Author: John Honovich, Published on Aug 13, 2018
The US President has signed the 2019 NDAA into law, banning the use of Dahua and Hikvision (and their OEMs) for the US government, for US government-funded contracts and possibly for ‘critical infrastructure’ and ‘national security’ usage.
This completes the legal process that started in May with the US House passing the bill with the ban and the August 1st Senate passing of the bill.
Direct Impact – Stop Purchasing and Removals
The ban technically starts one year after signing into law, which will be August 13, 2019. However, since the ban includes both purchasing and using existing equipment, it effectively starts immediately since it would make little practical sense to buy equipment today to have to remove it in 12 months.
The removal of Dahua and Hikvision branded equipment will be relatively straightforward since US government agencies can simply read the label on the devices. However, OEMs, which are included under the ‘produced’ for ‘affiliates’ clause, will also have to be removed.
Broader Indirect Impact – Branding
Since the US government is effectively blacklisting Dahua and Hikvsion products, this will have a severe branding and consequentially purchasing impact. Many buyers will be concerned about:
- What security risks those products pose for them
- What problems might occur if they want to integrate with public / government systems
- What future legislation at the state or local level might ban usage of such systems
Indeed, one prominent Hikvision partner has acknowledged the impact even before the bill became law:
One of my top 10s said that one of his bank jobs said that they cant do hikvision because they were put on a watch list. He is also concerned about a hospital job he has coming.
The impact outside of the US could be significant as well since many countries and organizations will see this as a negative signal about the security and trustworthiness of these products.
The following reports provide background about Hikvision and Dahua:
- Hikvision Chinese Government Origin And Control
- Hikvision: Chinese Government “Exert Significant Influence Over Our Business”
- Hikvision Chairman Joins China National Government (NPC)
- Hikvision Backdoor Exploit
- Dahua Ban Response: Not Chinese Government Owned
- Dahua Backdoor Uncovered
Update: Podcast Released
IPVM has released a podcast discussion on this. Download the 28 minute podcast here or listen to it embedded below: