The devil is in the details. The broader implications of the U.S. government ban on Chinese video surveillance manufacturers are being clarified in the federal rule-making process, and a public hearing in July gave the industry an opportunity to express themselves on the impact of the law.
Prohibition of material
The hearing focused on Section 889 of Title VII of the National Defense Authorization Act (NDAA) for fiscal year 2019, in particular subsection (a) (1) (B). The paragraph “prohibits agencies from entering into a contract (or extending or renewing a contract) with any entity that uses any equipment, system or service that uses covered telecommunications equipment or services as a substantial or essential component of any system , or as a critical technology in any system.“
“Covered Equipment” refers to products and services of Huawei, ZTE Corp., Hytera, Hikvision and Dahua
“Covered Equipment” refers to the products and services of Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co. Hikvision and Dahua are two of the world’s largest manufacturers of video surveillance equipment , and Huawei makes HiSilicon chips widely used in video cameras.
“Chinese ban” provision
The public hearing was part of the rule-making process for subsection (a) (1) (B), which the industry has informally referred to as the “blacklist” provision of the NDAA. However, the “Chinese ban” provision [Paragraph (a)(1)(a)] is not in question, was not covered by the public hearing and is already expected to come into force one year after the signing of the law by President Trump (August 13, 2018).
There were seven presentations at the public hearing. Presenters included the Security Industry Association (SIA), two integrators Hikvision, a representative of communications maker Hytera, an economist and lawyer on behalf of telecommunications company Huawei, and Honeycomb Secure Systems, a federal contractor. There was no live broadcast or transcript of the meeting, although PowerPoint summaries of the 10-minute presentations were posted.
SIA emphasizes clarity
In its presentation, the Security Industry Association (SIA) emphasized that contractors need clarity, i.e. paragraph (a) (1) (B) applies to the use by an entity equipment or services covered in the performance of federal contracts, but NOT for non-federal sales or the use of equipment covered by a contractor that is not related to federal work.
The SIA also focused on the distinction (and contrasting risk profiles) between CCTV equipment, which are terminals whether or not connected to the Internet, and telecommunications equipment. On the other hand, telecommunications equipment is essential to the Internet infrastructure and manages all the data on a network, encrypted or not.
Fully compliant video surveillance products
Suppliers and integrators of security equipment performing federal work can offer fully compliant video surveillance products. “
SIA’s presentation included the following ‘result’ statement: “Suppliers of security equipment and integrators performing federal work can offer fully compliant video surveillance products to the federal market, while offering other products to suit technical requirements, prices and specific customer needs which vary widely. for non-government commercial sectors – eg shopping malls, banks, convenience stores, etc.“
In other words, involvement in government contracts should not restrict an integrator’s flexibility to offer all products and services (including those of Chinese listed companies) to non-government clients. The two integrators made similar remarks, notably about their activity with Hikvision. One of the presenters was Rick Williams, general manager of Selcom, a systems integrator in Selma, Alabama, with 10 employees. They have been a Hikvision Partner since 2012 with cumulative annual Hikvision product sales of approximately $ 400,000.
Hikvision integrators speak out
A second integrator at the hearing was Mark Zuckerman of Clear Connection Inc., a security company in Beltsville, Md., With 32 local employees, which focuses on electronic security, telecommunications and IT. Clear Connection designs, installs and maintains systems in Metro DC and Baltimore, including commercial entities, schools and non-profit organizations. They make about $ 120,000 a year in business as a Hikvision partner and have over $ 500,000 in business pending from the federal NSGP. [Nonprofit Security Grant Program] approval.
In two nearly identical presentations, integrators asked for clear guidance on how to comply with the language of the law as it is written, in particular confirmation that NDAA section 889 does not apply to sales. or non-federal use of covered equipment. “This is essential for my business as I provide integrated security solutions in multiple government and commercial markets, using a mix of products from different manufacturers tailored to technical requirements, prices and customer needs which vary widely for each industry,“Williams said.
Hytera speaks at audition
We do not know what section 889 means, to whom it applies or to what extent its prohibitions extend ”
“It is not clear what section 889 means, to whom it applies, or to what extent its prohibitions extend,Zuckerman commented.If interpreted broadly, some of my clients would be barred from entering into a federal contract because they covered products installed in their facility to protect their property and staff.“
Hytera, a manufacturer of open standard digital mobile radio technology, was also present at the hearing. The presentation pointed out that Hytera does not sell to US telecom operators and does not provide 5G components or CCTV equipment. Hytera equipment is used by federal clients such as the National Gallery of Art, the National Archives, the National Zoo, and the Holocaust Museum.
Impact on customers and commerce
“These federal entities play no role in national security, and Hytera systems do not connect to any critical systems,“said the company.”However, the lack of clarity in the implementation of the NDAA has a significant impact on federal, state and commercial customers, affecting competition and choice.“
Hytera’s presentation continues: “Hytera has never been made aware by any U.S. government entity that its equipment posed a national security risk and, as such, has not been given an opportunity to address any concerns. The result of Section 889 is the creation and dissemination of false market information.Hytera also said the proposed federal rules and regulations should exempt federal agencies that do not include a national security component and equipment not interconnected with the public grid.
Impact on cybersecurity
The consolidation of the number of equipment suppliers slows down rather than helps cybersecurity “
James E. Gauch, an attorney for James Day speaking on behalf of Huawei, offered a broad argument that could be applied to any of the banned companies: “Virtually all equipment manufacturers rely on a global supply chain and face security risks from a wide range of sources, with the exception of maybe one or two suppliers depending on their national origin will not address these risks.“
He adds, “However, the consolidation of the number of equipment suppliers is slowing down rather than helping cybersecurity. The creation of a small number of dominant suppliers, regardless of their national origin, reduces the incentives for these suppliers to adopt industry-leading standards and creates greater exposure to vulnerabilities of a single supplier.“