Several video manufacturers have participated in the development of a U.K. 'Secure by Default' baseline standard to ensure cybersecurity measures are included in equipment as it leaves the factory. The standard includes ensuring that passwords must be changed from the manufacturer default at start-up, that chosen passwords should be sufficiently complex to provide a degree of assurance, and that controls are placed around how and when remote access should be commissioned.

The standard aims to ensure security products are cyber- and network-secure by default and out of the box. The concept is that network video products will ship to installers in the most hardened, cyber-security-optimal form possible, with default settings that provide minimal vulnerabilities on first use.

Secure by Default is a self-certification scheme that allows manufacturers to assess their systems for compliance and to apply for the U.K. Surveillance Camera Commissioner’s Secure by Default mark. The mark demonstrates to installers and customers that they are a competent manufacturer who takes the security of their products seriously.

Secure by Default is a self-certification scheme that allows manufacturers to assess their systems for compliance and to apply for the U.K.
The Secure By Default mark demonstrates to installers and customers that they take the security of their products seriously

Axis, Bosch, Hanwha, HikVision and Milestone Systems participated in developing the standard, which was officially unveiled at the IFSEC 2019 show. “The launch of the standard is not the end of the journey, but rather the beginning of something unique, exciting and vital for the future success of video surveillance,” says cybersecurity consultant Mike Gillespie, who works with the National Surveillance Camera Strategy for England and Wales.

The standard has been developed so as not to present a barrier to entry

The manufacturer standard is intended to lay out the basic areas where all video surveillance systems should be secure, regardless of their intended use, whether in public space or not, says Gillespie. “This is very much intended to be an entry-level standard and has been written with the intention of providing [video] manufacturers with a minimum baseline level all should aspire to,” he says.

The standard has been developed so as not to present a barrier to entry for any competent and responsible manufacturer, he adds. The Secure by Default standards form part of a wider set of cyber security proposals from the Surveillance Camera Commissioner for the UK Home Office.

Adoption within the industry

Hanwha Techwin has embraced Secure by Default as part of its comprehensive approach to cybersecurity. “Although we appreciate security needs to be easy to implement, we do not allow for a default password to be used,” according to Hanwha Techwin. “We consider it essential that a secure password be set up during the initial installation process, which is why we prohibit the consecutive use of the same letter or number and we encourage the use of special characters as well as a combination of letters and numbers.”

Hanwha Techwin’s approach has been to make security a fundamental feature of cameras and recording devices. Cybersecurity has been taken into account at the start of the design and development process, and not just treated as an optional feature.

Article 25 mandates that organisations put in place appropriate technical and organisation measures

Axis is aligned with the Secure by Default principles recommended by the U.K. National Cybersecurity Strategy Code of Practice. Furthermore, General Data Protection Regulation (GDPR) makes data protection and security by design and default a legal requirement. Article 25 mandates that organisations put in place appropriate technical and organisation measures designed to implement data protection in an effective manner.

Gary Harmer, UK and Ireland Sales Director for Hikvision, said the new Secure by Default scheme is a further positive step forward for the industry, one which Hikvision fully supports.

The process of developing these standards has been one of open collaboration between companies across the network video security industry,” he said. “It’s a truly positive and genuine initiative geared towards creating a more secure environment for all stakeholders in the network security ecosystem.”

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Hikvision news

Hikvision announces attaining ISO 28000:2007 Supply Chain Security Management System certification

Hikvision, globally renowned supplier of innovative security products and solutions, has announced its ISO 28000:2007 certification, marking a further strengthening of the company’s supply chain security assurance. ISO 28000:2007 certification The ISO 28000 Supply Chain Security Management System standard was developed to satisfy the needs of enterprises for the standardisation of supply chain security management, with the goal of improving overall performance of the supply chain. The st...

Seeking clarity, the industry speaks up about the NDAA ‘blacklist’ provision

The devil is in the details. The broader implications of the U.S. Government ban on Chinese video surveillance manufacturers are being clarified in the federal rule-making process, and a public hearing in July gave the industry a chance to speak up about the impact of the law. Ban on equipment The hearing centered on Section 889 of Title VII of the National Defense Authorisation Act (NDAA) for FY 2019, specifically paragraph (a)(1)(B). The paragraph "prohibits agencies from entering into a con...

Hikvision’s DeepinMind NVR uses Deep Learning technology to secure ATMs from thieves

ATMs have become a cornerstone of day-to-day life for millions, but they can also be vulnerable to attack. The global ATM Industry Association reported an increase of ATM crime of 12% for 2017. And attacks, of course, often involve ATM users, potentially injuring them and causing trauma. But since, by definition, ATMs are often situated outside buildings and used at all times of the day and night, securing them is a challenge - and banks are turning to more intelligent solutions. According to A...

Hikvision case studies

Prama Hikvision’s security solutions safeguard Sanjivani Group of Institutes at Kopargoan, India

Prama Hikvision partnered with the Sanjivani Group of Institutes to offer latest surveillance and security solutions. For the first time that Artificial Intelligence was offered, and enabled face recognition terminals in India’s education sector. Sanjivani Group of Institutes situated at Kopargaon, Ahmednagar is a premier institute for Engineering, Pharmacy, Nursing and Diploma in Ahmednagar District. Sanjivani took its names and inspiration from the famous epic of Ramayana where ‘S...

Hikvision multi-site surveillance solution protects Gujarat Technical Education facility

VMS software and IP products from Hikvision, a supplier of innovative video surveillance products and solutions, are now being used by the Government of Gujarat Directorate of Technical Education (DTE), to protect and administer education facilities and services across Western India. A government organisation that provides qualitative and higher level technical training for students from a diverse mix of financial and social backgrounds, the Directorate of Technical Education’s (DTE) goal...

AMG Systems and Juniper Networks partner on IP-based CCTV traffic monitoring system for Belfast’s main motorway

AMG Systems has been commissioned to help digitise the traffic monitoring system for newly-extended hard shoulder bus lanes on Belfast’s main motorways, to make it more efficient, secure and reliable. A new IP-based CCTV system was being installed as part of the extension project, so the underlying fibre network needed to be upgraded in order to handle the high-grade images being transmitted back to the city’s Traffic Information and Control Centre (TICC). The upgrade helps to enhanc...