Dahua Technology Ltd
Download PDF version Contact company

In the AIoT era, the world is getting smarter. Everything is going to have an online “ID” and then connected into a vast net of IoT devices, like a laptop computer, a mobile phone, a connected thermostat, or a network security camera.

Cybersecurity in the AIoT era

According to a Markets and Markets report, IoT is extensively used by smart cars to smart manufacturing and connected homes and building automation solutions. However, currently, there are no unified global technical standards for IoT, especially in terms of communications. This results in inefficient data management and reduced interoperability mechanism and ultimately may cause reduced security in the IoT network.

The global Internet of Things (IoT) security market size is expected to grow from USD 12.5 billion in 2020 to USD 36.6 billion by 2025, at a Compound Annual Growth Rate (CAGR) of 23.9%.

Importance of cybersecurity

Various vertical industries store unprecedented amounts of data on devices like IP cameras and NVRs

Dahua Technology, a video-centric smart IoT solution and service provider, believes cybersecurity is of vital strategic importance in the age of AIoT.

In various vertical industries, such as traffic, banking & finance, hospital, and critical infrastructure, organisations collect, process, and store unprecedented amounts of data on devices like IP cameras and NVRs. A significant portion of that data can be sensitive or private information, which can be prone to cyber-attacks and the situation, is getting worse because there are more devices than people.

As a security solution provider, Dahua Technology continuously invests in cybersecurity and actively copes with network security issues.

Continuous investment & active coping

Committed to becoming a leader in cybersecurity and privacy protection in the global security industry, Dahua Technology has been developing and exploiting cybersecurity for nearly 10 years. The company keeps investing about 10% of its annual sales revenue in R&D every year, including cybersecurity.

In addition, the company put together a professional team of nearly 100 personnel to focus on cybersecurity issues. With rich experience and sufficient resources, Dahua Technology promises to be positive, open, cooperative, and responsible when it comes to cybersecurity.

Dahua Technology cybersecurity approach

1. Organisational structure

In order to achieve better efficiency and effectiveness, Dahua Technology operates a comprehensive system to cope with all cybersecurity-related issues. The system, led by the cybersecurity committee, also contains a cybersecurity & data protection compliance group, cybersecurity institute, and product security incident response team (PSIRT).

The cybersecurity committee, above all departments or teams, can call resources from the whole company, from the R&D centre to the legal department, supply chain, overseas business department, etc. when necessary. Cybersecurity Institute is in charge of building the sSDLC process and implementing the process to all Dahua product series, making sure that all Dahua products are strong against cyberattacks.

2. Security development lifecycle

Dahua adopts a bunch of professional sSDLC (Security Development Lifecycle) security software to improve product security

Dahua Technology adopts a bunch of professional sSDLC (Security Development Lifecycle) security software to improve product security. During the security design phase, STRIDE + Attack Tree + PIA is adapted to improve threat modeling. During the security realisation phase, OWASP top 10 and over 150 CWEs are used to achieve static code analysis.

During the security test phase, over 20 tools within 7 fields are applied to realise the multiple security testing. CompTIA PenTest+/Security+ are used to carry out professional penetration testing, while compliance ISO 30111&290147 and MITRE org CAN are followed during vulnerability management after the products are sold.

3. Emergency response system

Cooperation with professionals from across the globe is a great way to improve vulnerability detection. Therefore, Dahua Cybersecurity Center (DHCC) is established to solve cybersecurity issues with security vulnerability reporting, announcement/notice, and cybersecurity knowledge sharing with our global customer base in order to provide them with more robust and secure products/solutions.

Product Security Incident Response Team (PSIRT) is an integral part of DHCC. Composed of professionals ranging from marketing, supply chain, service, and legal representatives, PSIRT is responsible for receiving, processing, and disclosing Dahua product and solution-related security vulnerabilities.

Team members are on duty 7 days a week and guarantee to respond to an emergency within 48 hours. End-user, partner, supplier, government agency, industry association, and independent researchers are encouraged to report potential risk or vulnerability to PSIRT by email.

4. Personal data & privacy protection

Dahua Technology also attaches great importance to personal data & privacy protection. Complying with applicable laws and regulations such as EU’s General Data Protection Regulation, EDPB’s Guidelines on the concepts of controller and processor in the GDPR, ETSI EN 303645’s Cyber Security for Consumer Internet of Things: Baseline Requirements as well as US’s California Consumer Privacy Act, the company established the Personal Data & Privacy Protection Standard.

The standard stipulates that privacy protection methods such as de-identification, data encryption, and systematic access control, privacy-friendly setting are fully adapted to the complete data life cycle all the way from the collection, transmitting, storage to sharing, copying, and deleting.

