“The Return of the Dragon”. This is the title of a new episode of Report on Rai 3 on the “made in China” cameras installed in Italy.
China is a “danger to our economies,” said Thomas Smitham , a business assignment at the US embassy in Rome, interviewed by the Messenger. But there are also security aspects. Just think of technologies such as 5G and, in fact, cameras.
In May, the broadcast had revealed, with a report entitled “The eye of the dragon”, anomalies on the security cameras of Hikvision in the RAI video surveillance system. After the scoop, the broadcast had received numerous reports including a disturbing one: a similar anomaly also hit Fiumicino airport, the largest in Italy.
Who controls the electronic eyes that watch over us every day
And what will happen to the Consip tender of 65 million euros awarded in October that could open the doors of Italian government buildings to tens of thousands of devices that are banned in other countries
These are the questions to the basis of the new Report service.
The investigation starts from an email dated 1 April 2015 addressed to Sigma spa, the company that had the contract for the installation of the cameras that controlled all the escalators in Fiumicino. Each of the 140 Hikvision cameras present in the Roman airport sent four requests to open an external connection: 11,000 per camera per hour, over a million and a half in total.
“Giving sensitive information about a strategic place in our country” “because after all 45 million people stop here every year,” or it was an attempted cyber attack to use the cameras as an airport Trojan horse and crash the whole system putting at risk also the safety of flights ”, these are the hypotheses according to the Report’s host, Sigfrido Ranucci .
In Italy Hikvision is the market leader, with cameras placed in strategic places for national security: airports but buildings of political institutions, courts, law enforcement agencies. Hikvision Italia is owned by a European holding, in turn held by the Chinese parent company. The administrators of the Italian Srl are Chinese citizens. Control of Hikvision is in the hands of Cetc, a Chinese state company with ties to the People’s Liberation Army. The administrator and Chen Zong Nian , an MP from the Chinese Communist Party.
“So our sensitive data arrives on a server registered in the United States and ends up in China, in the region where Hikvision is based. It was about a year ago, we notified our security Rai which immediately remedied it. But it was not an isolated case ”, explained Ranucci, summarizing the story. “This type of activity is planned, organized and implemented within a specific organization of the company” in China, Enrico Borghi
explained to Report., head of security of the Democratic Party and member of Copasir, who in recent weeks presented a parliamentary question to find out if Palazzo Chigi considers the Chinese company’s activities to be “fully compatible with the necessary national security standards”. “We have verified that these cameras had a data transfer mechanism that does not correspond to the standards and needs that must be guaranteed in our country,” she added.
A few months ago, on Formiche.net, we highlighted three risks of relying on these Chinese technologies: strengthening companies accused of human rights violations by giving them money and legitimacy; jeopardize data security in light of allegations by various Western intelligence agencies; to favor the rise of Beijing, determined to dictate global standards even in the tech arena.
After the findings of Report, Consip, the purchasing center of the Public Administration, in anticipation of entrusting a mega tender with 65 million cameras to be placed in the municipalities, asked Dis, that is to our security services, how to act in front of the cameras. “made in China”. The problem is clear: due to Chinese laws, Beijing can force Chinese companies to share data. Roberto Baldoni, former deputy director of Dis and today head of the National Cybersecurity Agency, explained to Report that while the United States creates “banned lists”, that is black lists, in sensitive sectors, that is, “in Europe it does not exist”: yes on the other hand, it works in a “context of certification” of technologies which falls within the task of the newly created Agency. The Report service confirms what Professor Maurizio Mensi
wrote on these pages: for the subjects included in the national cyber security perimeter, the laws “outline a precise and articulated protection system, to guarantee the security of contracts. The problem arises instead for the tender procedures relating to ICT supplies, services or goods initiated by subjects that do not fall within the perimeter “. For this reason, the expert argued the need to “establish a pre-qualification system that allows the creation of a White List of operators in possession of adequate safety and reliability requirements who can subsequently participate in tenders”.
