Several video manufacturers have participated in the development of a U.K. 'Secure by Default' baseline standard to ensure cybersecurity measures are included in equipment as it leaves the factory. The standard includes ensuring that passwords must be changed from the manufacturer default at start-up, that chosen passwords should be sufficiently complex to provide a degree of assurance, and that controls are placed around how and when remote access should be commissioned.

The standard aims to ensure security products are cyber- and network-secure by default and out of the box. The concept is that network video products will ship to installers in the most hardened, cyber-security-optimal form possible, with default settings that provide minimal vulnerabilities on first use.

Secure by Default is a self-certification scheme that allows manufacturers to assess their systems for compliance and to apply for the U.K. Surveillance Camera Commissioner’s Secure by Default mark. The mark demonstrates to installers and customers that they are a competent manufacturer who takes the security of their products seriously.

Secure by Default is a self-certification scheme that allows manufacturers to assess their systems for compliance and to apply for the U.K.
The Secure By Default mark demonstrates to installers and customers that they take the security of their products seriously

Axis, Bosch, Hanwha, HikVision and Milestone Systems participated in developing the standard, which was officially unveiled at the IFSEC 2019 show. “The launch of the standard is not the end of the journey, but rather the beginning of something unique, exciting and vital for the future success of video surveillance,” says cybersecurity consultant Mike Gillespie, who works with the National Surveillance Camera Strategy for England and Wales.

The standard has been developed so as not to present a barrier to entry

The manufacturer standard is intended to lay out the basic areas where all video surveillance systems should be secure, regardless of their intended use, whether in public space or not, says Gillespie. “This is very much intended to be an entry-level standard and has been written with the intention of providing [video] manufacturers with a minimum baseline level all should aspire to,” he says.

The standard has been developed so as not to present a barrier to entry for any competent and responsible manufacturer, he adds. The Secure by Default standards form part of a wider set of cyber security proposals from the Surveillance Camera Commissioner for the UK Home Office.

Adoption within the industry

Hanwha Techwin has embraced Secure by Default as part of its comprehensive approach to cybersecurity. “Although we appreciate security needs to be easy to implement, we do not allow for a default password to be used,” according to Hanwha Techwin. “We consider it essential that a secure password be set up during the initial installation process, which is why we prohibit the consecutive use of the same letter or number and we encourage the use of special characters as well as a combination of letters and numbers.”

Hanwha Techwin’s approach has been to make security a fundamental feature of cameras and recording devices. Cybersecurity has been taken into account at the start of the design and development process, and not just treated as an optional feature.

Article 25 mandates that organisations put in place appropriate technical and organisation measures

Axis is aligned with the Secure by Default principles recommended by the U.K. National Cybersecurity Strategy Code of Practice. Furthermore, General Data Protection Regulation (GDPR) makes data protection and security by design and default a legal requirement. Article 25 mandates that organisations put in place appropriate technical and organisation measures designed to implement data protection in an effective manner.

Gary Harmer, UK and Ireland Sales Director for Hikvision, said the new Secure by Default scheme is a further positive step forward for the industry, one which Hikvision fully supports.

The process of developing these standards has been one of open collaboration between companies across the network video security industry,” he said. “It’s a truly positive and genuine initiative geared towards creating a more secure environment for all stakeholders in the network security ecosystem.”

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Larry Anderson Editor, SecurityInformed.com & SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SourceSecurity.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SourceSecurity.com's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Elevated temperature screening is paving the way to Britain’s reopening
Elevated temperature screening is paving the way to Britain’s reopening

