Within days, a rule will take effect that bans from U.S. government contracts any companies that “use” video products from Chinese companies Hikvision and Dahua. The Federal Acquisition Regulation (FAR) rule implements the “blacklist” (or “Part B”) provision of the National Defense Authorization Act (NDAA), which is understood in the security industry as prohibiting dealers and integrators that do business with the federal government from selling Chinese-made video products to any of their customers (even for non-government projects).

The rule, which is officially still interim, states: “On or after August 13, 2020, [federal] agencies are prohibited from entering into a contract, or extending or renewing a contract, with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”

Federal rules 

Within days, a rule will take effect that bans U.S. government contracts any companies that “use” video products from Chinese companies Hikvision and DahuaFederal agencies issuing the rule are the Department of Defense (DoD), the General Services Administration (GSA) and the National Aeronautics and Space Administration (NASA). GSA provides centralized procurement for the federal government.

Because the COVID-13 crisis delayed issuance of the rule, the usual 60 days will not be allowed for public comment before the rule is implemented. However, public comments are welcome and will be addressed in subsequent rulemaking.

“Telecommunications equipment” refers to equipment or services provided by Huawei Technology or ZTE Corp, both Chinese telecommunications giants. The rule also specifies that it applies to “certain video surveillance products or telecommunications equipment and services produced or provided by Hytera Communications Corp., Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of those entities).” Hytera is a Chinese manufacturer of radio systems. Hikvision and Dahua are major international manufacturers of video surveillance equipment.

Limits and prohibitions 

The rule states: “This prohibition applies to the use of … equipment or services, regardless of whether that use is in performance of work under a Federal contract.” In the industry, this clause is taken to mean that integrators that “use” any of the covered equipment are prohibited from selling to the government. “Use” presumably covers an integrator deploying the equipment in their own facilities and/or selling it to other customers. The rule also prohibits “service … related to item maintenance,” which in the case of a security integrator would include providing service contracts on previously installed systems.

Security Industry Association (SIA)

The Security Industry Association (SIA) comments: “Due to applicability [of the rule] to uses by entities with federal contracts even unrelated to their federal work, this broad interpretation is expected to have widespread impact on the contracting community across many sectors, as covered video surveillance equipment is some of the most commonly used in the commercial sector in the United States.”

Security integrators that do business with the federal government have largely anticipated the new rule and already switched their Chinese camera lines for NDAA-compliant competitors. However, as SIA points out, extensive common uses of the Chinese equipment in various commercial sectors raises additional concerns.  

Easing compliance burdens

The interim rule adopts a “reasonable inquiry” standard when an offeror (government contractor) represents whether it uses covered equipment. “A reasonable As SIA points out, extensive common uses of the Chinese equipment in various commercial sectors raises additional concerns. inquiry is an inquiry designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity. A reasonable inquiry need not include an internal or third-party audit.” SIA notes that this provision may be aimed at easing the compliance burden by suggesting that contractors only need to inquire based on what information they already possess.

The 'blacklist'

The new rule covers Paragraph (a)(1)(B), which has informally been referred to as the “blacklist” provision of the NDAA, the John S. McCain National Defense Authorization Act for fiscal year 2019. However, the “Chinese ban” provision [Paragraph (a)(1)(A)] already went into effect a year after the law was signed by President Trump (August 13, 2018). “Part A” covers use of Chinese-made products in fulfilling government contracts.

A growing threat

Seeking to justify the new restrictions, the FAR rule states: “Foreign intelligence actors are employing innovative combinations of traditional spying, economic espionage, and supply chain and cyber operations to gain access to critical infrastructure and steal sensitive information and industrial secrets. The exploitation of “Telecommunications equipment” refers to equipment or services provided by Huawei Technology or ZTE Corp, both Chinese telecommunications giantskey supply chains by foreign adversaries represents a complex and growing threat to strategically important U.S. economic sectors and critical infrastructure.”

SIA has urged a delay in implementing the “Part B” provision, stating: “The federal government estimates that it will cost contractors well over $80 billion to fully implement this prohibition on the use of certain Chinese telecommunications and video surveillance equipment, yet endless delays in publishing the rule now mean that federal suppliers have just weeks to understand and comply with the new rule, which raises as many questions as it answers.”

