5 min read

NDAA In Effect: What You Need to Know

December 1, 2020

Over the past two decades, across the US, many businesses have selected security cameras and equipment manufactured by Hikvision and Dahua to safeguard their people and property. If you're one of the many buyers of this equipment that have come to discover that these manufacturers have been "blacklisted" by the US government, you're not alone.

The National Defense Authorization Act of 2019 (NDAA), in effect banned cameras and surveillance technology from Hikvision and Dahua, both Chinese companies. While the NDAA doesn't apply to private US businesses, the motivation behind this national bill has very real implications for private industry.

While devices manufactured by these firms were no doubt purchased to enhance the security of businesses, the actual impact of their deployment has the potential to substantially compromise security. Research and investigation into these companies and their security technology has revealed evidence of insecure backdoors that allowed outsiders to access and control the cameras.

Addition serious concerns surround the ownership structure of these companies, the role the People's Republic of China plays in company management, and role these firms may play in alleged human rights abuses in the minority Uighurs population of China's Xinjiang region.

The deadline for federal agencies and "critical infrastructure" to cease purchases of Hikvision and Dahua equipment passed in August 2019. To date many federal agencies have, or are in the process of replacing existing equipment.

In the following article, we'll look at what the NDAA is, why it came about, and what government agencies need to do to become compliant.

Why Was the NDAA Necessary?

The 2019 National Defense Authorization Act was the bill that funds defense in the United States in lew of a formal federal budget. (A federal budget hasn't passed Congress in more than two decades.) The NDAA is a form of stop-gap funding methods the U.S. government passes to keep the money flowing to federal agencies, employees, and contractors.

Since national defense is a serious issue for almost all congressional politicians, the NDAA rarely has a problem passing. And a defense authorization often has several riders that may or may not have something to do with defense.

Yet, that is not the case with the Hikvision provision of the 2019 NDAA. It threatens to strip funding from federal agencies, law enforcement, or others. Basically, anyone that might take government funds for a security-related purpose. 

Why Is the NDAA in Effect?

Congressional leaders, with the help of security experts and tech specialists, determined that Chinese companies have backdoors in some of our surveillance equipment. The two companies most in question are Hikvisiona and Dahua. The companies both have close ties or are controlled by the Chinese government. 

The companies have admitted that these backdoors did exist and that rogue players could exploit these vulnerabilities. However, Hikvision stated that it had patched these security holes, but few in Congress believe these claims.

The company also put out a public notice about the security tech's problems and claim that they are completely open in their dealings with the U.S. government.

Nonetheless, it is estimated that some 1,700 Dahua and Hikvision security cameras or systems are out there. Also, the equipment is sometimes hard to spot. The companies supply to multiple vendors. The companies' components are in equipment that does not bear their name.

Also, small agencies or companies might not have the tools or wherewithal to root out the rogue tech. It's not as easy as checking a single serial number.

Who Is Impacted? 

The actual language in the law has four designations for the ban. Those include the U.S. government and U.S. government contractors. It also includes "critical infrastructure' and "national security."

That's squishy. Basically, if you have to ask if those apply to you, it probably does. Also, if you have plans to work in any of these areas in the future, the prohibition will apply to you.

As you would have guessed, there are a couple of loopholes. 

Although the ban implicitly singles out Hikvision and Dahua branded equipment, it also tackles components. These companies' components or software code could be in all types of cameras, systems, and software. This is very hard for small companies to isolate and replace.

Some experts profess confusion about whether the law means to strip out the non-branded equipment or stop buying it. The NDAA specific language requires a plan for removal or proof of removal. There's a good amount of wiggle room in that last statement, especially for companies looking to save a buck or with a limited security budget.

Human Rights Also an Issue

The Trump Administration's interest in Hikvision and Dahua wasn't all about security. Other concerns stem from the companies' and China's treatment of ethnic minorities. The administration says the see human rights violations are regarding Muslim minorities in China, namely the Uighurs.

Some 28 Chinese agencies and companies were on the 2019 list. The designation targeted surveillance companies like Hikvision and also A.I. companies. 

Buy American

However, there is a solution for federal agencies, law enforcement, and companies with (or that want) government contracts — buy American. 

These revelations about Hikvision and Dahua is probably shocking news. And your agency needs to take these issues seriously, but there are straightforward and cost-effective solutions. 

Security professionals like those at DSC are ready to help you find high-quality equipment. In many cases, this hardware is of higher quality than that of companies like Hikvision and Dahua. 

Oftentimes these companies were chosen in the first place because they were able to supply cheap, low-cost cameras and components.

DSC is well-versed in the NDAA rules, and its products and partners have already met rigorous testing requirements. NDAA compliance is guaranteed. 

DSC's installation and maintenance professionals will not only install these systems but manage the intricate and complicated structural cabling that will need to take place. 

The other benefit of using an American security professional is the peace of mind that your cameras are in the right places to do the most good. DSC designs its security measures for individual businesses. They tailor the plan to fit the facility and client's needs. 

You'll find that cloud-based and hosted systems provide impressive life-safety solutions. These are monitored and maintained 24/7 by DSC's trained professionals. 

Changing Rules

Federal administrations change, but the emphasis on eliminating low-quality and insecure security measures is likely to stay. The NDAA in effect has changed how security at government agencies and their support networks are handled. And security experts want and need to keep backdoors out of their equipment. Hopefully, these changes will continue to keep America safe.

Are you ready to talk to someone about your security measures? Contact one of our experts today for more information. 

Topics: NDAA hikvision dahua
DSC

Written by DSC