Technology has played a vital role in how businesses have enabled their employees to work productively from home during the COVID-19 pandemic. For those of us who can do our jobs from home you only have to look at the ‘Zoom Boom’ to see how much our working lives have changed compared to the beginning of the year. Despite the fact that those companies that can are now productively and efficiently operating remotely, the country is now facing the next challenge in this crisis: how to safely reopen workplaces for those who can’t. There is no argument that the economy hasn’t taken a hit during this unpredictable time. Shops, restaurants and entertainment facilities have been forced to close, and 23% of the country’s workforce (6.3 million people) has been furloughed. It’s no surprise that the Bank of England has warned that the UK is heading towards its sharpest recession on record. To counter this economic risk, the government is taking steps to slowly and cautiously reopen the economy by easing lockdown measures, sending people back to work and allowing businesses to reopen. With non-essential retail outlets now able to open from the 15th June, the question business owners face is how to operate safely and maintain social distancing practices, which are set to remain in place until such time as a vaccine is widely available. With lockdown easing and a ‘new normal’ on the horizon, the health of the country’s workforce mustn’t be forgotten in a bid to save the economy. This is why technology that can allow for a controlled return to work, while mitigating any risks to the health of consumers and employees, must play a part in the easing of lockdown. Temperature screening in the new normal Elevated temperature screening is one technology that should play a key part in return to work strategies and the safe reopening of businesses. This valuable solution uses a thermal and optical camera to analyse body temperature, which is a key indicator of the presence of a potential illness, and discreetly alerts the operator when the set temperature threshold is exceeded by someone screened by the tool. With temperature screening technology in place, the exposure of potentially infected individuals to others can be dramatically decreased and the risk of a localised outbreak minimised. Furthermore, for businesses such as retailers whose success is dependent on customers feeling safe to visit the premises, it has the added benefit of giving them additional assurances that visible measures for their protection are in place. In combination with other solutions, such as vigorous testing and screens to protect employees and customers, returning to work can be safe and controlled. With temperature screening technology in place, the exposure of potentially infected individuals to others can be dramatically decreased The reality of a ‘new normal’ may already be visible in some industries, such as grocery retail where one-way systems, plastic screens and constant cleaning are already in place. However, elevated temperature screening has countless applications for both essential and non-essential industries, ranging from offices and train stations, to hospitals and pharmacies. This screening technology allows businesses to take preventative steps to minimise the chances of the wider workforce and customers coming into contact with someone exhibiting symptoms of a potential illness. A number of businesses are already deploying this technology, such as Vodafone, which has deployed heat detection cameras at key UK sites to protect its employees. The camera used by the telco can screen up to eight people at once and 100 people per minute, while judging body temperature in less than half a second – all of which makes it ideal for congested and high traffic areas. Not all solutions are created equal Over the past few months, we have been inundated with images and videos of temperature screening taking place within key industries, which have continued to operate through the pandemic. However, the hand-held thermometers commonly being used require the device to be within an extremely short range of the subject and are only able to screen one person at a time. This is why remote elevated temperature screening solutions are so valuable – especially given that social distancing guidelines are unlikely to be relaxed in the near future. Stand-off solutions can enable temperature screening to take place without the need for close human interaction, further safeguarding employees and reducing the risk of contact with potentially infected individuals. Elevated temperature screening has countless applications for both essential and non-essential industries, ranging from offices and train stations, to hospitals and pharmacies Along with remote capabilities, there are a number of other crucial factors to take into account. The solution must be quick and easy to implement, as well as being highly accurate. When paired with a blackbody, the accuracy of temperature screening solutions can be within 0.3°C. Connectivity is also key and adopting an end-to-end solution linked to a centralised command and control location is invaluable. With holistic connectivity, these solutions can encompass cameras installed in multiple locations, and alarms can be viewed locally, remotely or on a smartphone app. This means that staff don’t need to provide direct supervision to the device on-site. With the guidelines regarding which industries and sectors can reopen changing on an almost daily basis, it’s important that these protective solutions can be installed without overhauling the surveillance infrastructure already in place. Looking ahead, adopting a solution with an upgrade path to other enhancements, such a facial recognition, is favourable as they can be used in conjunction with future and existing security measures.  Shop local Stand-off solutions can enable temperature screening to take place without the need for close human interaction Businesses have plenty on their minds as they prepare for the uncertainty that is sure to continue throughout the rest of the year and beyond. However, due diligence can’t be left to the wayside when looking to adopt an elevated temperature screening solution. There are high-risk vendors present in the market, many of which have been blacklisted in the US, and they must be given a wide berth. Buying British-made technology can alleviate these security concerns, as well as avoiding any logistical issues caused by the breakdown of global supply chains.  As the economy cautiously reopens, the country will have to adapt to a ‘new normal’ over the coming months. Elevated temperature screening solutions should be implemented by businesses to protect the health of the workforce and customers alike – ultimately paving the way to a safe and controlled return to work.

Which security technology is most misunderstood, and why?
Which security technology is most misunderstood, and why?

The general public gets much of its understanding of security industry technology from watching movies and TV. However, there is a gap between reality and the fantasy world. Understanding of security technologies may also be shaped by news coverage, including expression of extreme or even exaggerated concerns about privacy. The first step in addressing any challenge is greater awareness, so we asked this week’s Expert Panel Roundtable: Which security industry technology is most misunderstood by the general public and why?

Lessons Learned with Vanderbilt: How have you adapted to the COVID-19 pandemic?
Lessons Learned with Vanderbilt: How have you adapted to the COVID-19 pandemic?

With the postponement of tradeshows and events due to the effects of COVID-19, Vanderbilt and ComNet have taken their high quality, innovative solutions online, directly to their customer base. Through an Online Events and Training resource, you can stay connected with the brands’ top resources and products, as well as join upcoming product webinars hosted by their in-house experts. With a majority of the world currently working from home, businesses must respond to this changing landscape. As such, Vanderbilt and ComNet have turned to online resources to share new product demonstrations and other company news. One cornerstone of the ACRE brands approach was the launch of their Online Events and Training resource page. Ross Wilks, Head of Marketing Communications at Vanderbilt, credits this online resource as the anchor to their communicative success with customers at present. “Through weekly webinars delivered by our in-house experts, Vanderbilt and ComNet have embraced more virtual opportunities to continuously communicate to our customers regarding our latest and most relevant products,” he says. “To date, our webinars have covered a wide range of industry topics such as Why Physical Security and Cloud go together, and The most recent developments in card cloning and reader hacking. Attendance to these online events has proved popular and effective in keeping communication with our customer base open and engaging.” Each webinar ends with a Q&A section, as well as follow-up articles on the most asked questions, plus recordings of the webinars being made available to attendees. As such, the webinar approach has proven a receptive approach for Vanderbilt and ComNet. The Online Events and Training resource acts as a one-stop-shop for all virtual information. Overall, the page outlines the brands’ value-added resources for customers, including the ability to request a remote product demonstration, the availability of free online training, 24/7 access to the Vanderbilt webshop, plus the aforementioned weekly webinars. Vanderbilt and ComNet’s business mantra is built on a foundation of customer-focused core values such as empowerment, collaboration, and high performance and Wilks credits this mentality with their ability to keep information flowing to their base during the present pandemic. “The ACRE brands moved early to kick-start online webinars and ramp up awareness of their already existing online training and shopping options. Now more than ever, it is important to keep customers up to date on the latest offerings,” Wilks explains. “Our commitment has always been to make their customer’s security journey the best possible experience, and that is what this Online Events and Learning page primarily focuses on,” he concludes.