Download PDF version Contact company

In the AIoT era, the world is getting smarter. Everything is going to have an online “ID” and then connected into a vast net of IoT devices, like a laptop computer, a cellphone phone, a connected thermostat, or a network security camera.

Cybersecurity in the AIoT era

According to a Markets and Markets report, IoT is extensively used by smart cars to smart manufacturing and connected homes and building automation solutions. However, currently, there are no unified global technical standards for IoT, especially in terms of communications. This results in inefficient data management and reduced interoperability mechanism and ultimately may cause reduced security in the IoT network.

The global Internet of Things (IoT) security market size is expected to grow from USD 12.5 billion in 2020 to USD 36.6 billion by 2025, at a Compound Annual Growth Rate (CAGR) of 23.9%.

Importance of cybersecurity

Various vertical industries store unprecedented amounts of data on devices like IP cameras and NVRs

Dahua Technology, a video-centric smart IoT solution and service provider, believes cybersecurity is of vital strategic importance in the age of AIoT.

In various vertical industries, such as traffic, banking & finance, hospital, and critical infrastructure, organizations collect, process, and store unprecedented amounts of data on devices like IP cameras and NVRs. A significant portion of that data can be sensitive or private information, which can be prone to cyber-attacks and the situation, is getting worse because there are more devices than people.

As a security solution provider, Dahua Technology continuously invests in cybersecurity and actively copes with network security issues.

Continuous investment & active coping

Committed to becoming a leader in cybersecurity and privacy protection in the global security industry, Dahua Technology has been developing and exploiting cybersecurity for nearly 10 years. The company keeps investing about 10% of its annual sales revenue in R&D every year, including cybersecurity.

In addition, the company put together a professional team of nearly 100 personnel to focus on cybersecurity issues. With rich experience and sufficient resources, Dahua Technology promises to be positive, open, cooperative, and responsible when it comes to cybersecurity.

Dahua Technology cybersecurity approach

1. Organizational structure

In order to achieve better efficiency and effectiveness, Dahua Technology operates a comprehensive system to cope with all cybersecurity-related issues. The system, led by the cybersecurity committee, also contains a cybersecurity & data protection compliance group, cybersecurity institute, and product security incident response team (PSIRT).

The cybersecurity committee, above all departments or teams, can call resources from the whole company, from the R&D center to the legal department, supply chain, overseas business department, etc. when necessary. Cybersecurity Institute is in charge of building the sSDLC process and implementing the process to all Dahua product series, making sure that all Dahua products are strong against cyberattacks.

2. Security development lifecycle

Dahua adopts a bunch of professional sSDLC (Security Development Lifecycle) security software to improve product security

Dahua Technology adopts a bunch of professional sSDLC (Security Development Lifecycle) security software to improve product security. During the security design phase, STRIDE + Attack Tree + PIA is adapted to improve threat modeling. During the security realisation phase, OWASP top 10 and over 150 CWEs are used to achieve static code analysis.

During the security test phase, over 20 tools within 7 fields are applied to realize the multiple security testing. CompTIA PenTest+/Security+ are used to carry out professional penetration testing, while compliance ISO 30111&290147 and MITRE org CAN are followed during vulnerability management after the products are sold.

3. Emergency response system

Cooperation with professionals from across the globe is a great way to improve vulnerability detection. Therefore, Dahua Cybersecurity Center (DHCC) is established to solve cybersecurity issues with security vulnerability reporting, announcement/notice, and cybersecurity knowledge sharing with our global customer base in order to provide them with more robust and secure products/solutions.

Product Security Incident Response Team (PSIRT) is an integral part of DHCC. Composed of professionals ranging from marketing, supply chain, service, and legal representatives, PSIRT is responsible for receiving, processing, and disclosing Dahua product and solution-related security vulnerabilities.

Team members are on duty 7 days a week and guarantee to respond to an emergency within 48 hours. End-user, partner, supplier, government agency, industry association, and independent researchers are encouraged to report potential risk or vulnerability to PSIRT by email.

4. Personal data & privacy protection

Dahua Technology also attaches great importance to personal data & privacy protection. Complying with applicable laws and regulations such as EU’s General Data Protection Regulation, EDPB’s Guidelines on the concepts of controller and processor in the GDPR, ETSI EN 303645’s Cyber Security for Consumer Internet of Things: Baseline Requirements as well as US’s California Consumer Privacy Act, the company established the Personal Data & Privacy Protection Standard.

