** ******* **, **** ***** *** rule (***** ** *** *** ******) is ***** ******** ** *** **********'********* ****** *********** *******.
**** *** **** **** **** ** even ***** ****** ** ********* *********** from *** ******* ********, **************** **** ****-***** ******** **** *** FBI *** *** ******** *** **** the ***** *****, **** *******, *** Veterans **************, ***.
Remaining ***********: **** **** "****" ****?
*** *** ******** **** *** ******* what ** ***** ** "****" - for *******:
- ** ********** **** *** ********* * Hikvision ****** ** * ***** ******. Does **** ***** ** ** ****** that "****" ****** *********?
- * ************ / ********** **** ********* or ******* **** **** ********* *** non-government *********. **** **** *****?
- * ***********, **** ** *** ** Anixter **** ***** ***** *** ********* broadly ** ******* ********** *****. **** that *****?
- ** ***-**** **** *** ***** ** Hikvision ******* ******* ** ***** **********. Does **** *****?
** ****** **** ******* ** **** question ** *** ****** ******, *******, the ******** ******** ***** ******** ** expansive **************, ***** *** **** **** Gump:
**** ** *** ******* *********** ********* are ********* ******** *** ******* ** regulations ************ § ***(*)(*)(*)’* *********** ** contracting **** ** ****** **** “****” items *** ******** ********* ** § 889. ***’* ******** ************** ** *** Loan/Grant *********** ** *** ************ ******* to ***** *********** ***********,but *** *********** ** ******* ********’ *********** ************* **** ***** ******** **** *** “******* **********” ******** *** ***** ************** ******* ** ******* ********* *** **** “****” in § 889(a)(1)(B).
OMB ****** ***********, **** *** ********
** ** ***** ****** **** *** OMB******** *** "******* ****" ** *** impact ** *** ********* **************, ***** is *** **** ***** *** ********:
*** *** ******* **** ** *** impact ** **** *********** ** ******* award ********** *** *********** *** *** covered ********** *** ***** ******** ** the ***********, ******, ************ ******, *** cost ********** **** ************ **** ***********. Commenters *** ********** ** ******* ******** data ** *** ******* ** **** proposed ****** *** *********** ** *** to ******* ************** ** **** ***********.
**********
*** ****** **** **** ** ***** Dahua, ********* ** ****** ***** ******** that **** ***** ** ** ******** with *** ******* ********** ** ** federally-funded ******** ****** *** **** ***** attention ** **** *******. ** ** becoming ************ ***** **** **** *** a ******* ****** ** ***** ***********.
Poll / ****
* ***********, **** ** *** ** Anixter **** ***** ***** *** ********* broadly ** ******* ********** *****. **** that *****?
** ******* *** ***** ** *** Canadian ****** **** ** *** **** interesting ********* ** **. * ******* it's ****** ******** **** ***** ************ would **** **** ******* ***** ********, but ** **** *** ** ***** make *** ******** ****** **** * lot **** **** *** ********* **** has ********* **** *** **** *** years ** *** **.
** ******* *** ***** ** *** Canadian ******
*******, ****** *** **** ***** *******! With *** ******** ******, ** ****** another ******** - ** * ******* uses ** ***** ***** ** ********* in ****** *** **** *** **** or *** ** ** *** **, does **** *****? * ***'* ****.
* ** ***** **'* ********, ****** unlikely, **** **** ************, **** ***, might **** ******* ***** *** *********. As **** ** **** ***** ****** to ***** ***** *************, **** ***** still **** * ****** ** ***-**** products **** ****** ****** ***** ****. Not ****** **** ** * **** or ***** **** *** **** *** Coronavirus, *** **** *** **** ****** of ***** ***** ******** **** ** readily *********. ***** * ******* *** challenging *********.
****** ****.
**** ** ********** *** ** ***** situations **** ****** * *** **** questions **** ******* *** *'* **** someone ***** ***** ****** ******* *** the ************ **** ****** ** ***** and *************. ** ** ** *** end ** *** *** **'* **** another ****** ** * ******* **** of ******* *** ** **** *** association **** ***** *************.