SIA continues: “Federal suppliers across a wide range of industries have increasingly concluded that Part B is unworkable without clarification of the scope and meaning of key terms in the provision, which the rule does not do enough to define. For example, Part B bans agencies from contracting with a provider that “uses” any covered equipment or service. This term is not clearly defined in law or regulation, yet contractors must certify compliance beginning Aug. 13, 2020.”

The Part B rule, which only applies to prime contractors, enables agency heads to grant a one-time waiver on a case-by-case basis, expiring before Aug. 13, 2022.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Larry Anderson Editor, SecurityInformed.com & SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SecurityInformed.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SecurityInformed's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

HID Global Pilot Program Demonstrates Social Distancing and Contact Tracing
HID Global Pilot Program Demonstrates Social Distancing and Contact Tracing

If one employee stands less than six feet away from another employee, a fob attached to a lanyard around his or her neck emits an auditory beep – an immediate reminder to observe social distancing. If an employee were to be diagnosed with COVID-19, a cloud-based database provides a record of who at the company the sick employee had contact with. These capabilities of HID Location Services ensure social distancing and provide contact tracing to enable companies to return to work safely. They have been deployed in a pilot program at HID Global’s Corporate Headquarters in Austin, Texas. Social distancing using a BLE beacon To ensure social distancing, a Bluetooth Low Energy (BLE) beacon is emitted from an employee’s fob (or from a badge that has the same functionality). The beacon communicates peer-to-peer with a beacon emitted by another employee’s fob or badge to alert if the location of the two employees is less than six feet apart. To ensure social distancing, a Bluetooth Low Energy (BLE) beacon is emitted from an employee’s fob For contact tracing, the beacons communicate via a nearby “reader” (a BluFi BLE-to-Wi-Fi gateway) to the Bluzone cloud-based software-as-a-service. The building area covered by each reader constitutes a “zone,” and the system records when two beacons are signaling from the same zone, which indicates contact between employees. In effect, the system records – historically and forensically – who was near whom (and for how long) using the zone-based approach. “In the workplace, we provide organizations with visibility into the location of their workforce,” says Mark Robinton, Vice President, IoT Services Business Unit at HID Global. Pilot program spans variety of environments By documenting where a sick individual moved in the building, the system also can guide any need to close off a certain area for deep cleaning. Instead of quarantining a whole building, a company could quarantine a small subset of employees who were likely exposed. Importantly, the system only reports data, while management makes the actual decisions about how to respond. The site of the pilot program is the 250,000-square-foot HID Global facility in Austin, which includes a variety of environments, including manufacturing areas, an executive suite, cubicles, a training area, a cafeteria, and lobbies. This spectrum of use cases enables the pilot program to evaluate how the system works in various scenarios. The building in Austin has two floors, plenty of natural lighting and emphasises sustainability in its design. HID Location Services ensure social distancing and provide contact tracing Pilot starts small and expands For the pilot program, 80 readers were installed in a wide area in the facility, including a variety of environments. Initially 30 badges and 30 fobs, all BLE-enabled, were issued to employees. If a badge identifies another nearby beacon (suggesting a social distancing failure), it emits a blinking LED light, which can be seen by the offending co-worker. The fobs emit an audible beep, which employees have overwhelmingly said they prefer. Observers overseeing the pilot program have documented employee reaction and comments. It emits a blinking LED light, which can be seen by the offending co-worker There were challenges in setting up the pilot program remotely to ensure fewer employees were on site during the pandemic. The equipment was provisioned in Florida and then shipped to the Austin location. Fine-tuning was required to adjust the signal strength of the BLE beacons. The badges were initially more powerful, but the strength was dialed back to be comparable to the fobs and within the six-foot social distancing range. Signal strength is also a variable in diverse environments – the 2.4 Ghz signal tends to reflect easily off metal, so adjustments in signal strength are needed in a factory setting, for example, versus a collection of cubicles.   “This facility is large enough and diverse enough that it provides great test results and quality data to analyze,” says Dean Young, Physical Security Manager at HID Global. “Our employees are eager to be part of the pilot to demonstrate that we use the technologies we provide to our customers, and they want to help us stay in compliance with social distancing and contact tracing.” Ensuring privacy while protecting employees HID Global’s headquarters had approximately 425 employees before the coronavirus pandemic lowered the number drastically to include only essential workers. As more people return to work, additional fobs and badges are being issued to expand the scope of the pilot program. The program is also incorporating contact tracing of suppliers and others who visit the facility. Except when triggered by contact among employees, locations are not recorded. Each employee’s location is always available in real-time (e.g. in case of an emergency), but they are not “tracked.” Through BluFi placement and geofence capabilities, the system closes off private areas where location should not be monitored, such as a rest room. Geofencing also identifies when employees enter and/or exit the area covered by the pilot program. Although each beacon is associated with an employee, the employee’s identity is not part of the data stored in the cloud, so there are no privacy concerns. Data is completely anonymized, and no personally identifiable information (PII) is stored in Bluzone. Other computer systems in a company, such as a human resources (HR) program, can privately and securely store the identities associated with each beacon.   Other applications for HID location services In addition to social distancing and contact tracing applications, HID Location Services offer other use cases ranging from asset tracking and employee safety/security to location analytics. For example, the system can analyze room usage for better building management and operational efficiency. It can also quickly find people in emergency situations. These use cases ensure continued value for a system even after concerns about social distancing and contact tracing have faded. The system can analyze room usage for better building management and operational efficiency Another big selling point is the ability of a company to be better prepared in case of a future pandemic, or a second wave of this one, says Robinton. The HID Location Services social distancing and contact tracing applications will be available at the end of Q3 and will be rolled out through HID Global’s existing integrator channel. Vertical markets likely to embrace the technology include healthcare, where hospitals need to track patients as they come in and to know which other patients or staff they may have been exposed to. The financial sector is another likely market, as is manufacturing, which is looking to avoid the prospect of shutting down an entire plant. It’s better to address the three or four people who were near a sick employee than to shut down the plant. In the hospitality industry, fobs can be used to signal duress by the housekeeping staff.

