Download PDF version Contact company

In the AIoT era, the world is getting smarter. Everything is going to have an online “ID” and then connected into a vast net of IoT devices, like a laptop computer, a mobile phone, a connected thermostat, or a network security camera.

Cybersecurity in the AIoT era

According to a Markets and Markets report, IoT is extensively used by smart cars to smart manufacturing and connected homes and building automation solutions. However, currently, there are no unified global technical standards for IoT, especially in terms of communications. This results in inefficient data management and reduced interoperability mechanism and ultimately may cause reduced security in the IoT network.

The global Internet of Things (IoT) security market size is expected to grow from USD 12.5 billion in 2020 to USD 36.6 billion by 2025, at a Compound Annual Growth Rate (CAGR) of 23.9%.

Importance of cybersecurity

Various vertical industries store unprecedented amounts of data on devices like IP cameras and NVRs

Dahua Technology, a video-centric smart IoT solution and service provider, believes cybersecurity is of vital strategic importance in the age of AIoT.

In various vertical industries, such as traffic, banking & finance, hospital, and critical infrastructure, organisations collect, process, and store unprecedented amounts of data on devices like IP cameras and NVRs. A significant portion of that data can be sensitive or private information, which can be prone to cyber-attacks and the situation, is getting worse because there are more devices than people.

As a security solution provider, Dahua Technology continuously invests in cybersecurity and actively copes with network security issues.

Continuous investment & active coping

Committed to becoming a leader in cybersecurity and privacy protection in the global security industry, Dahua Technology has been developing and exploiting cybersecurity for nearly 10 years. The company keeps investing about 10% of its annual sales revenue in R&D every year, including cybersecurity.

In addition, the company put together a professional team of nearly 100 personnel to focus on cybersecurity issues. With rich experience and sufficient resources, Dahua Technology promises to be positive, open, cooperative, and responsible when it comes to cybersecurity.

Dahua Technology cybersecurity approach

1. Organisational structure

In order to achieve better efficiency and effectiveness, Dahua Technology operates a comprehensive system to cope with all cybersecurity-related issues. The system, led by the cybersecurity committee, also contains a cybersecurity & data protection compliance group, cybersecurity institute, and product security incident response team (PSIRT).

The cybersecurity committee, above all departments or teams, can call resources from the whole company, from the R&D centre to the legal department, supply chain, overseas business department, etc. when necessary. Cybersecurity Institute is in charge of building the sSDLC process and implementing the process to all Dahua product series, making sure that all Dahua products are strong against cyberattacks.

2. Security development lifecycle

Dahua adopts a bunch of professional sSDLC (Security Development Lifecycle) security software to improve product security

Dahua Technology adopts a bunch of professional sSDLC (Security Development Lifecycle) security software to improve product security. During the security design phase, STRIDE + Attack Tree + PIA is adapted to improve threat modeling. During the security realisation phase, OWASP top 10 and over 150 CWEs are used to achieve static code analysis.

During the security test phase, over 20 tools within 7 fields are applied to realise the multiple security testing. CompTIA PenTest+/Security+ are used to carry out professional penetration testing, while compliance ISO 30111&290147 and MITRE org CAN are followed during vulnerability management after the products are sold.

3. Emergency response system

Cooperation with professionals from across the globe is a great way to improve vulnerability detection. Therefore, Dahua Cybersecurity Center (DHCC) is established to solve cybersecurity issues with security vulnerability reporting, announcement/notice, and cybersecurity knowledge sharing with our global customer base in order to provide them with more robust and secure products/solutions.

Product Security Incident Response Team (PSIRT) is an integral part of DHCC. Composed of professionals ranging from marketing, supply chain, service, and legal representatives, PSIRT is responsible for receiving, processing, and disclosing Dahua product and solution-related security vulnerabilities.

Team members are on duty 7 days a week and guarantee to respond to an emergency within 48 hours. End-user, partner, supplier, government agency, industry association, and independent researchers are encouraged to report potential risk or vulnerability to PSIRT by email.

4. Personal data & privacy protection

Dahua Technology also attaches great importance to personal data & privacy protection. Complying with applicable laws and regulations such as EU’s General Data Protection Regulation, EDPB’s Guidelines on the concepts of controller and processor in the GDPR, ETSI EN 303645’s Cyber Security for Consumer Internet of Things: Baseline Requirements as well as US’s California Consumer Privacy Act, the company established the Personal Data & Privacy Protection Standard.