*** **** **** * ** **** for *** ***** ***** ** *** front ***** *** *** *** ** really ********* ********* ** *** ** this.
** **** ***** ***** **** ****** be ****** ** *** *** ****** for ****** **** ******** ** * would ** ********** ** *** ****, if ***, *** *** **** ******* will ****** **** *** ** ****. With **** ************* ***** ********* **** there ** ***** ******* *** **** others, *** *** ******** ** ********** being ****** ** ******, ** ***** North *******.
******* ***** * *** ** ********* SoC ***** *******, ***** * ****** would ** ******* *** ** *** Huawei **********.
*** *********** ******/*********. **** ** ***** ********** were ***** ** ********* *** **** (3COM *** ****** **** ** *********** history, ****** **!). ** ** ****** serves ********* **** *** **** ***** joint ******* *** *** ** ***** security ********** *** *** *** * spin *** **** ****. **** **** deep *********** ** ******/*********. ** **** this ******* ** **** *** ** the ***** * ***** ************ "*******" to ****** *** **** **** **** their ***** **** ******* *** ******************* ***** ********** ***** ***** *** the ******* ********. ** *** **** meetings **** ***** ********** ***** ********* and ***** *******. ** **** ******* because **** **** ***** ** **** Capital ** *** ****, ***** ***** they **** **** **** **% ******** owned, **** *** **** ***** ***** though *** ****'** **** ********** **** to ***** ******* ********* * *** times ***** ****.
** **** ** *********** ** ******* ever **** ******* ***** *** ****** security ********. ** ****** ***** ** the ***** ******, *** ** *** industry *** *** ***** ** **** the ******, *'* ******** ** ******* into ******** (***** ** *****) ***** about ***.
*** **** ** *** ***** ******** manufacturers *** *** ***** *** ****** chips ******. **** ****** *** ** integrators ** ********* ****.
*** **** ** *** ***** ******** manufacturers *** *** ***** *** ****** chips
*****, **** ********. **** ***** ** particularly ***** ** **** **** *** vary ** * ***** ** ***** basis. *** *******, **** *** * few ******* ***** *********, ******** ************. And ********* **** ********* ** **** models, ********* ** ****** ***.
*** **** ***-******* ************* *** ********* as ****.
******. * ******** ******* ** **** products **** ******* ******** *** **** were *********** ***** ***** ** ***** products ******* ****** ***** *** ***** did ***. ** * *** *** asked * ***** *** **** *****.
***** *** **** ********* * ***** not ***** ** **** ** *** truth ***** ***** ******** - ************ some ** ***** ********* **** ******** Hikua ***** ** *** ** *** call **** ****** ** *************.
* ***** * ********** *** ********* behind ****, ***** ** ** ****** Hikuawei ** ******** ** ******** ******* simple ******** ******. *** * ***** this *********** ** ******* ******** ******** fashion. ** **** **** ******** **** spy ********, ***** ****** ******, ***. but *** **** ** *** **** to **** ********** **** ********* **** may ** * ***-***** ********* ** the ****** ** ****? ****** ***, the ****** ** ******** ****'* **** their ***** ** *** ***** *****!
** ***** ***** **** ******** ********** or ************** ******* *******'* ** ***** Hikuawei *** ************** ** ********, *** this ******** ****** ****** **** * very ***** ***** **** **** ** paint ****. ******** ***** ********* ***** Hikuawei ********* ****** ** ********* **** by ****. *******, * **** * small ********. * **** * ****** product *** ***** *********, *** ***'* say ** ** ******** **** ** evaluate **. * *** ********* ******* around *** ******** ** ** ***** (where * **** * "**** ******") to ***** ****** **** ******** **** my ******* *** ******** ** ********. Am * *** ************ **** ******* to ** ** ******* ** ****?
*'* *** * ******* ***. * bought ********* ******* ** *** ** budget *** *********** ************, *** *** so ***** ** *** **** *****. Why ****** * ** ******** *** the *** ******** ** * *******, unrelated *************** ****'*** ******* ************ *** ** ******** ** *** kind ** ******* * ****? *********** I'd **** ** **** *** ******** plan ** *** ******* ***** ******** and ******** ******* ** * ******** user?