Debunking The Myths Of EBT Cameras In A COVID-19 World
Debunking The Myths Of EBT Cameras In A COVID-19 World

The new buzz in the thermal imaging world goes by many names. In a short time, a small niche in the world of IR, which was previously sidelined to make way for more lucrative markets such as security and defence, has taken the top spot in the attention, production and sales for many manufacturers and integrators.  It’s no surprise considering the size of this new market. Suddenly, hotels, cinemas, malls, hospitals, critical services, public transportation, office buildings and more have become consumers of thermal imaging cameras. Along with that, the more traditional markets, such as security, defense and industry are suffering from budget cuts, project cancellations, or postponements. Combine two of these elements, and the new elevated body temperature (EBT) camera market is easily 3-4 times the size of the other markets combined. Thermal imaging cameras and common misconceptions Can thermal cameras detect viruses?  The answer is NO. The best the camera can do is tell you if someone has a higher skin temperature than others. There are many reasons for an elevated body temperature which are not all health-related, such as exercise or even sitting in a warm environment without air-conditioning. Are the cameras accurate? The accuracy debate is a significant and controversial discussion with much misinformation running around. When discussing accuracy, there are two considerations: The first consideration is the accuracy of the camera itself versus a blackbody. Blackbodies are devices which can regulate temperature very accurately (although not all are equal) and have a high emissivity level, which means they are almost not affected by surrounding heat or energy. All thermal cameras are calibrated against blackbodies. Still, some manufacturers have been using them in their EBT solutions to give the camera a consistent temperature reference to which it can adjust. The accuracy of the camera in this discussion talks about the camera itself. How sensitive the detector is, internal reflections, lens aperture, noise level and the calibration process itself. Also, if you read the fine print, most manufacturers quote accuracy levels which are valid only in a controlled or laboratory environment. As in, a room with a steady 25°C and a slow shift in temperature (not more than 1°C per hour). Most field conditions don’t allow this – so this low level of accuracy is challenging to replicate in practice.Blackbodies are devices which can regulate temperature very accurately The other focuses on the fact we are not looking for COVID in black bodies. We are looking for it in humans. And, the substance known as human skin acts very differently. To date, there are no medical models which can predict how skin will behave in different scenarios. We don’t know what the external skin temperature of a man weighing X who was exposed for X minutes to direct or indirect sunlight would be. So, while the black body may be spot on – it has no bearing on the temperature reading of humans.  So, while we can improve the first issue, the second one is more complicated. One way to circumvent it is by using population statistical analysis and looking for the gradient between the healthy population (which does have existing medical models) to the people with a higher temperature which are statistical anomalies for such a camera. Thermal cameras and their suitability  Are all thermal cameras suitable for temperature readings? There is a difference between a thermal camera and a thermometric camera. A thermal camera developed for security and defence are used to detect threats and give situational awareness. We don’t care that two trees with different temperatures will have different colors – we care about the person standing between them. We manipulate the image, so the viewer has a better understanding of what he sees. With thermometric measurement (as in – thermal temperature reading) we do the exact opposite. We want accurate temperatures readings for each pixel in our screen. A thermometric camera will go through a rigorous calibration together with the lens, which often takes longer. We need to offset, in the calibration tables, minute pixel-sized