International. As part of an effort to demonstrate its commitment to product safety, Hikvision opened a new Source Code Transparency Center (SCTC) at its North American headquarters in California. The goal of the facility is to provide an opportunity for U.S. and Canadian government agencies to review the source code of a number of IP cameras, NVRs, and other products sold by the company.
According to Chuck Davis, Chief Cybersecurity Officer at Hikvision North America, the center's opening is part of a campaign by the company to make significant improvements to its cyber program in North America. "We continue to update our internal cybersecurity program and look for new ways to engage and offer educational resources to our partners on this topic," Davis says. "Since Hikvision hired me six months ago, we have completed penetration testing with Rapid7, opened a cybersecurity line, completed a tour of Canadian cybersecurity, hired additional staff for our cybersecurity team, scheduled a cybersecurity road show for 2018, and are now opening the SCTC."
Although mitigating cybersecurity threats remains an industry issue, specific vulnerabilities affecting Hikvision's products have caught the attention of media and lawmakers lately; in fact, the company was mentioned by name during a january hearing by the White House Committee on Small Business that focused on combating foreign cyber threats. Specifically, Rep. Steve Chabot cited two separate instances in 2014 in which technology researchers discovered bitcoin mining malware, as well as three major buffer overflow vulnerabilities in Hikvision's DVRs, both addressed by the company.
With the opening of SCTC, Davis says the company hopes to "raise the bar" when it comes to physical security industry standards for cybersecurity and transparency. "As the largest video surveillance manufacturer in the world, we believe it is our responsibility to be a leader in cybersecurity advocacy, and we are fully committed to this effort," Davis says. "This program is another step in our ongoing commitment to safety and transparency. We are excited about the establishment of the SCTC and believe it is a positive milestone for our company, our customers and the security industry."
Government officials interested in taking a look at the company's product source code can simply contact a Hikvision sales representative, who will work to schedule an appointment to visit the SCTC. Anyone visiting the center will also need to sign a confidentiality agreement.
When asked if the center would eventually open to security researchers and/or end users interested in implementing the company's products, Davis said they might decide to open up code review to additional applicants as they mature their processes. Hikvision will not disclose any details about program participants, the government, or otherwise.
Leave your comment