Securing Critical Infrastructure: Addressing Espionage Threats from Chinese Surveillance Cameras

The Department of Homeland Security (DHS) recently issued a bulletin warning that Chinese-made internet-connected video surveillance cameras pose a serious espionage and sabotage threat to U.S. critical infrastructure. These cameras, often found in sectors like energy and chemicals, frequently lack robust security (such as data encryption) and, by default, communicate with servers run by their manufacturers in China. The DHS assessment – echoed by cybersecurity experts – is that China’s Ministry of State Security (MSS) could exploit such devices to conduct espionage or even disrupt industrial systems on American soil. U.S. authorities have responded with regulations banning or restricting Chinese-made cameras in federal networks. Still, many devices remain in use, including under third-party brands that obscure their Chinese origin.

This report reviews the identified camera brands and models of concern, outlines relevant U.S. government policies addressing the threat, and provides an overview of Armis Centrix™, the Armis Cyber Exposure Management Platform and its capabilities in monitoring, detecting, and mitigating risks from these cameras. We then detail mitigation strategies for organizations, starting with basic protective measures (like not exposing cameras directly to the internet), and outline how Armis can be leveraged to continuously monitor and secure these devices. In summary, Chinese-manufactured cameras present a clear cybersecurity risk, but with a combination of prudent network controls and advanced asset intelligence from Armis, the threat can be significantly reduced.

Download to continue reading