Women look at security cameras
Matthew Henry on Unsplash

Developing and maintaining smart video security systems has become a staple of business security for organizations across all industries. With the advent of modern technology, teams are able to detect, monitor, and respond to potential security threats instantly and accurately. However, some security products pose more of a risk to businesses than leaders may think.

In recent years, the US government has issued guidance regarding security technologies developed by certain manufacturers. In particular, those with links to foreign governments that may pose a risk to national security. As surveillance and telecommunications devices become more advanced, featuring increasingly sophisticated native computing capabilities, fears of cyber-attacks leading to widespread data breaches have become more apparent.

To mitigate these threats, legislation is passed annually to assist federal agencies and US businesses in identifying and avoiding the purchase of compromised security equipment. Informed by the release of the Fiscal Year 2024 National Defense Authorization Act (NDAA), below is a guide to selecting and implementing safe and compliant security camera systems.

What are the NDAA and FCC?

The NDAA is an annually updated bipartisan agreement that authorizes funding levels and sets out security priorities for the US military and other federal agencies. NDAA legislation accounts for current geopolitical events and technological advancements to offer guidance regarding safe security installations, typically by prohibiting the use of specific technologies.

The Federal Communications Commission (FCC), an agency that regulates communications of all varieties across the US, is required to adopt all rules laid out in the NDAA. This acts as a basis for evaluating the safety of all security and communications equipment leveraged by federal agencies, as well as those operated by businesses working alongside federal bodies.

As has been the case for the past several years, 2024's updated NDAA legislation prohibits the use of federal funds to purchase telecommunications and security equipment produced by certain Chinese manufacturers for the risk of these tools being exploited by malicious actors.

Security cameras as a threat vector

As security equipment has become more advanced, previously siloed or contained devices have become more interconnected. With security cameras now able to process, analyze, and communicate sensitive information between themselves and wider security systems, the risk of such tools acting as an exploitable avenue for wider cyber-attacks has grown significantly.

Networked security cameras, as well as those integrated alongside Internet of Things (IoT) installations, may now be viewed as a potential weak point for hackers to gain access to traditionally well-secured computer systems. Considering as many as 86% of industrial organizations across the US are believed to have adopted IoT solutions in recent years, the threats posed by unsecured or intentionally exploitable security devices continue to increase.

Certain Chinese manufacturers have been highlighted in the NDAA for their connections to Communist Chinese military companies, with the US government viewing these links as a potential threat to national security. In addition, the relatively cheap price points of devices sold by these companies have been viewed as a sign that such tools may be poorly secured.

Developing compliant surveillance systems

For US businesses to develop safe and compliant surveillance systems, leaders must know which manufacturers to avoid and which have been deemed safe by the US government. As outlined in the Fiscal Year 2024 NDAA, technologies and equipment produced by the following manufacturers must be avoided and will not be considered compliant with US law.

  • Huawei Technologies Company
  • ZTE Corporation
  • Dahua Technology Company
  • Hangzhou Hikvision Digital Technology Company
  • Hytera Communications Corporation

As well as highlighting manufacturers that must be avoided, NDAA guidelines can be used to identify security technology companies known to produce safe and compliant surveillance products. NDAA-compliant security cameras are officially recognized to contain no hardware or software components associated with prohibited manufacturers. Compliant brands include:

  • Avigilon
  • Pelco
  • Axis Communications
  • Bosch
  • Hanwha Techwin America
  • ACTi Corporation
  • Digital Watchdog

    FY24 NDAA updates and considerations

    The above manufacturers are known to produce security and surveillance equipment that is aligned with NDAA guidelines. When selecting technologies produced by compliant manufacturers, it's important to understand why certain products are deemed safe and the benefits in terms of physical and cybersecurity that the deployment of NDAA-compliant solutions guarantees.

    Among the provisions laid out in the FY24 NDAA, a noticeable focus has been placed on the emergence of generative AI technologies. Agencies are asked to analyze "vulnerabilities to the privacy, security, accuracy, and capacity of AI-enabled military applications, as well as research and development needs for such applications." In addition, federal agencies and associated businesses must develop and implement processes to "assess the ethical and responsible use of artificial intelligence," further outlining the safe use of such technologies.

    Considering the growing importance and popularity of AI-informed smart security technologies designed to enhance threat detection and response capabilities, selecting NDAA-compliant hardware and software solutions continues to be of utmost importance.

    Prioritizing compliant security cameras produced by one of the above mentioned manufacturers ensures businesses of all sizes can continue to benefit from technological advancements without introducing new threat vectors into existing security infrastructure.

    Summary

    The development and implementation of smart security technologies designed to optimize, automate, and enhance incident responses continue to be a top priority for US businesses. For federal agencies and organizations that work alongside these institutions, developing safe and appropriately secured installations is considered essential to US national security.

    The NDAA outlines requirements for the development of safe security installations, helping both federal agencies and general US businesses select suitable security equipment. As outlined in the NDAA, surveillance and telecommunications equipment produced by certain manufacturers must be avoided to mitigate threats of security systems being compromised.

    Businesses are advised to consult professional security integration experts to review existing technologies and ensure all active systems remain compliant with NDAA guidance. Provided security installations have been developed using compliant technologies and are free from affected hardware and software components, so safe and effective installations can be created.