blemishes in the detector and lens. Those blemishes would be invisible in a thermal image – but can skew the temperature reading and produce inaccurate results. We regularly see suppliers who are using regular thermal cameras with blackbodies to auto adjust the temperature reading as described above. But, if you take that same blackbody and move it a meter to one side, you may discover the camera suddenly registers a different temperature – as not all pixels have a uniform calibration. Does it matter where we scan in humans? Yes and no. The inner canthus of the eye (the tear duct) is the most relevant external point with the best correlation to internal temperature. People looking at the inner canthus will manage to avoid a lot of the effects of ambient temperature on the skin. The tradeoff is that the inner canthus is a tiny area, and people would need to remove their glasses. Most of the world’s health organisations consider the difference between a healthy and sick individual to be 1.5° C (or 2.7° F). That change is consistent whether you’re looking at the tear duct, the forehead or a mouth. Thus, the solutions that look at the gradient temperature (population-based solutions) are just as effective when measuring the ambient temperature on the skin of the population tested.  Do people need to stop in front of the camera? Not necessarily. It depends on the speed of the camera and the temperature detection algorithm. Some cameras can detect people walking very quickly as they only need a few frames to detect the temperature. Will the camera work outdoors? Most outdoor cameras will suffer from false alarms and misses. Some cameras have very advanced compensation algorithms for this, but they can’t take into account all the dynamic temperature changes, humidity, sporadic energy readings and the “bane of thermal imaging” - turbulence. Therefore, the conditions can strain even the most advanced algorithm.  Why invest in this technology? The WHO states, that while asymptomatic transmission exists, it’s much less contagious then symptomatic transmission. Some doctors claim that a person with a fever sheds the virus five times more aggressively than a person with no fever.  There are clear regulations for businesses to screen individuals for fever In some countries, there are clear regulations for businesses to screen individuals for fever as they come into the establishment. While you can have a person in the entrance with a contactless thermometer, they must stop people for a 5-second check each time they come in. That would cause long lines in many places with high traffic. And, during testing, standing less than 2 meters from the individual would throw social distancing out the window. If the tester got sick, the next day they would start endangering everyone else they checked. It’s better to screen automatically and only use the IR thermometer in cases where an alert was triggered and needed to be verified. Various forms of technology  We’ve also seen much use of the IR tablets recently. While they are low cost, a person usually needs to stand very close (less than 1 meter) from the monitor to be caught by the camera. Thus, spreading his germs on the glass or plastic cover of the tablet while being screened.  In conclusion – Thermal EBT cameras are important. They aren’t a miracle cure, and they won’t stop the spread of the virus. And one should be careful of false promises. But along with other solutions (most importantly – masks), they can help protect us during these times and allow the wounded global economy to rejuvenate itself.

Beyond Video Analytics, What Are the Benefits of AI and Machine Learning?
Beyond Video Analytics, What Are the Benefits of AI and Machine Learning?

Artificial intelligence (AI) and machine learning have made a big splash in the physical security market, transforming video analytics to a new level of accuracy. In fact, the terms have become common buzzwords throughout the industry. However, the potential for AI and machine learning to impact the physical security industry goes far beyond their ability to improve video analytics. We asked this week’s Expert Panel Roundtable: Beyond better video analytics, how can artificial intelligence (AI) and/or machine learning benefit the physical security market?