The U.S. Army said it removed surveillance cameras made by a Chinese state-backed manufacturer from a domestic military base, while a congressional committee plans to hold a hearing this month into whether small businesses face cybersecurity risks from using the equipment.
Fort Leonard Wood, an Army base in Missouri’s Ozarks, replaced five cameras on the base branded and made by Hangzhou Hikvision Digital Technology Co. , said Col. Christopher Beck, the base’s chief of staff. He said officials at the base acted after reading media reports about the company.
“We never believed [the cameras] were a security risk. They were always on a closed network,” Col. Beck said. The decision to replace the cameras was meant to “remove any negative perception” surrounding them following media reports, he added, without elaborating.
A Wall Street Journal article in November highlighted the prevalence in the U.S. of devices made by Hikvision, the world’s largest maker of surveillance cameras, which is 42% owned by the Chinese government. The Journal reported that some security-system vendors in the U.S. refuse to carry Hikvision cameras or place restrictions on their purchase, concerned they could be used by Beijing to spy on Americans.
China has turned the northwestern region of Xinjiang into a vast experiment in domestic surveillance. WSJ investigated what life is like in a place where one's every move can be monitored with cutting-edge technology. Video: Clément Bürge/WSJ; Image: DeepGlint (Originally published Dec. 19, 2017)0
A Hikvision spokeswoman said the company “believes the products it builds and distributes around the world must meet the highest standards of not only quality but also security. We stand by our products and processes.”
Hikvision has repeatedly said its devices are safe and secure. The company hasn’t been accused by authorities of using its devices to spy.
A Defense Department spokesman said the Hikvision cameras at Fort Leonard Wood weren’t connected to the military network. He said the department is conducting a review of all network-connected cameras on the base to ensure they are “in compliance with all security updates.” The spokesman declined to comment on whether Hikvision cameras are in use at other military facilities.
In an interview, Rep. Vicky Hartzler, a Missouri Republican who represents the district where Fort Leonard Wood is located, said: “The news that there were Hikvision cameras at Fort Leonard Wood was very concerning.”
The base has 187 security cameras in all and the Hikvision devices were used to monitor roads and a parking lot. “At no time did any of these cameras cover a high-security or high-security critical asset,” Col. Beck said.
In another move highlighting concern over Hikvision’s cameras, the chairman of a House of Representatives committee said he is calling a hearing that will look into whether Hikvision cameras pose potential risks to businesses as entryways for hackers.
Rep. Steve Chabot, an Ohio Republican and chairman of the House Committee on Small Business, said he expects the committee to focus closely on potential cybersecurity vulnerabilities in security cameras. A spokeswoman for the committee said Hikvision will be examined as part of a hearing scheduled for Jan. 30 on the topic of “foreign cybersecurity threats to small businesses.” The hearing will discuss the security-camera industry generally, but Hikvision will be the only company about which specific questions will be raised, she said.
Mr. Chabot said he is concerned by the high level of Chinese state ownership of Hikvision.
“You have a company here, Hikvision, in which the Chinese government has a major controlling interest, making a significant portion of the world’s surveillance cameras,” he said. “It is a significant concern that Beijing could use these cameras to essentially spy on us,” he added, though he didn’t offer evidence this is happening.
Security vulnerabilities in Hikvision’s cameras were highlighted last year in a notice issued by the Department of Homeland Security, which said some of its devices were easily exploitable by outside hackers.
A Hikvision spokeswoman said the company issued a firmware patch addressing the vulnerability within a week of being made aware of it. A DHS official confirmed Hikvision had issued the patch by the time the department’s notice was issued in early May.
Hikvision has said the bulk of its devices are sold by third-party distributors and that it cannot access any of its cameras after they are sold to customers. In addition, the company has said its state-owned shareholder, China Electronics Technology Group Co., has no day-to-day role in the company’s operations.
Security experts say safeguards in the camera industry are poor and risks are growing with the proliferation of internet-connected devices. In 2016, hackers took control of hundreds of thousands of cameras, including many made by a Chinese rival of Hikvision, to launch a huge “denial of service” attack that security experts said made sites run by Amazon.com Inc., PayPal Inc. and Twitter Inc. unavailable for hours.
Many Hikvision customers stand by Hikvision products. The Memphis Police Department, which has bought hundreds of Hikvision cameras since 2007 to watch the city’s streets, has said the devices help it make up to 100 arrests a year.
Congress in the past has taken aggressive action against Chinese technology companies in the U.S. In 2012, the House intelligence committee effectively blocked another Chinese tech giant, Huawei Technologies Co., from selling its telecom equipment in the U.S., saying the gear could be used to spy on Americans. Huawei has repeatedly denied its equipment is used for spying.
Write to Dan Strumpf at email@example.com