The standard stipulates that privacy protection methods such as de-identification, data encryption, and systematic access control, privacy-friendly setting are fully adapted to the complete data life cycle all the way from the collection, transmitting, storage to sharing, copying, and deleting.

In addition, working with world-renowned third-party institutions, Dahua Technology has received Protected Privacy IoT Product Certification and ETSI Certification from TÜV Rheinland, as well as ISO 27018 Certification and ISO 27701 Certification from BSI, which help demonstrating its capability in managing personal information and compliance with privacy regulations around the world.

5. Continuously iterating security baseline

The security baseline built a security element layout of "AAA+CIA+P", a systematic protection framework

Centered on the core principles of Security by Design and Security by Default, the Dahua security baseline initiative taps into product safety technology to provide users with adequate safety guarantees.

Based on and practicing the security and privacy design principles, the security baseline builds a security element layout of "AAA+CIA+P", forming a systematic protection framework covering physical security, system security, application security, data security, network security, and privacy protection.

7 versions of baseline and 100+ principles have been developed to adapt Authentication, Authorization, Audit, Confidentiality, Integrity, Availability, and Privacy protection deeply into the product quality assurance system, making sure that all Dahua products enjoy the factory default security.

6. Product security center

In order to help users clearly understand the security status and capabilities of the device, the product security center will assist users to conveniently and quickly set up the right security configuration to suit the scenarios.

General security capabilities include privacy protection (face occlusion, information hiding, etc.), video encryption, security alarm, trusted protection, CA certification management, key management service, attack defense, and so on.

7. Cybersecurity ecosystem

Adhering to openness and cooperation, Dahua Technology keeps cooperating with international authoritative security institutions to jointly build a secure ecosystem. By rich & in-depth communicating and cooperation with institutions like TÜV Rheinland, BSI, DNV·GL, Intertek EWA-Canada, and bright sight security lab, the company stays advanced its security capabilities and systems.

In a widely networked world of IoT, cybersecurity challenges are pretty much a universal sore spot for companies globally. Dahua Technology, in the business of keeping people safe, takes cybersecurity seriously from head to toe.

With a mindset that emphasizes cybersecurity and all the resources that it can allocate to establish, carry out and strengthen the cybersecurity approach, Dahua Technology plans to stay positive, open, responsible and improving for the matter of cybersecurity.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

What New Technologies And Trends Will Shape Video Analytics?
What New Technologies And Trends Will Shape Video Analytics?

The topic of video analytics has been talked and written about for decades, and yet is still one of the cutting-edge themes in the physical security industry. Some say yesterday’s analytics systems tended to overpromise and underdeliver, and there are still some skeptics. However, newer technologies such as artificial intelligence (AI) are reinvigorating the sector and enabling it to finally live up to its promise. We asked this week’s Expert Panel Roundtable: What new technologies and trends will shape video analytics in 2021?

Tackling The Challenge Of The Growing Cybersecurity Gap
Tackling The Challenge Of The Growing Cybersecurity Gap

