Download PDF version Contact company

The new ‘Internet of Things’ world is characterised by millions upon millions of connected devices. With more insecure devices and network access points than ever before, ‘Secure-by-Design’ principles are essential for protecting against growing cyber security threats.

Internet-of-Things (IoT) world

Over the last few years, digital technologies have transformed the world, affecting all sectors of business activity and daily life. The result is an Internet-of-Things (IoT) world, where everything is instrumented and interconnected. By the end of 2018, there were an estimated 22 billion IoT-connected devices in use around the world. Forecasts suggest that this figure will increase to 50 billion by 2030, creating a massive web of interconnected devices. 

To support this highly connected future, thousands of Internet-of-Things (IoT) devices are connected to networks every day. Additionally, appetite for new features and functionality has created a ‘need for speed’ in terms of the development and deployment of new types of devices.

Integration of AI and ML into IoT-connected devices

Many IoT-connected devices are now highly complex, incorporating advanced AI algorithms

Many IoT-connected devices are now highly complex, incorporating advanced AI algorithms and other next-generation features. IP-based video security cameras are a good example of this. Over the last 15 years, they have evolved from simple analog video cameras into complex, fully digitalised IoT devices driven by Machine Learning (ML) and Artificial Intelligence (AI).

Like other types of devices, evolution has been driven by customer demands for improved functionality and connectivity. This demand also created urgency in the development process, with providers competing to offer the most advanced features as fast as possible to win customers and market share.

Balancing development speed with security considerations

The race to develop more feature-rich, more connected IoT devices has fulfilled customers’ operational needs, but there have often been compromised in terms of security.

After all, building security into all aspects of the production process takes time – a precious resource that is not always available. Because of time pressures, several device manufacturers have opted for development and production speed over security.

Global spike in IoT cyber security incidents

The consequences of speed over security have been an enormous increase in serious IoT cyber security incidents. Cybercriminals have been able to access millions of IoT devices relatively easily, simply because these devices were not developed and produced with security-in-mind.

By the end of 2016, for example, the Mirai Botnet had become world news and IoT security started to get some serious attention. This is a clear example of what can go wrong when insecure IoT devices like baby monitors, network routers, agricultural devices, medical devices, home appliances, DVRs, cameras, or smoke detectors are connected to the internet without proper security provision.

In the case of Mirai, attackers were able to hack into millions of insecure IoT devices, in this case, cameras. They then used the combined computer power of the devices to launch targeted DDoS (Distributed Denial of Service) internet attacks.

Lack of cyber defences in ageing firmware

Often IT departments are not even aware of all these devices on their networks

Unfortunately, many more cyber incidents with IoT devices have happened since 2016 and continue to happen every day. Security researchers from F-Secure issued a warning in 2019 that cyber-attacks on IoT devices are growing at an unprecedented rate. They measured ‘a three-fold increase in attack traffic to more than 2.9 billion events.’

In the research, this growing threat was attributed, in part, to ‘a basic lack of defences in ageing firmware or architectures and part down to a lack of info-security housekeeping’. Often IT departments are not even aware of all these devices on their networks. 

Critical importance of ‘Secure-by-Design’ production

One key way to prevent damaging attacks on IoT devices is to improve the defenses of these devices. Unfortunately, it is extremely hard to add effective security after the IoT device is produced and/or installed. Instead, the most effective way to prevent breaches is to implement security during device production, often known as ‘Secure-by-Design’ production.

Secure-by-Design is about building security into every stage of the production process, from the conceptual phase to the final delivery phase – as shown in the graphic below:

The most effective way to prevent breaches is to implement security during device production, often known as ‘Secure-by-Design’ production.
Secure-by-Design is to building security into every stage of the production process

In the conceptual phase, security requirements are defined - In the design phase, a security architecture is developed for the product design, in the development phase, software code review and code scanning will take place, in the verification phase, pen-testing is executed and in the delivery phase, security training and technical support are provided.