The standard stipulates that privacy protection methods such as de-identification, data encryption, and systematic access control, privacy-friendly setting are fully adapted to the complete data life cycle all the way from the collection, transmitting, storage to sharing, copying, and deleting.

In addition, working with world-renowned third-party institutions, Dahua Technology has received Protected Privacy IoT Product Certification and ETSI Certification from TÜV Rheinland, as well as ISO 27018 Certification and ISO 27701 Certification from BSI, which help demonstrating its capability in managing personal information and compliance with privacy regulations around the world.

5. Continuously iterating security baseline

The security baseline built a security element layout of "AAA+CIA+P", a systematic protection framework

Centered on the core principles of Security by Design and Security by Default, the Dahua security baseline initiative taps into product safety technology to provide users with adequate safety guarantees.

Based on and practicing the security and privacy design principles, the security baseline builds a security element layout of "AAA+CIA+P", forming a systematic protection framework covering physical security, system security, application security, data security, network security, and privacy protection.

7 versions of baseline and 100+ principles have been developed to adapt Authentication, Authorisation, Audit, Confidentiality, Integrity, Availability, and Privacy protection deeply into the product quality assurance system, making sure that all Dahua products enjoy the factory default security.

6. Product security centre

In order to help users clearly understand the security status and capabilities of the device, the product security centre will assist users to conveniently and quickly set up the right security configuration to suit the scenarios.

General security capabilities include privacy protection (face occlusion, information hiding, etc.), video encryption, security alarm, trusted protection, CA certification management, key management service, attack defense, and so on.

7. Cybersecurity ecosystem

Adhering to openness and cooperation, Dahua Technology keeps cooperating with international authoritative security institutions to jointly build a secure ecosystem. By rich & in-depth communicating and cooperation with institutions like TÜV Rheinland, BSI, DNV·GL, Intertek EWA-Canada, and bright sight security lab, the company stays advanced its security capabilities and systems.

In a widely networked world of IoT, cybersecurity challenges are pretty much a universal sore spot for companies globally. Dahua Technology, in the business of keeping people safe, takes cybersecurity seriously from head to toe.

With a mindset that emphasises cybersecurity and all the resources that it can allocate to establish, carry out and strengthen the cybersecurity approach, Dahua Technology plans to stay positive, open, responsible and improving for the matter of cybersecurity.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

Panasonic AI-driven cameras empower an expanding vision of new uses
Panasonic AI-driven cameras empower an expanding vision of new uses