** ****, ** *** **** *** that ****.*** ********* #****-***: ******* ********* ******** user, *** *** ** **** ******** their **** ********.** *** ******* ****** "******* ****** WE **** * *******!! **** *******RATATATATATAT* ******** **** - ********* ******* *** and ****** ****** ****** ** ****, clear **** ** **** ******* ** officers...
**** * ******* ***********, ** ***** sorta ***** ***** ** **.
******* *'* *** **** ********** *** is ******** *********** *****. *** **, these ******* *** ** ********** ******** tool. *** * **** ** ** is **** * *** ******* *** suddenly *** **** ******** ****** *** some **** ******** ******* ********. ****'* the **** **** ******** *** **** ban (****** ***'** * ******* ****** who ****** ** *** ****** *** about *****).
** **** **** **** **** ** do **** ***? ** *** **** anything ** ** **** *** *.*. government, *** *** ** ** *** list. ******* ** **** ******? ***, please. ******* *** *** ***'* **** much ********** **** ****** ******* *** your **** *******. *'** ***** *** the ******, ** **** ***** ***** (you ****** ** ****** *** ********, so ******** **** ***'* **** *****) and **** * *** **** ****** for ********* ***********. ***** * *** get ** **** ******. ** *** have * ******, ***** * *** get **** **** ** ****. *** attack **** ** ********** *** *****, infiltrate *** *****. ********, * ***** be ********* ***** ******** ** ******, but ** **'* **** * **** network, *'* *** *******.
** **** **** ******, *'** ******** installing * ****** ******* *******. (* already ********* * ***, ** ********** another ******* ** ****** ******.) *'** watch *** * ***** *** *** how *** ******** **** **** ********** contacts. ** ** ** *****? *****, I'll **** **** ******* ***** *** send **** *** ** ** ***, maybe **** **** *******. ** *** use * *** ******? ****, *'** log ** ***** ****** **** ***'** not *******. ** *** *** * VPN ** *** **** * ******* level *******? ***** **. *'** **** use ******** ***** *** ***, *** use **** ** *** *** **** further. **** *****, **********, *****, *** so **.
******** ** ******** ** * ****** bit *** *****, ********* **** ********* don't **** ** ***** *****. *** the *.*. ********** *** ******** ****** stakes, ** **** ** **'* * theoretical ******, **** **** ** ***** about **.
***, **** ***** **** ***** ** me ***. * *** ****** ****** the ******* **** * **** ****** perspective, *.*. ***** *** ****** ****** to *** ******** ** ******** **'* pointed **. ** **** **** ** circumstance, ******* ****** *****'* **** ***** as ***** ** **'* ******* ** my ********.
*** ******* *** ******** (*****, *** being * ******, * ** ********** with) *** *** **** ***** *** certainly *********. ***** *** *** *** detail.
********** *** ***** - *** **** of *** ******** ******** ** ******* all ** ***** *****, ****** ******* Linux ************* **** ***** ** **** as ***** ** * ******.. *’* bet *** ***** ** **** ******* damage ** **** **** **** ** a *********** **** ******.
**** ******* ********* ****** ******.
****'* **** ******** ** ******* **, 2016. * ************ ****** ** ** ******* *** DVRs **** ******** ****************** *** *** *** ********.********* ** *********, *** ****** **** **** *******, Reddit, *******, ******, *** ******, ***** others.
*********** *********** *** ****. ******* ** they're ************ ** **** ******* *** are **** ***** ** ******* ***** US ********** ******** *** *** ***** employees **** ****** *** $*** ****** camera ****, $** **** ******* *** Amazon, ** *** ** *** ***** millions ** ****** *******, ******, ******* TV *****, *** ******* ***** ******* that *** ***** ********* ********? ***** are ******** (***** ********?) ** ******* with ***** ******** **** ** *** knows ***** ********* *** ****** ******* them.
*** *** **** ***** ** ******* every
** ******* ** ********* ** ****** here. *** ***** *** **** * law ********* ***** ********* ** ********** because ****** ***’** ***** ** **** to *** ******** ** **** *********. On *** ***** ****, *** **** that ***** ** * *** *** even **** ***********, *** *** *** effect ** ****** *** ******* ****** much **** ******. ** ******* ** our ********’* *******, ********** *** **** of ******* **** **** **** ****** take *** ******* ******. *****/********?
