Unless your campus has upgraded your security cameras and associated hardware recently, chances are you aren’t NDAA-compliant.
A troubling uptick of violence and aggression is already putting pressure on school, university, and hospital security teams and campus police to improve their security posture. But not to be overlooked is the fact that their aging video surveillance systems could fast become a liability due to non-compliance with the National Defense Authorization Act (NDAA). The time is now for academic and healthcare facilities to focus on upgrading their video surveillance infrastructure to meet NDAA requirements and standards and better ensure a safe environment for students, patients, staff, and the wider community.
NDAA Fines, Liabilities, Federal Loans, and Funding
U.S. schools, institutions of higher education, and hospitals undoubtedly view video surveillance as a vital part of their security operation, yet many are using aging equipment that is cumbersome and expensive to maintain. This means older cameras and recorders could be leaving them open to significant risks.
When it comes to video security, it’s now critical for campuses to find a solution stakeholders can trust. In order to deliver a high-performance solution while delivering the best value for stakeholders, it’s imperative that security planners find cameras and software that meet security and safety operational needs and requirements.
Campuses that already benefit from or are looking to seek federal funding, grants, and loans need to ensure their video solution is compliant with the John S. McCain National Defense Authorization (NDAA) Act. If not, and they are in receipt of any type of federal funding, they may face legal action, including fines and penalties. In addition, the use of non-compliant equipment could result in legal liability if a surveillance system is found to have contributed to a security breach or other incident. At best, educational institutions and healthcare facilities could be given a tight time frame to rapidly replace non-compliant equipment, which usually involves a complete system upgrade and impacts business continuity as well as learning for students.
What Is the NDAA?
For those not familiar with the need for NDAA compliance, in 2018, the NDAA Act was signed into law. Until recently, the primary function of the NDAA was to authorize which U.S. military programs receive funding appropriated by Congress through the budgeting process. But Section 889 of the FY 2019 NDAA went much further.
What is Section 889 of the FY 2019 NDAA?
The Fiscal Year 2019 National Defense Authorization Act included a prohibition on federal agencies and federal grant recipients from procuring certain Chinese telecommunications and video surveillance equipment. The Section 889 restrictions went into effect on August 13, 2020, for federal grant recipients under a new section to 2 CFR contained in 2 CFR §200.216. The prohibited telecommunications equipment is telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such entities). Additionally, video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities) that is used for the purpose of public safety, security of 16 government facilities, physical security surveillance of critical infrastructure, and other national security purposes is covered equipment under Section 889.
The regulation is far-reaching and encompasses both new contracts and renewing or extending existing ones. It also applies regardless of whether the contractors use the cameras for government contract work. Integrators are non-compliant even if they sell and install unlawful equipment in a local convenience store.
Got Old Equipment? You Probably Don’t Comply
Bottom line: Unless schools and colleges have upgraded their security cameras and other surveillance and associated hardware recently, chances are they aren’t NDAA-compliant.
There are several reasons for this. Some schools, colleges, and healthcare facilities use local installers or systems integrators that aren’t involved in corporate or large-scale federal projects. Instead, many work with business sectors outside of federal jurisdiction and with organizations that don’t receive associated funding. As a result, many integrators didn’t need to be overly concerned by the NDAA. Other integrators may not be aware that NDAA section 889 not only applies strictly to government facilities, but it also applies to any federally funded organization, and that often includes schools, universities and hospitals.
Also adding to the problem is that organizations with well-performing surveillance systems probably haven’t sought to upgrade and may not even be aware of the need to come into compliance. In addition, non-compliant equipment is often hard to spot, as the banned companies supply multiple vendors, and their components are in equipment that does not bear the banned brand names. In essence, the unlawful components or software code could be in all types of cameras and recorders, making it particularly hard for smaller organizations without significant security and IT resources to identify, isolate, and replace the equipment.
Non-Compliance Comes at a Cost
Another compelling reason for schools, universities, and healthcare facilities to check the NDAA compliance of their surveillance systems is because security equipment that is unlawful is now covered by the Secure Equipment Act of 2021. This newer legislation prohibits the Federal Communications Commission (FCC) from reviewing or issuing new equipment authorizations for companies placed on its “Covered List” of organizations whose equipment is considered a threat to national security.
This means if you’re using older cameras and recorders with HiSilicon chipsets or Hikvision and Dahua equipment and it fails, the harder it will be to find replacements or simple fixes, leading to downtime, gaps in security, and a difficult and more expensive maintenance burden.
The presence of insecure surveillance equipment across college campuses potentially impacts multiple stakeholders from chancellors and vice-chancellors to department heads as well as students. The damage from a breach is far-reaching: from lost learning causing frustration to both parents and students paying university fees to bad publicity and a loss of trust that can take educational institutions years to rebuild
Read the full article by Campus Safety Magazine HERE.