fbpx
24.7 C
Sydney
Wednesday, November 20, 2024

Buy now

  • HID SIGNO
  • HIKVISION NVR
  • HIKVISION AX PRO
24.7 C
Sydney

|

25.4 C
Canberra

|

21.7 C
Perth

|

20.4 C
Brisbane

|

23.2 C
Melbourne
HomeNewsChinese Camera Ban Not About Cyber Security

Chinese Camera Ban Not About Cyber Security

The Australian government’s recent Chinese camera ban not about cyber security.

Bookmark
Page Bookmarked

The Australian government’s recent Chinese camera ban not about cyber security.

Chinese Camera Ban Not About Cyber Security – A recent ban on Chinese cameras and video intercoms by some Australian government departments, which began with the announcement 11 last-gen Hikvision cameras would be removed from Australia’s War Memorial in Canberra, and has extended to the offices of some Australian MPs, poses more questions for security installers and end users than it answers.

Is the decision based on geopolitical considerations? Have new threats been discovered in these last-gen cameras and intercoms from Hikvision and Dahua, most of which were due for replacement anyway? Are some government networks not considered secure enough to allow IT experts to monitor network and sub-net activity in a way that satisfies assessment of risk? Are the moves simply a reaction to criticism from the federal opposition? Are IP cameras even capable of carrying ‘spyware’, as Liberal Senator James Paterson recently asserted?

The signalling from government around the move has been confused. Senator Paterson stated government offices were “riddled” with spyware-infected Chinese CCTV cameras. Australian War Memorial Chief Kim Beazley said no new risks had been found and the move was predicated on an “abundance of caution”. Foreign Minister Penny Wong said the cameras were not connected to the internet, or any government data network, and were not considered a cyber security threat.

Professional CCTV Network Topology

Since what some experts considered a password-free engineering hack was found between firmware layers in Hikvision cameras around 5 years ago, CCTV cameras manufactured in China have been squeezed from Australian federal government contracts, despite the fact no Chinese-made video surveillance camera in Australia (or anywhere else in the world) has been found transmitting video streams to the Chinese Government.

Isolation

At this point, it’s worth noting that almost all professional CCTV cameras are installed on secure subnets supported by dedicated switches, servers, and video management systems, or they are installed standalone on DVR and NVRs. These systems log network actions from authorised users, including camera views, saves, searches and applications of analytics functionality, where this applies.

It goes without saying that no pro-grade network intrusion detection system could fail to alert network engineers to the transmission of big band video signals from secure network ports to an external network location. It would generate an immediate alert, remedial action and public condemnation.

Chinese Camera Ban
Firmware Check – Chinese Camera Ban

Firmware

While IP cameras can upgrade firmware automatically over public networks and will undertake handshakes with a manufacturer’s servers, these actions are ubiquitous across network devices of all types and, in the case of CCTV cameras, can be deactivated, with devices either left using original firmware, or upgraded manually.

Typically, network-based electronic security systems are updated manually by security teams managing system maintenance. These Australian security techs are highly integrated with an end user’s security operations team and will respond at a moment’s notice to issues of camera performance, network failure, or network breach.

Further, in compact applications, such as in the suburban high street offices of MPs, 3-4 CCTV cameras are installed in a basic star configuration that revolves around a PoE NVR/DVR supported by a dedicated keyboard, mouse and monitor. They are not connected to local data networks, let alone hooked to out of country servers – unlike a significant number of other manufacturers, neither Hikvision nor Dahua offers VSaaS in Australia.

Typically, the basic turret cameras used in such applications are mid-wide angle, have modest resolutions, fixed lenses, and are installed with an outward-facing angle of view covering front and rear entrances, car spaces and foyers to allow recording of events for police investigation after an incident.

Chinese Camera Ban
Chinese Camera Ban Not About Cyber Security 5

Recordings are undertaken on local hard drives and written over after 30 days. Viewing of footage and event searches can only be undertaken by a person with access control rights to the location, and who is authenticated with a password issued by a nominated system administrator – typically an admin assistant or office manager who works on-site.

These cameras are installed for safety and security, not to ‘spy’ on MPs. Nor are these cameras being ‘found’ by shocked staffers in third-tier government applications, as if the cameras crept in at night and hung themselves onto walls, as some news websites have implied.

Local Installers

These CCTV systems were installed in plain sight by professional Australian security technicians using products supplied and supported by professional Australian security distributors with technical support from suppliers’ local operations, after an official government tender process.

Chinese Camera Ban
Chinese-made security cameras will be removed from government buildings across Australia. (Chinese Camera Ban)

These cameras and related systems were chosen by government decision makers because they offered the best performance for the least cost. This is not an imperative that will change when government agencies next take locations with modest security requirements to tender.

Similar strictures around installation and governance apply to the 11 Hikvision cameras at the Australian War Memorial, which are likely external bullet cameras installed to view choke points and entries, and are entirely governed by local subnet rules and managed and viewed using an over-arching video management system provided by a third party.

This server-based VMS brings together all the cameras across the site onto a video wall for monitoring by a dedicated security team. It’s normal for a major site like the Australian War Memorial to have multiple camera brands and camera types installed for different reasons at different times with different priorities of budget. Expensive upgrades are undertaken in stages.

