Early in 2021, Bloomberg News reported that a group of hackers had breached a “massive trove” of security camera footage collected by a Silicon Valley startup. The hackers had gained access to live feeds from 150,000 surveillance cameras installed inside companies, hospitals, police departments, prisons, gyms, and schools.
“The data breach was carried out by an international hacker collective and intended to show the pervasiveness of video surveillance and the ease with which systems could be broken into, said Tillie Kottmann, one of the hackers who claimed credit for breaching San Mateo, California-based Verkada,” Bloomberg News reported.
Seemingly innocuous home security devices are equally vulnerable. In the past, hackers have tapped into Amazon’s Ring security devices to taunt children, yell racial slurs, and make death threats using a two-way speaker system, according to a class action lawsuit filed in December 2020.
In an attempt to prevent such security breaches—or at least make them harder to achieve—the John S. McCain National Defense Authorization Act for Fiscal Year 2019, which specifies the budget, expenditures, and policies of the U.S. Department of Defense, prohibited the U.S. government from procuring video and telecommunications equipment from certain Chinese companies and their subsidiaries. Section 889 of the NDAA imposes a “Prohibition on certain telecommunications and video surveillance services or equipment.” It prohibits the U.S. government from buying—or contracting with an entity that uses—telecommunications equipment or services provided by five blacklisted Chinese firms.
Blacklisted Companies
It is not just the equipment manufactured by these five companies that is blacklisted. The NDAA also prohibits the use of any security equipment that contains major components that have been constructed by the blacklisted companies.
In order to ensure NDAA compliance, Global Guardian works with three top security camera providers that meet the NDAA’s guidelines:
Avigilon and Axis also manufacture talk down IP speakers.
When a client requests Global Guardian’s services, our Asset Security and Cyber Security teams conduct a thorough full-site discovery. The teams ensure that all network video recorders, cameras, and speakers are installed behind a secure firewall. The firewall is monitored along with the camera’s feeds through a Virtual Private Network (VPN) tunnel. Knowing that their business or residence is secured through a VPN tunnel, which allows for real time monitoring of cyber threats, gives our clients the satisfaction of security.
The client is then offered an a la carte menu of security service solutions from which they can pick and choose to suit their unique needs. Global Guardian installs NDAA-compliant equipment behind a firewall. Next, we ensure we have a secure connection with our client—a connection that minimizes the exposure of cyber threats.
In an attempt to get around blacklists, some companies have resorted to duplicitous rebranding tactics—the “new” products now have a different name but continue to use risky components produced by the blacklisted companies.
A critical challenge facing most buyers is determining which products have been deceptively labeled. This requires finding out what OEM (original equipment manufacturer) the company is using and whether it is on the banned list, and what chipsets are used in the equipment and whether those are manufactured by a banned company.
Making such a determination is not easy given the constantly evolving picture and the lengths to which some companies will go to mask their use of products produced by blacklisted firms.
This is just one area where Global Guardian can help. In addition to conducting its own research, Global Guardian relies on a whitelist of NDAA-compliant companies produced by IPVM to navigate this complex terrain. IPVM draws up the whitelist following thorough tests of the products—for example, dismantling cameras to ensure they are not using components manufactured by blacklisted firms.
Global Guardian also works with its clients and deal partners to educate them on their current standing on NDAA compliance, the importance of such compliance, and how this affects the marketplace.
Being NDAA compliant restricts the number of options a company may have when it comes to picking providers. One of the main reasons some businesses or families opt for security products that are not NDAA compliant—and, therefore, vulnerable to hackers—is cost.
Partly as a result, cyber breaches have become increasingly common; valuable data are regularly compromised, stolen, or held hostage for ransom.
Peace of mind (and a company’s reputation and bottom line) is worth every dollar invested in ensuring the security solutions you pick to protect your business and/or home are NDAA compliant and secure against the threat posed by malign actors.
The Global Guardian Asset Security team is standing by to support your security requirements. To learn more about our remote guard, intrusion detection, access control, and hybrid solutions, complete the form below or call us at + 1 (703) 566-9463.