With the rollout of three widely available vaccines in the U.S. to combat the effects of Covid-19 during the first quarter of the year, many people were hopeful that 2021 would see a return to business as usual. However, the surge of the delta variant during the summer months put the brakes on any hopes that offices would be filled to capacity or that business travel would return to pre-pandemic levels anytime soon.
In fact, as the virus has continued to fuel labor shortages at manufacturing facilities across the globe, many industries, including security, now find themselves dogged by supply chain issues that likely won’t abate until sometime during the second half of 2022 at the earliest. But even with these challenges, 2021 still proved to be an impactful year for the security industry. From continued consolidation among integrators and vendors to the passage of new regulations on Capitol Hill, there were a bevy of events that took place this year that will likely have wide-reaching implications for the market in the years ahead.
In what has become an annual tradition at SecurityInfoWatch.com (SIW), here is a look back at the 10 most read stories of 2021.
1). Federal lawmakers, regulators take aim at Chinese manufacturers
If you thought the passage of the 2018 National Defense Authorization Act (NDAA) and the issuance of the Federal Acquisition Regulation (FAR) would be the end of the measures taken by the federal government against the likes of Hikvision, Dahua and others, then you would be sorely mistaken. Indeed, both legislators and bureaucrats alike in the Biden administration wasted little time in building on the punitive actions taken during the four years of the Trump White House. These actions, which culminated last month with the president signing the “Secure Equipment Act,” collectively made up the most read and followed story on SIW throughout 2021. Among these articles included:
- Congress passes bill banning new FCC equipment authorizations for Hikvision, Dahua and others
- FCC moves one step closer to banning Hikvision, Dahua products
- Things go from bad to worse for Chinese surveillance giants in U.S.
- Hikvision, Dahua deemed national security threats by FCC
2). ASSA ABLOY acquires Kwikset, Baldwin and more
ASSA ABLOY expanded its portfolio via acquisition yet again in September when it announced that it was purchasing the Hardware and Home Improvement (HHI) division of Spectrum Brands for $4.3 billion. The deal brings residential lock giants Kwikset and Baldwin, along with Weiser, National Hardware, and consumer plumbing fixtures and accessories maker Pfister under the corporate umbrella of ASSA ABLOY. Analysts expect the combination of Kwikset and Baldwin with the company’s existing consumer-focused lines, such as those from Yale and August Home, to create a residential access control juggernaut.
3). Carrier divests Chubb
More than two years after UTC was separated into three, independent companies, Chubb Fire & Security finally found a new corporate home in July when Carrier announced that it was selling the company to APi Group Corporation in a deal valued at $3.1 billion. UK-based Chubb, which makes security and fire products as well as provides installation and monitoring services, will give APi a more global footprint while also effectively doubling the size of their life safety business. For its part, Carrier said the sale would enable it to focus on its core businesses and invest the proceeds with its allocation priorities.
4). The Verkada breach
Much of the industry was taken aback in March when it was reported that cloud-based video surveillance provider Verkada suffered a breach that compromised more than 150,000 cameras deployed around the globe. The hacker behind the breach, Tillie Kottmann, who is a member of the hacker group APT-69420, said that they were able to find legitimate credentials to access the Verkada account online and navigate through live feeds for two days, accessing tens of thousands of cameras. In a statement, Verkada CEO Filip Kaliszan said the attack targeted a Jenkins server used by their support team to perform bulk maintenance operations on customer cameras and that they had retained two firms, Mandiant Solutions and Perkins Coie, to conduct a review of the incident.
5). Todd Pedersen steps down as CEO of Vivint
Another move that came as somewhat of surprise this year to industry observers was Todd Pedersen stepping down as CEO of Vivint after more than 20 years at the helm. The company, which was originally known as APX Alarm, was founded by Pedersen in 1999. The company began as a small, regional installer of security systems but over the years has grown to become one of the nation’s largest providers of smart home security technology. The company was rebranded as Vivint in early 2011 to reflect this mission of becoming a comprehensive home technology services provider and was subsequently acquired in late 2012 by private equity firm Blackstone for more than $2 billion.
6). Cyber vulnerability discovered in Hikvision equipment
As if its problems with lawmakers and regulators were not enough, it was revealed in September that a cyber vulnerability could potentially affect millions of deployed Hikvision cameras and NVRs. The “command injection vulnerability,” which would enable hackers to gain full control of the compromised devices, was discovered by cybersecurity researcher Watchful IP in June and was first reported on Sept. 20th by IPVM. According to a security advisory, the vulnerability received a base score of 9.8 out of 10 per the Common Vulnerability Scoring System (CVSS), which Watchful IP characterized as being “the highest level of critical vulnerability.” In a letter sent to its partners, Hikvision directed integrators to download an updated version of firmware on its website to fix the issue.
7). Supply chain issues mount
Both SIW and our sister publication, Security Business magazine, have reported extensively this year about the issues that the current supply chain bottlenecks are causing throughout the industry. In April, Security Business Editor-in-Chief Paul Rothman first looked at how the global semiconductor shortage could eventually bleed over into security market. That was followed up in October with an article highlighting how manufacturers and distributors have started to feel the crunch presented by these shortages as well as a story looking at these challenges from the integrator’s perspective.
8). Motorola files ITC complaint against Verkada
Just months after its widescale breach grabbed national headlines, Verkada found itself in the news again as Motorola Solutions filed a complaint with the U.S. International Trade Commission (USITC) against the company seeking to bar the importation and sale of products that allegedly infringe upon patents held by its subsidiary Avigilon. Specifically, Motorola says that Verkada’s Dome Series, Mini Series, Bullet Series, Fisheye Series, and D-Series cameras, along with their related software products infringe upon three of Avigilon’s patents. A spokesperson for Verkada told SIW that the company contests the claims laid out in the complaint and that they plan to "vigorously defend" themselves against the allegations.
9). Oldsmar water plant cyber-attack
Aside from numerous business maneuvers made by industry firms this year, perhaps the most influential trend to take place this year from a security end-user perspective were the notable cyber-attacks that took place at organizations in both the public and private sectors. The ransomware attack carried out against Colonial Pipeline, for example, had a devastating impact on the delivery of gasoline throughout a significant portion of the Eastern Seaboard. But while that incident was primarily seen as a minor inconvenience to commuters in several states, the attack that occurred in early February at a water treatment facility in Oldsmar, Fla., demonstrated how cyber incidents can have deadly consequences as a hacker gained access to the utility’s computer system and attempted to raise the level of sodium hydroxide, more commonly known as lye, in the city’s water supply to potentially lethal levels. Fortunately, an employee was monitoring the computer and noticed the activity of the hacker before the attack could be carried out.
10). Teledyne acquires FLIR
In yet another M&A move with significant ramifications for the industry, Teledyne, a maker of digital imaging products and software, as well as engineered systems, instrumentation, and aerospace and defense electronics, announced in January that it had acquired FLIR Systems in a cash and stock transaction valued at approximately $8 billion. The deal, which saw FLIR integrated into Teledyne’s Digital Imaging business segment and rebranded as “Teledyne FLIR,” was finalized in May.
Joel Griffin is the Editor-in-Chief of SecurityInfoWatch.com and a veteran security journalist. You can reach him at [email protected].