Virtually all businesses implement some type of video surveillance on their property for security purposes. But in 2018, the John S. McCain National Defense Authorization Act (also called the NDAA) passed which prohibits the use of certain surveillance systems and equipment. This act extended to private institutions and set guidelines for NDAA compliance for business purposes.
This set of laws also authorized the US military’s ability to combat cyberattacks and protect the country’s cyber security. The number of data breaches and exposed private digital records in the US has consistently exceeded 1 billion since 2015; however, there has been a significant drop since the NDAA compliance act was passed in 2019.
Now, you may be wondering what the NDAA compliance requirement has to do with your business’s use of video surveillance equipment. Video security systems are designed to protect physical assets, such as equipment and inventory.
Here’s what business owners who have commercial video surveillance systems on-site need to know:
1. Why was NDAA Compliance Created?
What is NDAA compliance and why was it created in the first place? Essentially the purpose of this act was to provide the US Department of Defense (DOD) with more power and resources for cybersecurity policy. This also prohibited the importation and sales of certain brands of surveillance equipment for federal agencies.
The reasoning behind this compliance and set of laws was due to specific surveillance companies which are known to store and share data with the People’s Republic of China. For instance, the brand Huawei manufactures many video surveillance cameras is legally obligated to turn over any data to the Chinese government if asked.
Now NDAA compliance currently only extends to government use of these brands – meaning that government-owned buildings can only utilize NDAA compliant security equipment. This does not apply to private institutions and businesses unless they receive government funding. However, NDAA compliance for business use is something to consider if you have commercial security systems in place.
2. Can the Government Enforce NDAA Compliance for Business Use?
As of the time of this writing, there are currently no laws that have been passed to extend to private companies. However, business owners should be aware of the benefit that NDAA compliance offers to them.
The cybersecurity of your surveillance devices should be of utmost concern. Say for instance that you use video verification in your security systems for access control. These recordings may use facial recognition technology and keep recorded images stored. If this data were to be hacked or shared, it could be used for nefarious purposes.
This has happened in the past to companies who were using software from tech companies based out of China. For example, the FBI detected potential malware from a tax software program utilized by the Chinese government. Some American companies may use this program if they conduct business in China, therefore leaving them vulnerable to a cyber-attack.
NDAA compliance has placed a ban on several video surveillance manufacturers, specifically Dahua, Hikvision, and Huawei. There are still many NDAA compliant manufacturers which may be used on federal property, including:
- Avigilon
- Axis Communications
- BCD International
- Commend
- FLIR
- iryx
- Mobotix
- Seek Thermal
- Solink
- WatchGuard
- 360 Vision Technology
3. Should You Purchase NDAA Compliant Security Systems for Your Business?
Although NDAA compliance is only required for federal government entities, it is something that business owners should keep in mind. NDAA compliant systems offer benefits for businesses in terms of added security and privacy.
Unfortunately, not all video surveillance systems are completely secure. In March of 2021, hackers were able to breach over 150,000 cameras in Tesla manufacturing plants. If this were to happen to your business, it could not only exploit private information but also damage your company’s reputation.
Purchasing secure video surveillance systems is imperative for any company. Although NDAA compliance does not guarantee that a system is completely immune from cyberattacks, it does ensure that it meets US government standards.
You can check if your video surveillance system is NDAA complaint by researching the original equipment manufacturer (OEM) and checking if they are banned under the NDAA. Your video surveillance provider should also be able to disclose if their system’s manufacturer is NDAA compliant.
Looking for NDAA Compliant Security Tools?
Protecting your physical and digital assets is more important than ever before. Ultimately, you should only be purchasing video security equipment from a provider and manufacturer that is trustworthy – such as one that meets NDAA compliance standards.
2Krew is proud to offer top-of-the-line video surveillance and security equipment from brands that meet NDAA compliance, such as Avigilon and Axis Communications. We also place data security at the forefront by ensuring that all systems are encrypted and secure so your data is only accessible by authorized personnel.
If you have any questions, please contact 2Krew to learn more.
