Upload
vanhuong
View
246
Download
1
Embed Size (px)
Citation preview
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary © 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Hikvision Cybersecurity Overview
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary © 2016 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Remarkable Growth Rate
Why is Hikvision a target?
Set the Record Straight
Cybersecurity – Bigger Picture
Chinese Ownership
History of Vulnerabilities
2014 to Present
Approach to Cybersecurity
Why Hikvision?
01
02
03
04
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Global Overview
2016
2001
$0
$1.07B NET PROFIT
$4.67B SALES REVENUE
Currency in USD
7% - 8%
Over 20,000 globally
9,000+ engineers
No. 1 worldwide - 23.2% of
the global network security
camera market
GROWTH RATE
26.32%
of annual revenue reinvested into R&D
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Top 2 Video
Security
Market
Player
Expected to be #1
by 2018
Average annual growth for the video
surveillance industry is approximately
7% per year.
Hikvision is over 50% year-over-year.
North America Overview
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Local Support in the US and Canada
340 Employees CURRENT
400+ Expected By 2018
Warehouses in Los Angeles and in Miami
Dedicated customer service, inside sales support and call centers in US and Canada
Local technical support in Los Angeles, Montreal, and Dallas, and across North America
New R&D facility in Montreal
Los Angeles
Montréal
Dallas
Miami
U
s
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary © 2016 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Remarkable Growth Rate
Why is Hikvision a target?
Set the Record Straight
Cybersecurity – Bigger Picture
Chinese Ownership
History of Vulnerabilities
2014 to Present
Approach to Cybersecurity
Why Hikvision?
01
02
03
04
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Hikvision has been incorrectly labeled as having poor cybersecurity practices
Let’s review the Facts
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
FACT:
Hikvision is a global, publicly traded company, listed on the Shenzhen Stock Exchange (SHE: 002415)
Hikvision itself is not an SEO
Four major stockholder groups:
Common-share/international institutional
SEO shareholders
Individual investor
Company founders and executives
Is Hikvision a division of the Chinese government?
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Is Microsoft’s product security poor?
Microsoft product vulnerabilities are regularly discovered and exposed.
Some vulnerabilities are significant, such as “Eternal Blue.”
In CVE’s vulnerability database, Microsoft products has 4,472 vulnerabilities listed, many
more than other comparable companies.
The truth…
Microsoft is a world-class company.
Microsoft is the world leader in product security best practices
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Windows
Security Updates 127 just for 2016
https://technet.microsoft.com/en-us/library/security/mt637763.aspx
Lenovo
Security Updates 16 just for 2016
https://support.lenovo.com/us/en/product_security/PS500001?LinkTrack=Solr
Oracle
Security updates 910 just in 2016
http://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-093627.html
Android
Security updates 411 just in 2016
https://source.android.com/security/bulletin/
Apple
Security updates 56 just in 2016
https://support.apple.com/en-us/HT201222
Security exploits
Combined
Security Updates
1,520
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
What is CVE? CVE is a list of information security vulnerabilities and
exposures that aims to provide common names for publicly known cybersecurity issues.
The goal of CVE is to make it easier to share data across separate vulnerability capabilities (tools, repositories, and services) with this “common enumeration.”
Who owns CVE?
The National Cybersecurity FFRDC, operated by the MITRE Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.
Common Vulnerabilities and Exposures (CVE)
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
bb
8
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Mainly: One Source Reports on Hikvision Security Events
Total of 221 security articles 149 mention Hikvision
Some sites favor sensationalist
coverage over factual evidence
Where is this information coming from?
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Hikvision has a backdoor Privilege Escalation Vulnerability - A “backdoor” is generally considered to be a
vulnerability that is intentionally placed by a manufacturer. A coding error, on the other
hand, is not placed intentionally. Importantly, ICS-CERT (division of DHS) classified the
Hikvision vulnerability as coding error, not a backdoor.
The issue was addressed and corrected with a firmware release within 2 weeks of
discovery.
Hikvision has been banned by the US Government There is NO “U.S. Government ban” on Hikvision products. An unauthorized reseller
listed Hikvision products on the US “GSA Schedule.” They were selling products that
should not have been listed on the GSA schedule. This was in no way sanctioned by
Hikvision. Once discovered, Hikvision asked the reseller to remove Hikvision from the
GSA as Hikvision products are proudly built, assembled and packaged in China.
Hikvision is as division of the Chinese Government — Hikvision is a publicly traded company, with a diverse set of owners. The largest
shareholder is a State-Owned Enterprise.
Quick Fact Check:
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Cybersecurity requires an ongoing commitment– Hikvision is
fully engaged in this effort, and is stronger because of it.
Everyone is responsible for ensuring safe secure environments.
Although roles may differ, responsibility does not. With
everyone's participation we all stand a better chance in cyber
security.
Enacting strong cybersecurity measures may not be convenient,
but they are well worth the time spent.
If an issue occurs, Hikvision acts swiftly and efficiently to
identify and resolve it.
There is no system or product that is 100 percent secure.