****** **** ***** *** ***** ******** weakness ***** **** *** **** ** the **** ********, ********* *******...
*** #* ** *******. ****** ********** that ** *** * ******** ***. This ** **** *** ***** ** live **. *** **** ** ******* about **, *** "******* ********" *** most ********* **** *** *******, *** and ** *** ******. ******* *********** the **** (*** *** ********) ** the **** **** *** ******* *** largely * ******* ***** ***, *** the **** ****, "***-*****" **** ** moral ** ******* ********* **********. **** it ***** ** **** ******** *** espionage, *** ******* *********** ********** *****'* transmit **** ** *** ***.
* *** ***** ********* ******* ** this **********. *** *** **** *** they ***** ** ** **** ****?
-** **** **** ***** ** ** looked ** *** *** ******** ***** the **** *** **** **** ******?
-**** ***** ********* **** ***** ** that *****?
-**** ***** ********* **** ***** * name (**** ** ****) **** *** installer/end ****/********** *** *** **** *** the ********* *******?
**** *********, *** *** ***** ** that ** ***** **** ****** ******* on **** *** ********** ***** ** "uses." ** ***** ***** ** ********* sold ***** ** *** **** ** it ***** ***, ******** *** ******* tense "****" ***** **** **'* *** retroactive, *** * ***** **'* ******** to **. ** ** ********** ****, we'll **** ** **** *** **** implementation *******, ***** **** ****** ** the ****** ****** **** *** *** rule ** ******** *** **** *** OMB ********* *** ********.
********* ** ********** *** ****'* **** about ********* ******** - *** ******* something ** *** * ***** ******.****** ******, * ************ *** *** ************* committee ***** ******* *** ****,**** **** ** ****:
** * ******* *** ** *** item **** ********** ***** **** **** sell ** ******, **** **** ** unable ** ** ******** **** *** federal **********.
* ***** *** **** ******, *** have **** ***** **** ** * talking ***** *** **** **** **** existing *** ********* *******. **********, *** tentacles ** **** **** ** **** deeply **** *** **** ***** ** a ***** ***** ****** ***** ******** touches *** ******* ********** **** **** to ******* **** ********** ***** ******* of ***. *'* *** *** **.
*** ** **** ******* *******? * small ****** ** **** ******** **** about ******** ******** *** **** **** care ***** *** ***** ****** ********. Some ****** ************ ********* ** ****** * ****-****(******** * firmware ***) ** *** ***** ***** the ***** ****** *** **** ******. They ****** ****'* **** **** ****** the ****** *** ******* ** * factory-default ** *** ** *** *********** (tested *** ****** ** *** ***).
** ****** ******* ***** ** * would ******, ** **** **** *****. Transportation, ****** **********, ***** *****. ** firm **** * *** ** **** in *********** *******, *** * ***'* get *** **** ***** ** ******* from ****. **** ******** ** **** bottom-line ******** *** ****** ** ****** they *** ******** ** **** **** from *** *******. **** ****, *** human ****** ******* ** *** ** the *****. *** **** ***** *** been ** ************ *** *** ** long, **** ******* ******* ******* *** the ****** ***** **** **** ******* (my *******) ******* ** *** ***** guys **** ****** ********. ** ***** some **** ****** ** *** "****" product **** *********** ***** ** *** front ***, ******* **** ***-*********** **** can **** ***** ** *** **** us, *****-****. ** *** ***** * have * ***** ****** ** **** investment ** ********* *** ***** ***** how **** ***** **** ****** **** long ****. * ********** **** *****, BTW, **** ***********!
* *** ****** **** **** ** also *** **********. * ***** *** technology ** ** ****** (* ***** joke *** ******** *** **** ************) that ******* ** **** ** *** technological ***** ***** **** *** **** in *** *********/***** *****. ****** *** the **** ***** ***! *'* **** they ***** ****** *********!
** * *** * ****** *** every **** * ***** "** *** cares ** *** ******* *** ***** my *******", * ***** ****... ****** enough ***** ** *** * ***** coffee. * ****** ****** ***'* **** much ***** ****.