Imagine a world where video cameras are not just watching and reporting for security, but have an even wider positive impact on our lives. Imagine that cameras control street and building lights, as people come and go, that traffic jams are predicted and vehicles are automatically rerouted, and more tills are opened, just before a queue starts to form. Cameras with AI capabilities Cameras in stores can show us how we might look in the latest outfit as we browse. That’s the vision from Panasonic about current and future uses for their cameras that provide artificial intelligence (AI) capabilities at the edge. Panasonic feels that these types of intelligent camera applications are also the basis for automation and introduction of Industry 4.0, in which processes are automated, monitored and controlled by AI-driven systems. 4K network security cameras The company’s i-PRO AI-capable camera line can install and run up to three AI-driven video analytic applications Panasonic’s 4K network security cameras have built-in AI capabilities suitable for this next generation of intelligent applications in business and society. The company’s i-PRO AI-capable camera line can install and run up to three AI-driven video analytic applications. The AI engine is directly embedded into the camera, thus reducing costs and Panasonic’s image quality ensures the accuracy of the analytics outcome. FacePRO facial recognition technology Panasonic began advancing AI technology on the server side with FacePRO, the in-house facial recognition application, which uses AI deep learning capabilities. Moving ahead, they transitioned their knowledge of AI from the server side to the edge, introducing i-PRO security cameras with built-in AI capabilities last summer, alongside their own in-house analytics. Moreover, in line with the Panasonic approach to focus more on collaboration with specialist AI software developers, a partnership with Italian software company, A.I. Tech followed in September, with a range of intelligent applications, partially based on deep learning. Additional collaborations are already in place with more than 10 other developers, across the European Union, working on more future applications. i-PRO AI-capable security cameras Open systems are an important part of Panasonic’s current approach. The company’s i-PRO AI-capable cameras are an open platform and designed for third-party application development, therefore, applications can be built or tailored to the needs of an individual customer. Panasonic use to be a company that developed everything in-house, including all the analytics and applications. “However, now we have turned around our strategy by making our i-PRO security cameras open to integrate applications and analytics from third-party companies,” says Gerard Figols, Head of Security Solutions at Panasonic Business Europe. Flexible and adapting to specific customer needs This new approach allows the company to be more flexible and adaptable to customers’ needs. “At the same time, we can be quicker and much more tailored to the market trend,” said Gerard Figols. He adds, “For example, in the retail space, enabling retailers to enhance the customer experience, in smart cities for traffic monitoring and smart parking, and by event organisers and transport hubs to monitor and ensure safety.” Edge-based analytics offer multiple benefits over server-based systems Edge-based analytics Edge-based analytics offer multiple benefits over server-based systems. On one hand, there are monetary benefits - a cost reduction results from the decreased amount of more powerful hardware required on the server side to process the data, on top of reduction in the infrastructure costs, as not all the full video stream needs to be sent for analysis, we can work solely with the metadata. On the other hand, there are also advantages of flexibility, as well as reliability. Each camera can have its own individual analytic setup and in case of any issue on the communication or server side, the camera can keep running the analysis at the edge, thereby making sure the CCTV system is still fully operational. Most importantly, systems can keep the same high level of accuracy. Explosion of AI camera applications We can compare the explosion of AI camera applications to the way we experienced it for smartphone applications" “We can compare the explosion of AI camera applications to the way we experienced it for smartphone applications,” said Gerard Figols, adding “However, it doesn’t mean the hardware is not important anymore, as I believe it’s more important than ever. Working with poor picture quality or if the hardware is not reliable, and works 24/7, software cannot run or deliver the outcome it has been designed for.” As hardware specialists, Figols believes that Panasonic seeks to focus on what they do best - Building long-lasting, open network cameras, which are capable of capturing the highest quality images that are required for the latest AI applications, while software developers can concentrate on bringing specialist applications to the market. Same as for smartphones, AI applications will proliferate based on market demand and succeed or fail, based on the value that they deliver. Facial recognition, privacy protection and cross line technologies Panasonic has been in the forefront in developing essential AI applications for CCTV, such as facial recognition, privacy protection and cross line. However, with the market developing so rapidly and the potential applications of AI-driven camera systems being so varied and widespread, Panasonic quickly realised that the future of their network cameras was going to be in open systems, which allow specialist developers and their customers to use their sector expertise to develop their own applications for specific vertical market applications, while using i-PRO hardware. Metadata for detection and recognition Regarding privacy, consider that the use of AI in cameras is about generating metadata for the detection and recognition of patterns, rather than identifying individual identities. “However, there are legitimate privacy concerns, but I firmly believe that attitudes will change quickly when people see the incredible benefits that this technology can deliver,” said Gerard Figols, adding “I hope that we will be able to redefine our view of cameras and AI, not just as insurance, but as life advancing and enhancing.” i-PRO AI Privacy Guard One of the AI applications that Panasonic developed was i-PRO AI Privacy Guard Seeking to understand and appreciate privacy concerns, one of the AI applications that Panasonic developed was i-PRO AI Privacy Guard that generates data without capturing individual identities, following European privacy regulations that are among the strictest in the world. Gerard Fogils said, “The combination of artificial intelligence and the latest generation open camera technology will change the world’s perceptions from Big Brother to Big Benefits. New applications will emerge as the existing generation of cameras is updated to the new open and intelligent next generation devices, and the existing role of the security camera will also continue.” Future scope of AI and cameras He adds, “Not just relying on the security cameras for evidence when things have gone wrong, end users will increasingly be able to use AI and the cameras with much higher accuracy to prevent false alarms and in a proactive way to prevent incidents." Gerard Fogils concludes, “That could be monitoring and alerting when health and safety guidelines are being breached or spotting and flagging patterns of suspicious behaviour before incidents occur.”

What is the best lesson you ever learned from an end user?
What is the best lesson you ever learned from an end user?

Serving customer needs is the goal of most commerce in the physical security market. Understanding those needs requires communication and nuance, and there are sometimes surprises along the way. But in every surprising revelation – and in every customer interaction – there is opportunity to learn something valuable that can help to serve the next customer’s needs more effectively. We asked this week’s Expert Panel Roundtable: what was the best lesson you ever learned from a security end user customer?

What is the impact of remote working on security?
What is the impact of remote working on security?

During the coronavirus lockdown, employees worked from home in record numbers. But the growing trend came with a new set of security challenges. We asked this week’s Expert Panel Roundtable: What is the impact of the transition to remote working/home offices on the security market?