Hikvision’s View on Cybersecurity
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
100% transparency
Set the record straight – dispel misinformation through a large-scale campaign
Provide ongoing target hardening trainings
Work with A&Es to encourage cybersecurity best practices are written into the tender documents
Offer onsite commissioning support to ensure cybersecurity best practices are followed
Be the education leaders on cybersecurity
Provide and recommend cybersecurity certification
Hikvision’s Goal:
Known Thought Leaders on Cybersecurity
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary © 2016 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Remarkable Growth Rate
Why is Hikvision a target?
Set the Record Straight
Cybersecurity – Bigger Picture
Chinese Ownership
History of Vulnerabilities
2014 to Present
Approach to Cybersecurity
Why Hikvision?
01
02
03
04
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Cybersecurity 2014
MARCH AUGUST NOVEMBER
Nov 2014: Buffer overflow vulnerability was
found in Hikvision DVRs
Hikvision’s Response:
New firmware
Notifications
Constant communications
New resources created
Aug 2014: Malware targeting Hikvision 7200HWI
and 7300HWI series DVRs
Hikvision’s Response:
New firmware
Constant communication
Free shipping
Hikvision engineers onsite support
Mar 2014: Malware designed to mine bitcoins
infected many manufacturers’ DVRs
and NVRs
Hikvision Response:
New firmware where needed
Constant communication
Tech bulletin
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Cybersecurity 2015 - Current
FEBRUARY SEPTEMBER MARCH
Oct 2016: Mirai botnet malware
Hikvision was not affected
Hikvision response:
Remind partners of the
cybersecurity resources
available
Sept 2015: “XcodeGhost” malware in apps,
Hikvision included
Hikvision’s response:
Notifications
Hikvision rewrote the software and
submitted it to Apple for
certification This entire process
took 2.5 days
Feb 2015: Alleged incident: Default username
and password reported to gain
access to DVRs
Hikvision Response:
Issued alert
Hikvision creates Secure
Activation procedure, others
follow suit
OCTOBER
Mar 2017: Privilege Escalation Vulnerability
New firmware
Notifications
Constant communications
Ongoing work with DHS to
address other potential
concerns
The most effective way to solve a security vulnerability is the manufacturer’s quick and active response
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
New Director of Cybersecurity: Chuck Davis, MSIA,
CISSP-ISSAP
Hikvision Security Center
Hikvision Network and Information Security Lab
Hikvision Cybersecurity Hotline
Network Security Hardening Guide (Update coming soon)
Third-Party Certification ISO/IEC 27001 certification
ICSA
Third-Party Penetration Test
Rapid 7
Researching others
Corporate Cybersecurity Defense
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Product safety can only be assured when manufacturers constantly strengthen their internal
product safety construction, which includes security of both the product development and
product development environment.
In order to achieve this goal, Hikvision conducts the following third-party assessments:
Third-Party Evaluation: EY is carried out a group-wide information security evaluation in order to perfect Hikvision’s overall security
regimen
Cisco often works with global customers to help assess and identify opportunities to reinforce the security of
their own business. Hikvision has enlisted Cisco’s help, with the goal of elevating our R&D development
standard to match Cisco’s world-class R&D development standard.
EY from the United Kingdom is carried out an SOC2 evaluation and verification of Hikvision in order to ensure
the security and confidentiality of our cloud products.
The Real Status of Hikvision Security
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Always remember: No one is immune, simply lucky. If someone wants to spend enough time and effort they can find a way to get onto any device that is attached to the Internet.
© 2016 Hikvision USA Inc. All Rights Reserved. Confidential and Proprietary.
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary © 2016 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Remarkable Growth Rate
Why is Hikvision a target?
Set the Record Straight
Cybersecurity – Bigger Picture
Chinese Ownership
History of Vulnerabilities
2014 to Present
Approach to Cybersecurity
Why Hikvision?
01
02
03
04
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Why Choose Hikvision? Partner to Win
Largest A&E team
to drive sales to
Stanley
Two-tiered vertical
specialists to create
demand for Stanley
Local Support
Hikvision NAM and SAE
in the field to help local
Stanley offices with
pre- and post sales
Hikvision Mission = Trusted Partnership between Hikvision and Stanley
Regional sales team
(more than 120)
to support Stanley
nationally
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Social Responsibility Programs
Leukemia & Lymphoma Society –
corporate support and fundraising
Citizen Schools – corporate support,
fundraising and educational efforts
Missing Children’s Network of Canada –
corporate support and fundraising
Jonathan Jaques Children’s Cancer
Center – corporate support and
fundraising
Facts About Hikvision
Corporate Citizenship
Jobs created in
North America 2017 – more than 400
2022 – more than 1K
© 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary © 2017 Hikvision USA Inc. and Hikvision Canada Inc. All Rights Reserved. Confidential and Proprietary
Hikvision USA Inc. 18639 Railroad Street
City of Industry, CA 91748
Tel: +1 909-895-0400
Toll-Free: +1 866-200-6690 (U.S. and Canada)
Fax: +1 909-595-2788
Email: [email protected]
www.hikvision.com
Thank You!