All these security measures in the production process improve the cyber resilience of a video security camera and make costly cyber security improvements afterwards unnecessary.

Making ‘Secure-by-Design’ an organisational priority

Secure-by-Design requires manufacturers to be open to penetration testing (pen testing) by third parties

There are several prerequisites for manufacturers who want to integrate Secure-by-Design principles into all aspects of their production process. First, there needs to be commitment at an organisational level to invest in the security of each product. This may have an impact on production costs, but it will also dramatically improve the security and credibility, and therefore value, of products by providing certain security assurances to customers.

As an additional requirement, Secure-by-Design requires manufacturers to be open to penetration testing (pen testing) by third parties, once the devices are designed, manufactured, and operational. This ensures that products are able to withstand new and emerging cyber security threats, as well as existing ones.

Bolstering cyber security

Ultimately, Secure-by-Design principles require manufacturers to be truly serious about bolstering their cyber security and protecting their customers against security breaches. This is the case at Hikvision, where the use of ‘Secure-by-Design’ principles is carried out to minimise the risk of damaging cyber security attacks across the product range.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Hikvision news

HikCentral Professional 2.0 now supports a broader range of security and business applications with a new user interface

Hikvision launched newly updated HikCentral Professional 2.0 security software (“HCP 2.0”), which blends feeds from multiple systems onto a single platform. HCP 2.0 can be configured to link video security devices, alarm, and access control systems, and more, including third-party systems through the OpenAPI – for easy centralised management of a variety of security and business applications. Frank Zhang, President of Hikvision’s International Product and Solution Center...

Hikvision EI Smart Managed Switches are a line of smart PoE switches that offer simplified installation and remote management

Hikvision, the globally renowned manufacturer and supplier of security products and solutions, now offers a line of smart PoE switches, designed to simplify installation, remote management, and system maintenance. EI Smart Managed Switches The new Hikvision EI Smart Managed Switch portfolio includes a host of unique features, including advanced visualised topology, network health monitoring and real-time alarm notifications. “Our new EI Smart Managed Switch offering combines the ideal c...

Hikvision's cameras employed to prevent waste fires

Waste fires – in other words, fires that occur in waste or recycling plants - is a very serious global issue. Countries all over the world are suffering from more than one fire per day in the waste and recycling industry. This causes a risk of injury to employees, damage to sites and machinery, and damage to reputation. And that’s even before one considers the potential environmental impact. There’s more irony here too – one of the biggest risks for fire in a waste facil...

Hikvision case studies

Hikvision provides their security systems to enhance maintenance systems for Chaka Wind Farm

Wind is a free and unlimited resource that provides potential energy toward the growing demand for clean, renewable power. In coastlines, islands, grasslands, mountainous areas, and plateaus that lack water, fuel, and convenient transportation, wind power poses a potential boon for addressing local challenges. Chaka Wind Farm is located on the Gobi Desert in Qinghai Province, China. At an altitude of 3,200 meters (nearly 2 miles), Qinghai has abundant wind energy reserves. Since its commissioni...

Hikvision provides an intelligent traffic management solution to the city of Chorzow to streamline their public transport

With traffic levels constantly rising, cities around the world are looking for ways to manage the sheer number of traffic on their roads. The city of Chorzow in southern Poland wanted to go a step further and provide information to streamline their public transport on the roads, as well as regular vehicles. They approached Sprint, a systems integrator in Poland, who delivered an intelligent traffic management solution using Hikvision technology. City municipal Board of Streets and Bridges in Ch...

Hikvision cameras secure logistics company Samskip with the help of Securitas Iceland

When you’re securing premises in Iceland, you need a reliable system that can cope with both plummeting temperatures and low-light levels. Hikvision cameras were used in such a solution – chosen by Securitas Iceland to secure a harbour for customer Samskip in Reykjavik. Global logistics company Samskip is one of the larger transport companies in Europe with offices in 24 countries in Europe, North and South America, Asia and Australia. They operate an extensive network of container...