Earlier this year, Vermont became the first state to institute a government-wide ban on tech devices — including security cameras manufactured by several leading Chinese companies including Hikvision and Dahua.
According to state officials, the prohibition was instituted due to cyber security concerns that such technology could be used for espionage, cyberattacks, and unauthorized surveillance due to the providers’ ties to the Chinese government.
It includes leading camera manufacturers Hikvision and Dahua, as well as products built by tech giant Huawei, and came in a directive to all executive branch agencies and divisions in late February.
“The intent is to make sure that this type of equipment can’t be used against us to steal information or be the front for a cyberattack against us,” John Quinn, state secretary of Vermont Agency of Digital Services, told the local Burlington Free Press in an interview.
In all, the ban includes Chinese companies Hikvision, Duhua, Huawei, ZTE Corp, and Hytera as well as AO Kaspersky Lab, a Russian cyber security firm best known for its Kaspersky Anti-Virus software that the U.S. federal government began prohibiting in 2017.
Implications Beyond Vermont
While Vermont is the first state to formally issue such a sweeping ban, several other states have opted to avoid contracting with certain Chinese companies as the potential risks have gained wider attention throughout the U.S. cyber security community, according to the Burlington Free Press report.
Given the ongoing concern, this big blow to camera makers Hikvision and Dahua may be just the first domino to fall as companies from the country increasingly come under the crosshairs.
Thus far, Huawei has drawn the most notoriety, remaining in the news with negative headlines since its CFO Meng Wanzhou was arrested by Canadian law enforcement last December. A range of charges against the company followed in United States for bank and wire fraud, obstruction of justice, and violating Iran sanctions.
This development came not long after the United States, in the 2019 National Defense Authorization Act passed last August, formally prohibited any government agencies from using technology provided by Chinese companies Huawei and ZTE. Hikvision and Dahua cameras were also included in that prohibition, which will go into effect later this year, as part of an amendment proposed by U.S. Congress Rep. Vicky Hartzler (R-MO).
“We must face the reality that the Chinese-government is using every avenue at its disposal to target the United States, including expanding the role of Chinese companies in the U.S. domestic communications and public safety sectors,” said Hartzler in statement. “Video surveillance and security equipment sold by Chinese companies exposes the U.S. government to significant vulnerabilities and my amendment will ensure that China cannot create a video surveillance network within federal agencies.”
Hikvision, which lobbied against the amendment, has denied that there is any risk to public agencies in the United States or elsewhere in the world from its products. “Hikvision is a commercial entity that operates globally and strictly conforms to business ethics and all relevant regulations,” said Hikvision in a statement after the House of Representatives initially banned the company in its version of the defense spending bill. “We are dedicated to the advancement of safety in all countries and regions.”
In further-reaching fallout, a recent analysis from the National Cyber Security Center in the United Kingdom pointed to specific vulnerabilities in Huawei devices and even NATO is currently weighing its response to the concerns surrounding technology from the company.
Recommendations for Security Camera Users
Enterprises currently using (or considering the implementation of) Hikvision and Dahua cameras should naturally be concerned about the ever-widening fears surrounding Chinese tech manufacturers.
As always, cyber security should be paramount for all firms and this only goes double for users whose operations could be disrupted by more states — or countries — placing prohibitions on devices from these manufacturers.
Those that are already using these cameras should currently be undergoing a review of their surveillance strategy to determine how much they may be affected, both now and in the future.
At a minimum, these organizations must:
Conduct a full audit to determine their use of Hikvision and Dahua cameras, both in Vermont and in all locations where the organization operates
Consider how much a wider ban of Hikvision and Dahua cameras — in larger-population states like California or the entire U.S. — would impact your operations, including the cost and downtime of replacing all these devices
Analyze the IT budget to determine whether moving to a different provider is feasible over either the short and longer term
Enterprises that are currently planning to implement or expand their video camera surveillance are in a better position. As they move forward, they should continue to monitor these news and be sure to:
Look for vendors that are neither based in China nor manufacture in the nation
Look for vendors that place a large priority on cyber security including:
Encrypted in transit and at-rest of footage in transit and at rest
Architecting cameras that only send outbound protocols
Auto-updating software and firmware regularly
As more headlines continue to question the security of these manufacturers, all enterprises must recognize that the concerns about China are real and growing.