Why are certain security cameras banned by the NDAA and FCC?

Lately, some Chinese companies that make telecommunications and video surveillance equipment have been under scrutiny because of the potential risks they pose to U.S. security. These companies, including big names in the industry and their subsidiaries, have caught the attention of the U.S. Government, which has taken action. This action includes restrictions on the purchase of such equipment by Federal agencies and grant recipients, as well as a ban on marketing and sales to specific markets. The National Defense Authorization Act (NDAA) Section 889 and the Secure Equipment Act of 2021 (SEA) are the laws that the Federal Communications Commission (FCC) has put in place to enforce these restrictions.

What’s the point of the NDAA and the SEA?

The NDAA is a yearly legislation that Congress passes to outline defense policy priorities and funding. Section 889 of the NDAA says that federal or grant funds can’t be used to purchase certain telecommunications equipment or services from manufacturers like Huawei, ZTE, or Hytera Communications Corporation. It also restricts the purchase of video surveillance equipment or services from Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (and any related subsidiaries).

The SEA is a directive that tells the FCC to make rules that stop the review or approval of any application for equipment authorization related to telecommunications and video surveillance equipment that’s seen as a national security threat. The FCC has put these rules in place, and they say that broadband-capable telecommunications and video surveillance equipment made by the companies I mentioned earlier (and their subsidiaries) can’t be marketed or sold to certain markets, like government facilities and critical infrastructure. These rules started on February 6th, 2023.

What made these laws necessary?

Section 889 and the SEA were made because the federal government is worried about the security risks that come with equipment from certain Chinese manufacturers. As video surveillance cameras and telecommunications devices get more advanced and connected, the chance and seriousness of cybersecurity risks have also grown.

Even though you might not think about it right away, cameras and devices with broadband capabilities can be open to cybersecurity attacks. Devices that are part of the Internet of Things (IoT), including cameras, can be used by hackers to get into bigger networks or get user data. The risks are even worse because Chinese manufacturers often sell these devices at low prices and don’t have the same strong security measures as laptops or servers.

What’s more, many newer models contain System on a Chip (SoC) technology. This gives a great deal of computing power to devices like cameras but also makes them a much more likely risk vector for hackers.

These threats could be catastrophic for any business, but the stakes are even higher when these devices are used by the federal government or in the public safety environment. If devices were hacked, the possibility of eavesdropping on classified conversations, accessing confidential information, or disrupting essential services could have enormous repercussions, both nationally and globally.

This legislation will push many security companies and service providers who work with the U.S. government to carry out thorough due diligence of all their equipment, services and relationships to ensure they are compliant.

What do Section 889 and SEA mean for businesses?

Section 889 requires that security companies and service providers working with federal agencies or receiving federal grants carry out sufficient due diligence of their equipment, services and supply chain relationships to ensure they are compliant. The SEA and the FCC’s implementing rules have broader impacts. By restricting the marketing and sale of certain Chinese manufactured equipment to certain markets, security manufacturers using such equipment may find their products compromised or investments stranded.

While it seems as though these rulings apply solely to physical security systems, these decisions will have further-reaching implications for any business with government contracts. Since government contracts are often large opportunities for many businesses, they cannot be too careful in their choice of security equipment or their security service provider.

If you are concerned your business will be affected by the NDAA or the SEA, the first, and most important step to take is to check who manufactures your equipment. If you outsource your physical security to a third party, ask them about the steps they are taking to ensure compliance. Finally, research NDAA-compliant manufacturers and products — such as those produced by Pelco — for a viable and secure alternative.