Chinese Camera Ban Not About Cyber Security

In SEN’s opinion, the most cybersecure IP surveillance camera is Mobotix, however, the Australian government rarely uses this brand, despite its enormous operational flexibility and impeccable cybersecurity credentials. Bosch, Axis and iPro are also highly regarded, and tier 1 offerings from everyone else – including Hikvision and Dahua, which put considerable effort into cybersecurity and transparency to correct early issues that impacted all CCTV camera makers – are close behind.

Chinese Camera Ban

Unsurprisingly in the current geopolitical climate, Chinese CCTV cameras are by far the most examined network devices when it comes to cyber security, and their camera firmware and supporting management solutions are constantly trawled through by experts looking for issues in devices that, despite their ‘surveillance’ function, are static edge sensors, governed by the settings of the network switches and servers that manage them.

It’s impossible to believe the Australian government’s highly qualified cybersecurity experts are not perfectly aware that edge devices, like CCTV cameras, when properly commissioned and installed on well-designed and secure data networks, are impossible to access remotely, and can’t be infected by ‘spyware’ in the way a mis-managed workstation or laptop might be.

Instead, they must be acutely aware the greatest security threats to security systems are posed by errors in network application, a failure to activate camera cybersecurity settings during installation and pre-commissioning, and weaknesses in the physical security around network components. And cybersecurity experts must know such risks apply to every networked device across a department’s topology – phones, switches, wired and wireless routers, laptops, servers, apps – not just to devices offering click-worthy headlines.

In our opinion, given the highly evolved state of cybersecurity in professional CCTV cameras (and intercoms), the possibility edge devices in secure subnets from any camera manufacturer, could suddenly breach network security settings and start operating unilaterally is so vanishingly small that cybersecurity can’t be the problem.

Instead the government’s core issue seems to be one of uncertainty and misunderstanding around a technology that, when properly installed and managed, leaves virtually no room for uncertainty at all.

More news from SEN.

‘The Australian government’s recent Chinese camera ban not about cyber security.’

Why are Chinese cameras banned?

Because of the potential security threat they may pose.

Are Hikvision cameras banned?

Hikvision security products are legal to use in Australia.

Are cameras legal in Australia?

Section 227A of the Criminal Code makes it an offence to video record people without their consent in places where they would expect to be private, such as a bedroom, bathroom, or changeroom. When installing surveillance cameras it is important to assess how they are positioned.

How many cameras does the Chinese government have?

There are now an estimated 540 million CCTV cameras in China.

Bookmark
Page Bookmarked

AUTHOR

John Adams
John Adamshttps://sen.news
A professional writer and editor who has been covering the security industry since 1991, John is passionate about clever applications of technology and the fusion of sensing and networking. A capable photographer John enjoys undertaking practical reviews of the latest electronic security systems.

4 COMMENTS

  1. Fully agree with your comments John.
    I can only repeat what I posted on Linkedin recently:
    The new IP VSS Standard 62676 adopted the ONVIF recommendations as a part of this standard.
    This is a very important industry milestone and all IP CCTV/VSS manufacturers attempt to implement these standards which guarantee interoperability between a variety of products, no matter which continent they come from.
    Contributing and working on any standard, I can personally witness, is a tough job. It requires unselfish 100% commitment, hard work, knowledge and most importantly it is a voluntary contribution to the industry as a whole.
    One of the latest ONVIF Profiles is the Profile M, which states:
    “…An ONVIF device conformant with Profile M is an ONVIF device that sends metadata over an IP network to a client. Profile M device also includes support for several features, including but not limited to: Metadata capability, Metadata configuration and Analytics Module configuration. Other features that may be supported on the device include Video Streaming, event handling, JSON events over MQTT, sending images in metadata, Vehicle and License Plate metadata, Human Face metadata, Human body metadata, Geolocation metadata, Face recognition event, License plate recognition event and Line crossing (Object counting) event and Rule configuration. For example, a device conformant with Profile M may be an IP network camera or an analytics device…”
    This is a very important next ONVIF Profile which we will use as AI becomes common feature of all cameras and VMSs.
    In the light of the latest Australian initiative to remove Chinese cameras from the various government sites, I wanted to make all my colleagues aware of the people and companies contributing to the making of these standards, which we use for free on a daily basis (see the screen-shot).
    These are the same companies that we are attempting to ban from doing business in Australia, simply because we blindly believe the politically driven media and parliamentarians who have no understanding of the technologies and standardisation hard work behind it.
    As I said many times: Politics should not be involved in technology development.
    ———————————————

  2. Hi,
    There are rumours that the Chinese government is able to utilise a backdoor built into a partition of the firmware that allows the device to all home.

    Various people have tested the theory with Wireshark and can confirm that the device is indeed calling home, even when that option has been disabled in the settings. They say that the data is encrypted and does not seem to have enough volume to be visual content; it does beg the question; why are the devices calling home and what is the nature of the data it is sending?

    All in all it is a worrying situation with such a large foreign power that is currently not on best of terms with the West.

    Do you recommend we trash all of our Hikvision cameras? If not then why not and how can we stop the device calling home even when that very option is disabled in the firmware settings?

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related Articles

RECOMMENDED

- Advertisement -

POLL

RECOMMENDED