In addition, working with world-renowned third-party institutions, Dahua Technology has received Protected Privacy IoT Product Certification and ETSI Certification from TÜV Rheinland, as well as ISO 27018 Certification and ISO 27701 Certification from BSI, which help demonstrating its capability in managing personal information and compliance with privacy regulations around the world.

5. Continuously iterating security baseline

The security baseline built a security element layout of "AAA+CIA+P", a systematic protection framework

Centered on the core principles of Security by Design and Security by Default, the Dahua security baseline initiative taps into product safety technology to provide users with adequate safety guarantees.

Based on and practicing the security and privacy design principles, the security baseline builds a security element layout of "AAA+CIA+P", forming a systematic protection framework covering physical security, system security, application security, data security, network security, and privacy protection.

7 versions of baseline and 100+ principles have been developed to adapt Authentication, Authorisation, Audit, Confidentiality, Integrity, Availability, and Privacy protection deeply into the product quality assurance system, making sure that all Dahua products enjoy the factory default security.

6. Product security centre

In order to help users clearly understand the security status and capabilities of the device, the product security centre will assist users to conveniently and quickly set up the right security configuration to suit the scenarios.

General security capabilities include privacy protection (face occlusion, information hiding, etc.), video encryption, security alarm, trusted protection, CA certification management, key management service, attack defense, and so on.

7. Cybersecurity ecosystem

Adhering to openness and cooperation, Dahua Technology keeps cooperating with international authoritative security institutions to jointly build a secure ecosystem. By rich & in-depth communicating and cooperation with institutions like TÜV Rheinland, BSI, DNV·GL, Intertek EWA-Canada, and bright sight security lab, the company stays advanced its security capabilities and systems.

In a widely networked world of IoT, cybersecurity challenges are pretty much a universal sore spot for companies globally. Dahua Technology, in the business of keeping people safe, takes cybersecurity seriously from head to toe.

With a mindset that emphasises cybersecurity and all the resources that it can allocate to establish, carry out and strengthen the cybersecurity approach, Dahua Technology plans to stay positive, open, responsible and improving for the matter of cybersecurity.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Dahua Technology Ltd news

Bold Communications joins Dahua Eco Partner Program

Monitoring platform provider Bold Communications and Dahua Technology are pleased to announce that Bold has joined the ECO Partner Program. The Program is designed to create a closer integration and development relationship between Dahua and technology providers, with parties working to deliver an integrated monitoring solution for commercial ARCs and private control rooms.  Security solutions typically require technology from more than one manufacturer. An integrated system will often inc...

Dahua Technology announces QVIS Lighting and Security as a new distributor in the UK and Ireland market

Dahua Technology is pleased to announce the highly experienced QLS (QVIS Lighting and Security) has become a new distributor in the UK and Ireland market. “We are delighted to announce QLS as the latest distributor of Dahua products in the UK,” said James Wang, Vice President and the General Manager of the UK & Ireland. Video IoT technologies “With over 20 years’ industry experience and significant investments in stores and technology, QLS are well placed to boost...

Dahua Technology unveils new Partner app that offers rewards and key technology information to installers and integrators

Installers and integrators are set to benefit from Dahua Technology’s new Partner app, which is available to download free of charge. Partner app The app is loaded with information to help installers specify the most appropriate products for their projects. This includes detailed product specifications and comparisons, a range of ‘how to’ videos and documents exploring common technical issues, which are searchable by category, and the latest news about Dahua products and serv...

Dahua Technology Ltd case studies

Dahua Technology installs HD CCTV cameras with smart analytics using AI to secure iconic Battle of Britain Bunker

An important heritage site which played a key role in protecting the UK during World War II is itself being made safe and secure with the installation of a comprehensive and fully integrated security system, including more than 75 Dahua HD CCTV cameras. Battle of Britain Bunker The Battle of Britain Bunker is an underground operations room in Uxbridge, formerly used by No. 11 Group Fighter Command during the Second World War, most notably in the Battle of Britain and on D-Day. The operations...

Dahua Technology deploys networked video surveillance system at Petwood Hotel, formerly The Dambusters home

A networked surveillance system has been installed at Petwood Hotel in Lincolnshire, the former home of members of 617 Squadron, more famously known as The Dambusters, during World War 2. The hotel, situated in the village of Woodhall Spa, was originally built in 1905, as a country house for a wealthy Baroness, and after serving as a military convalescence hospital during World War 1, was converted into a hotel in 1933. Located among magnificent lawns and landscaped gardens, the Grade II-listed...

Dahua provides its Mobile Solution to enhance patrolling services for the Buenos Aires police

As one of the most important provinces of Argentina, Buenos Aires Province has been seeking to improve work efficiency and emergency response speed of its police force. However, the local police was always lacking of evidence when performing legal actions towards violence, traffic accidents, and other social incidents. This created temporary loopholes in law enforcement that criminals and erring people took advantage of in order to escape legal sanctions. For this reason, the Ministry of Securi...