* ******** *** *****, ***** *** Zachary, **** *** ** **** ******.
* ***** *** ***** ** ********* education, *** ***** ***** *** *** willing ** ******, *** ****** *** differentiation ******* ******* ******* *** ********* a ********.
** ** ********** ******** ** ****** always ******* ******** ****** *** ****** line ** ** ** ****** * revenue ********** **** ** *** *** "as **** ** ** *****" ********* is **** ******.
*** ******* ******** ** ***** ******** awareness, ** ***** ***** ********** ********** teams, ****** ****** ***** ** **** us ***** *** **** ***** *** make *** ********* **** ******** ** listen *** ********** ** *** ***** vulnerabilities ****** ***** ******* ****** ** an ************, *** ** **** ***** take **** ****.
*** **** ** ****** **** *** expect *** ************* ** ******** *** us **** ** * ****** **** is ** ***** ****** ** ** the ****** ****** ** * ***** OEM?
** ** ************ *** ****** ******* what ** ** *** ****** *** whether ** ** ** ** ***. Would ** **** ** ***** *** a ******** *** ******* ***** **** and ********* *******......** *** *** ***** there ************* ** **** *** *****.
***** *** **** ******** ********...**** *******. But ********* ******* ** * ********** organization **** ***** *** *** ******** standards.
* ****** ** ******** ** ****** does ****.
** ******* ****** **** **** *********/***** 4 ***** ***. ** ***** ** moved ** ** ***. **** ** time **** *** ** ******* ******* less *** ****. ** **** ***** we **** ****** ** ******** (************ computer *****) ** *** ********* **** are **** ** *****. ** ***’* get *** ** ***** *** ****** like **** ********, ********* ** ***** supplies *’* ****. *** ** *** as ******* **. **’** ***.
* ** **** * ******** *** that ***** *** ***** *******. ** use ***** **** ***** *** **** do *** *********. **** ** *********** but ****** ***********. **** ***** ***** manufacturers *** ****** ********* *****. *** that’s **** **’* * ******* ******** company ******* ** * ******* ******** office.
**** ***** ***** ************* ***OEMing ********* still.
*** *** ******* ***** ***** ** do *** ****** **** ***** ******? I **** *** ***** ** *** company ****** ********* ***** ******
* ** **** ***** ***** *************. Companies **** *****, ***, *********, *** and ****** *** ***** *** ******* for ***** ***** ****.
** ******, * ********** **** *** mean ***. * ******* *** ***** that *** ***** ****** ********** **** being **** ** ***
** ********** *** ********** *** *********** maneuvers **** ***** ********** ** ***** economical ****** ** ************ ******* ***** the ******** ** *** ***., **** they ****** ******** *** ************ ** the ********. *********** *** ***** ** unjustifiably ***** ******* **** *** **** processes, ****** *** ******* ** *********, for ******* *** ******** ******.
**** ****** **** *** ***** ***/*** customers **** ******* ** *** **
******: ***** ***** *** ******* *******, Ben ****** (*-**),**** **** * ******** *** ***** *****'* *** ****** that **** *** ** *******/******** "*********" for ***** ********** ** ****** **** the ********* ******:
** ************ ******* **** *** ****** that *** *********** *********** ** ********* section ***(*)(*)(*) ** *** ****** **** include ******** ********* ** ***** ***** business *********** *** ******* ***** ****** chains *** *********** ****** *********.
*** ****** *****'* **** **** ******* on **** ***** ********* ***** ******** look ****, ** *** **** ****** "small ********".
*****, ** *******, **** ******* ***** make ****** ****** *** **** *********** without ****** ** *******/********** ******.
*******, **** *********!
*********, **** ** ******** ****** ****** **** ** *** ****** for ************* *********, **** * ******* **** ** was ****** ***********. **** ********* **** Axis *** **** ****** ** ** concerned. ******* *** *** ******* ***** of **** ***** ************ ****** ************* who **** *** **** ******** ** Dahua, *********, ******.
*******:******* ***** "*****-******* ****** **********" **** Banned ********* ********,********* ****** ** **** ***, *** Non-Banned ******* *** *************.