Download PDF version Contact company

As the media often reports, the world of cybersecurity can be seen like the ‘Wild West’. There’s now a wide range of Internet of Things (IoT) devices connected to the web, making this a hot topic. Among these devices are security cameras. IoT devices are computers that use software that makes them vulnerable. As the famous cybersecurity evangelist Mikko Hypponen says, "If a device is smart, it's vulnerable!"

Hypponen is right. On a daily basis, new vulnerabilities are found in software, regardless of the manufacturer. In 2019, more than 12,000 vulnerabilities worldwide were made public and reported as a CVE (Common Vulnerability and Exposure) in the National Vulnerability Database (NVD). Unfortunately, vulnerabilities are a given. What really matters is how a company deals with and resolves vulnerabilities.

Cybersecurity vulnerabilities

Awareness of cybersecurity vulnerabilities is vitally important to protect one, one’s business and the Internet

Awareness of cybersecurity vulnerabilities is vitally important to protect one, one’s business and the Internet, but it’s also important to understand that a vulnerability is not synonymous with “backdoor”, and is not necessarily indicative of “cheap quality.”

But there are companies out there that are embedding safeguards into their development processes to reduce the risks. One could see them as ‘Sheriffs’, taking steps to make this Wild West a little safer. 

Hikvision ‘Secure-by-Design’

Manufacturers of IoT devices can significantly reduce these vulnerabilities during the production of devices

Security cameras, like all other IoT devices, are vulnerable to cyberattacks. Fortunately, manufacturers of IoT devices can significantly reduce these vulnerabilities during the production of devices, using a process called ‘Secure-by-Design’.

Implementation of Secure-by-Design requires a commitment on the part of the manufacturer’s management team and a serious investment in resources and technology, which can result in a longer production process and a higher cost of the IoT device. Cost is often the reason why some IoT device manufacturers do not use Secure-by-Design (and are indeed cheaper).

Hikvision is a producer of IoT devices that takes security and privacy very seriously and has implemented Secure-by-Design in its production process. Management supports this process and has even set up a dedicated internal cybersecurity structure charged with product cybersecurity. This group is also the central point of contact for all other cybersecurity matters.

Product testing

Hikvision Security Development Life Cycle (HSDLC) is an essential part of Hikvision's cybersecurity program

The Hikvision Security Development Life Cycle (HSDLC) is an essential part of Hikvision's cybersecurity program. Cybersecurity checks take place at every stage of product development — from concept to delivery. For example, product testing takes place during the verification phase, the company also regularly invites well-known security companies and public testing platforms to conduct penetrating testing.

There is no guarantee if Hikvision products are immune to hacking, but the HSDLC is a testament to a manufacturer that makes every effort to produce products that are as cyber secure as possible.

In addition to the Secure-by-Design process, Hikvision opened a Source Code Transparency Center (SCTC) lab in California in 2018, being a lab to open such a center. At this center, U.S., the Canadian government and law enforcement agencies can view and evaluate the source code of Hikvision IoT devices (IP cameras and network video recorders).

Hikvision firmware

Hikvision has a Vulnerability Management Program in place when a vulnerability is discovered

It’s important to emphasize that no product is 100 percent secure. Hikvision has a Vulnerability Management Program in place when a vulnerability is discovered in a product. To date, vulnerabilities that have been reported to Hikvision and/or made publicly known, have been patched in the latest Hikvision firmware, and are readily available on the Hikvision website.

In addition, Hikvision is a CVE CNA, and has committed to continuing to work with third-party white-hat hackers and security researchers, to find, patch and publicly release updates to products in a timely manner. These vulnerabilities are collected in the National Vulnerability Database (NVD) and are public.

Hikvision recommends that customers who are interested in purchasing security cameras inquire about a manufacturer’s cybersecurity practices and if they have an established Vulnerability Management Program. 

Cybersecurity questions to consider

The cybersecurity of IoT devices is a topic that needs to be addressed in a serious way and it should play an essential role in the product development process, beginning at the concept phase of an IoT product. This requires time, investment and knowledge.

