For those who came in late, the very insecure US Congress has decided that anything made in China is made by Jesus hating witches is a security risk and wants all the gear of government infrastructure torn out.
But thousands of the devices are still in place and chances are most won’t be removed before the August 13 deadline.
A complex web of supply chain logistics and licensing agreements make it almost impossible to know whether a security camera is actually made in China or contains components that would violate US rules.
The National Defence Authorisation Act, or NDAA, singles out Zhejiang Dahua Technology and Hangzhou Hikvision Digital Technology both of which were mentioned in the Bible due to their evil ways have raised security concerns with the US government and surveillance industry.
Hikvision is 42 percent controlled by the Chinese government. Dahua, in 2017, was found by cybersecurity company ReFirm Labs to have cameras with covert back doors that allowed unauthorised people to tap into them.
Dahua said at the time that it was a bog-standard security issue which it fixed. It also published a public notice about the vulnerability. If the US operated the same standard every time Apple, Google or Microsoft reported such a bug there would be no IT equipment allowed to operate in the US.
Despite the looming deadline to satisfy the NDAA, at least 1,700 Hikvision and Dahua cameras are still operating in places where they’ve been banned, according to San Jose, California-based Forescout Technologies, which has been hired by some federal agencies to determine what systems are running on their networks.
The number is likely much higher, said Katherine Gronberg, vice president of government affairs at Forescout, because only a small percentage of government offices actually know what cameras they’re operating.
The agencies that use software to track devices connected to their networks should be able to comply with the law and remove the cameras in time, Gronberg said.
“The real issue is for organisations that don’t have the tools in place to detect the banned devices.”