Global & Digital Comprehensive Security Blog

How Being NDAA Compliant Can Keep Bad Actors in Check

Written by Global Guardian Team | Jan 25, 2022 6:07:13 PM

Early in 2021, Bloomberg News reported that a group of hackers had breached a “massive trove” of security camera footage collected by a Silicon Valley startup. The hackers had gained access to live feeds from 150,000 surveillance cameras installed inside companies, hospitals, police departments, prisons, gyms, and schools.

“The data breach was carried out by an international hacker collective and intended to show the pervasiveness of video surveillance and the ease with which systems could be broken into, said Tillie Kottmann, one of the hackers who claimed credit for breaching San Mateo, California-based Verkada,” Bloomberg News reported.

Seemingly innocuous home security devices are equally vulnerable. In the past, hackers have tapped into Amazon’s Ring security devices to taunt children, yell racial slurs, and make death threats using a two-way speaker system, according to a class action lawsuit filed in December 2020.

THE NDAA

In an attempt to prevent such security breaches—or at least make them harder to achieve—the John S. McCain National Defense Authorization Act for Fiscal Year 2019, which specifies the budget, expenditures, and policies of the U.S. Department of Defense, prohibited the U.S. government from procuring video and telecommunications equipment from certain Chinese companies and their subsidiaries. Section 889 of the NDAA imposes a “Prohibition on certain telecommunications and video surveillance services or equipment.” It prohibits the U.S. government from buying—or contracting with an entity that uses—telecommunications equipment or services provided by five blacklisted Chinese firms.

Blacklisted Companies

  • Huawei Technologies Company
  • ZTE Corporation
  • Hytera Communications Corporation
  • Hangzhou Hikvision Technology Company
  • Dahua Technology Company

It is not just the equipment manufactured by these five companies that is blacklisted. The NDAA also prohibits the use of any security equipment that contains major components that have been constructed by the blacklisted companies.

How Global Guardian Ensures NDAA Compliance

Global Guardian has been well ahead of the curve when it comes to ensuring the security of its products. Long before the 2019 NDAA came into effect, Global Guardian was working diligently to ensure that the products it uses are secure and, in keeping with the company’s credo, American made. Today, Global Guardian takes pride in the fact that it is NDAA compliant.

In order to ensure NDAA compliance, Global Guardian works with three top security camera providers that meet the NDAA’s guidelines:

  • Avigilon
  • Axis
  • Hanwha

Avigilon and Axis also manufacture talk down IP speakers.

When a client requests Global Guardian’s services, our Asset Security and Cyber Security teams conduct a thorough full-site discovery. The teams ensure that all network video recorders, cameras, and speakers are installed behind a secure firewall. The firewall is monitored along with the camera’s feeds through a Virtual Private Network (VPN) tunnel. Knowing that their business or residence is secured through a VPN tunnel, which allows for real time monitoring of cyber threats, gives our clients the satisfaction of security.

The client is then offered an a la carte menu of security service solutions from which they can pick and choose to suit their unique needs. Global Guardian installs NDAA-compliant equipment behind a firewall. Next, we ensure we have a secure connection with our client—a connection that minimizes the exposure of cyber threats.

Weeding Out the Bad Apples

In an attempt to get around blacklists, some companies have resorted to duplicitous rebranding tactics—the “new” products now have a different name but continue to use risky components produced by the blacklisted companies.

A critical challenge facing most buyers is determining which products have been deceptively labeled. This requires finding out what OEM (original equipment manufacturer) the company is using and whether it is on the banned list, and what chipsets are used in the equipment and whether those are manufactured by a banned company.

Making such a determination is not easy given the constantly evolving picture and the lengths to which some companies will go to mask their use of products produced by blacklisted firms.

This is just one area where Global Guardian can help. In addition to conducting its own research, Global Guardian relies on a whitelist of NDAA-compliant companies produced by IPVM to navigate this complex terrain. IPVM draws up the whitelist following thorough tests of the products—for example, dismantling cameras to ensure they are not using components manufactured by blacklisted firms.

Global Guardian also works with its clients and deal partners to educate them on their current standing on NDAA compliance, the importance of such compliance, and how this affects the marketplace.

Cheaper Is Not Always Better

Being NDAA compliant restricts the number of options a company may have when it comes to picking providers. One of the main reasons some businesses or families opt for security products that are not NDAA compliant—and, therefore, vulnerable to hackers—is cost.

Partly as a result, cyber breaches have become increasingly common; valuable data are regularly compromised, stolen, or held hostage for ransom.

Peace of mind (and a company’s reputation and bottom line) is worth every dollar invested in ensuring the security solutions you pick to protect your business and/or home are NDAA compliant and secure against the threat posed by malign actors.

STANDING BY TO SUPPORT

The Global Guardian Asset Security team is standing by to support your security requirements. To learn more about our remote guard, intrusion detection, access control, and hybrid solutions, complete the form below or call us at + 1 (703) 566-9463.