The SolarWinds cyberattack of 2020 was cited by security experts as “one of the potentially largest penetrations of Western governments” since the Cold War. This attack put cybersecurity front and center on people’s minds again. Hacking communication protocol The attack targeted the US government and reportedly compromised the treasury and commerce departments and Homeland Security. What’s interesting about the SolarWinds attack is that it was caused by the exploitation of a hacker who injected a backdoor communications protocol.  This means that months ahead of the attack, hackers broke into SolarWinds systems and added malicious code into the company’s software development system. Later on, updates being pushed out included the malicious code, creating a backdoor communication for the hackers to use. Once a body is hacked, access can be gained to many. An explosion of network devices What has made the threat of cyberattacks much more prominent these days has been IT's growth in the last 20 years, notably cheaper and cheaper IoT devices. This has led to an explosion of network devices. IT spending has never really matched the pace of hardware and software growth Compounding this issue is that IT spending has never really matched the pace of hardware and software growth. Inevitably, leading to vulnerabilities, limited IT resources, and an increase in IoT devices get more attention from would-be hackers. Bridging the cybersecurity gap In the author’s view, this is the main reason why the cybersecurity gap is growing. This is because it inevitably boils down to counter-strike versus counter-strike. IT teams plug holes, and hackers find new ones, that is never going to stop. The companies must continue fighting cyber threats by developing new ways of protecting through in-house testing, security best practice sources, and both market and customer leads. End-user awareness One of the key battlegrounds here is the education of end-users. This is an area where the battle is being won at present, in the author’s opinion. End-users awareness of cybersecurity is increasing. It is crucial to educate end-users on what IoT devices are available, how they are configured, how to enable it effectively, and critically, how to use it correctly and safely. Physical security network A valuable product that tackles cybersecurity is, of course, Razberi Monitor™, which is new to ComNet’s portfolio. Monitor™ is a software platform that provides a top-down view of the physical security network and ecosystem. Monitor™ is a software platform that provides a top-down view of the physical security network and ecosystem It monitors and manages all the system components for cybersecurity and system health, providing secure visibility into the availability, performance, and cyber posture of servers, storage, cameras, and networked security devices. Proactive maintenance By intelligently utilizing system properties and sensor data, Razberi’s award-winning cybersecurity software prevents problems while providing a centralized location for asset and alert management. Monitor™ enables proactive maintenance by offering problem resolutions before they become more significant problems. Identifying issues before they fail and become an outage is key to system availability and, moreover, is a considerable cost saving.

Will Airport Security’s Pandemic Measures Lead To Permanent Changes?
Will Airport Security’s Pandemic Measures Lead To Permanent Changes?

Travel volumes at airports have been increasing of late, although still below the 2.5 million or so passengers the Transportation Security Administration (TSA) screened every day, on average, before the pandemic. As passengers return, they will notice the airport security experience has changed during the pandemic – and many of the changes are likely to continue even longer. Need for touchless technology The lowest U.S. air travel volume in history was recorded last April, with approximately 87,500 passengers. As passenger traffic plummeted, the aviation community sought to explore the potential of new technologies to make security checkpoints more contactless and flexible when the traffic numbers return. The pandemic has seen an increase in touchless technology deployed in the screening area. Used for cabin baggage screening, Computed Tomography (CT) produces high-quality, 3-D images to enable a more thorough analysis of a bag’s contents. Imaging Technology Millimeter-wave body scanners began replacing metal detectors globally as a primary screening method Enhanced Advanced Imaging Technology (eAIT), which uses non-ionizing radio-frequency energy in the millimeter spectrum, safely screens passengers without physical contact for threats such as weapons and explosives, which may be hidden under a passenger’s clothing. Millimeter-wave body scanners began replacing metal detectors globally as a primary screening method.  AI algorithms Other innovations include an automatic screening lane, centralized image processing, and artificial intelligence (AI). Looking ahead, AI algorithms have the ability to clear most passengers and bags automatically, making the process smoother and freeing up staff to focus only on alarms. The pandemic’s need for contactless screening may accelerate the adoption of AI.   CAT machine Credential Authentication Technology (CAT) machines automatically verify identification documents presented by passengers during the screening process. The TSA continues to accept expired Driver’s Licenses and state-issued IDs for up to a year after expiration, based on the premise that license renewals may be delayed and/or more difficult during the pandemic. The REAL ID enforcement deadline was extended to Oct. 1, 2021.  Health precautions Checkpoint health precautions have been a part of the airport screening experience since early in the pandemic. Last summer, the TSA announced the “Stay Healthy. Stay Secure” campaign, which included requirements such as social distancing among travelers, ID verification without physical contact, plastic shielding installed at various locations, and increased cleaning and disinfecting. In January 2021, President Biden signed an Executive Order requiring travelers to wear face masks when in airports and other transportation facilities (to remain in effect until May 11). Checkpoint screening Clear is a privately owned company that provides expedited security that uses biometrics either a person’s eyes or face to speed along the process of getting people through checkpoints. TSA officers wear masks and gloves at checkpoints and may also wear eye protection or clear plastic face shields. The limits on allowable liquids a passenger may take on board were broadened to include a hand sanitizer container of up to 12 ounces, one per passenger in a carry-on bag. a paradigm shift Just as aviation security changed after 9/11, the COVID-19 crisis is expected to lead to a paradigm shift to create a safer and more secure environment. Measures were implemented so that passengers, staff and other stakeholders could have continued assurance and confidence in airports amid and after the pandemic.