Racz speaks out on why Genetec sees Hikvision products as security risks

Stockholm, Sweden

"The concern is directly proportional to the sophistication of the organisation."says Pierre Racz

Earlier today Securityworldhotel .com published an exclusive interview – originally published in Detektor International 1/2017– where Keen Yao, VP of Hikvision's International Business Centre, responds to the media sources that have claimed that Hikvision products are cyber security risks.

 In the same security trade magazine there is an interview with Pierre Racz, the CEO of Genetec  where he explains why the VMS-company has introduced a special restriction policy regarding Hikvision and also Huawei products. 
 "Governments have told us they are extremely concerned about the origins of these products.", says Pierre Racz in the interview, published here below on in its full length.

A few month ago Genetec  started requiring their customers to sign a waiver so that Genetec cannot be held responsible if their network or networks of their neighbours are hacked via Hikvision or Huawei devices. Genetec will continue to support devices from Huawei and Hikvision, but new customers using these devices will need to sign the waiver and pay a special 250 USD connection license in addition to standard license fees.

As a background to this decision, a report from the Commission on the Theft of American Intellectual Property from 2013, which states that China is the world’s largest source of IP theft and the annual losses for the American economy because of international IP theft is estimated to over 300 billion USD – comparable to the annual level of US exports to Asia.

Also, the New York Times has revealed a secret backdoor in some Huawei cell phones in the US.A software transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server every 72 hours.

This has worried Genetec and its customers. However, there is no such evidence regarding Hikvison. About half of Hikvision is owned by a Chinese state-owned enterprise and this is a problem according to Pierre Racz.

“Government ownership of a company is a critical factor in individual risk assessments made by the end-user”, stated Pierre Racz. “Such risk assessments are made by the end-user based on the end-users’ circumstances.”

He also adds that Genetec sheds light on obfuscated origins of equipment – so customers can make an enlightened and informed risk assessment, depending on their circumstances. Pierre Racz refer also to, when he says the Chinese government gave Hikvision a 6 billion-dollar subsidy and this has raised concern.

“The question you have to pose is: clearly its motivation is not profit, so what is it then?” says Pierre Racz.

How difficult was this waiver decision?

“It was hard but we have this ethos where we would rather lose the sale than the relationship.”

So it is not a commercial consideration?

“No. Since we are aware of the origin of these devices, our customers told us it would be hypocritical not to disclose it publicly.”

Are Hikvision products trustworthy?

“It is in the eye of the beholder. If you are a Chinese government organisation, the answer is yes. If you are an American governmental organisation, the answer is definitely no. If the risk factor is between 0 and 1, I can guarantee it is not 0. It is somewhere in between 0 and 1. A simple, hypothetical risk assessment question could be: if a Western power were to go to war with China, would you apply a security update patch to your Hikvision cameras?”

Do you think Hikvision has put backdoors in their cameras?

“Hikvision has publicly made it known that they have a password recovery mechanism for their hardware. And by default, the cameras phone home. But, in some versions of the software, an end-user can opt out.”

What about Western companies, can they not be a security risk too?

“Yes, but the difference between a democratic and an authoritarian state is that we agree there are limits to the power of government. If a western government tells a security camera manufacturer to put a backdoor in their cameras, the company can say no and take it to court. Hikvision explicitly says in its manuals, they cannot be sued if their devices are used to attack your network. And even if that was not put in the manual, you cannot sue the Chinese government.”

What about Dahua?

“Dahua is a private company and you can sue them and they are motivated by the risk of losing the trust of their customer base. The risk is not zero, but less than with a company that is owned by the government and has been given a 6-billion-dollar subsidy.”

How concerned is the market about Hikvision and Huawei products?

“The concern is directly proportional to the sophistication of the organisation. Large organisations that are more sophisticated are more concerned. Governments have told us they are extremely concerned.”

You are the only manufacturer that has taken this action. What is your message to other VMS manufacturers?

“They should rethink. I would like to remind them they are not only responsible to their shareholders, but also to their employees and most importantly to their customers and the countries that support them with infrastructure.”

Why do you think data security has become a hot topic of conversation in the security industry?

“There are a couple of reasons for why this is becoming public interest; certainly the hacking of the US election brought it to the forefront so everyone knows the danger and the threat cyber criminals can pose to our freedom and democracy.

Want to read more about cyber security and video surveillance? Read the latest issue of Detektor International online: Click here

Product Suppliers
Back to top