Consider the following questions:

  1. Trust on the manufacturer of a low-cost security camera
  2. Manufacturer with a dedicated cybersecurity organization
  3. Manufacturer on handling the vulnerabilities

These are the questions that everyone should ask themselves when making a purchase, be it a camera or any other IoT product.

Cybersecurity practices

There is no absolute 100% guarantee of security, but Hikvision has practices to ensure the cybersecurity for its cameras. Cooperation, with its customers, installers, distributors and partners, and full transparency are key elements to successfully secure IoT devices.

When one reads cybersecurity news, one is invited to look beyond the headlines, and really get to know the companies that produce the IoT devices. Before one buys a security camera or any IoT device, it is advisable to check out the manufacturer’s cybersecurity practices, look for a company with a robust vulnerability management program, a company that aligns itself with Secure-by-Design and Privacy-by-Design and a company that employs cybersecurity professionals who are ready and eager to answer one’s questions.

One may remember that there are Sheriffs out there, as well as bandits.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Hikvision USA Inc. news

Amid Interesting Times, Hikvision’s Outlook Remains Upbeat In The USA

Despite any negativity you may hear, Hikvision is optimistic about their role in the U.S. market. “We demonstrate that we can be trusted, and that we should be trusted,” says Jeffrey He, Vice President, Hikvision, and President, Hikvision USA and Hikvision Canada. “We have sound products and technology. Our mission in the security industry is to protect, not to harm. Otherwise why would we be in this industry?” Hikvision is committed to investing in the North American m...

Hikvision's Cameras Employed To Prevent Waste Fires

Waste fires – in other words, fires that occur in waste or recycling plants - is a very serious global issue. Countries all over the world are suffering from more than one fire per day in the waste and recycling industry. This causes a risk of injury to employees, damage to sites and machinery, and damage to reputation. And that’s even before one considers the potential environmental impact. There’s more irony here too – one of the biggest risks for fire in a waste facil...

Hikvision Announces Special Promotion On Next Generation AcuSense Cameras

Hikvision, a manufacturer and supplier of security products and solutions is launching a special, limited-time promotion on the company’s next generation of intelligent AcuSense PCI series cameras. Employing advanced deep learning algorithms, AcuSense cameras can accurately distinguish people and vehicles from other moving targets such as animals and shadows in real-time, vastly improving detection accuracy while reducing costly false alarms. Improve safety and security “Our next...

Hikvision USA Inc. case studies

Hikvision Provides IP Security Surveillance System For Battleship North Carolina In Wilmington

Hikvision USA Inc., a provider of artificial intelligence, machine learning, robotics and other emerging technologies, and the supplier of video surveillance products and solutions, provided a new, high-resolution IP security system installed by Hikvision integrator ADT/Protection 1, to upgrade security for the Battleship North Carolina, a national historic landmark in Wilmington, N.C. A stationary nine-level ship and museum, the Battleship North Carolina is a memorial honoring the 11,000 North...

Hikvision’s Off-Grid Video Surveillance System Secures Ontario Car Dealership

A security system provided by Hikvision USA Inc., global provider of artificial intelligence, machine learning, robotics and other emerging technologies, and supplier of video surveillance products and solutions, was installed by Hikvision integrator OGSP (Off Grid Surveillance Platforms) to secure a building during the remodeling process for Ajax Hyundai in Ontario, Canada. Hikvision Video Security Solution Ajax Hyundai in Ontario, part of the Drive Auto Group in Canada, had plans to renovat...

Hikvision Collaborates With TAS Electronics To Install Video Surveillance System For UPD’s Armored Truck

Hikvision USA Inc., a global provider of artificial intelligence, machine learning, robotics and other emerging technologies, along with video surveillance products and solutions, worked with Hikvision integrator TAS Electronics in New York to furnish a full-scale surveillance system for 'The Armadillo', a repurposed armored truck the Utica Police Department (UPD) uses to deter crime in the community. “When the decision was made to upgrade the Armadillo, the immediate concern was the came...