Dahua Technology’s cybersecurity approach

Issue 3 2021 Surveillance, Information Security

In the AIoT era, the world is getting smarter. Everything is going to have an online ID and then connect into a vast net of IoT devices, like a laptop computer, a mobile phone, a connected thermostat or a network security camera.

According to a Marketsandmarkets report, IoT is extensively used by smart cars to smart manufacturing and connected homes and building automation solutions. However, currently there are no unified global technical standards for IoT, especially in terms of communications. This results in inefficient data management and reduced interoperability and ultimately may cause reduced security in the IoT network. The global Internet of Things (IoT) security market size is expected to grow from $12.5 billion in 2020 to $36.6 billion by 2025, at a compound annual growth rate (CAGR) of 23.9%.

Dahua Technology, a video-centric smart IoT solution and service provider, believes cybersecurity is of vital strategic importance in the age of AIoT. In various vertical industries, such as traffic, finance, hospital and critical infrastructure, organisations collect, process and store unprecedented amounts of data on devices like IP cameras and NVRs. A significant portion of that data can be sensitive or private information, which can be prone to cyber-attacks and the situation is getting worse because there are more devices than people. As a security solution provider, Dahua continuously invests in cybersecurity and actively focuses on network security issues.

Continuous investment and focus

The company keeps investing about 10% of its annual sales revenue in R&D; every year, including cybersecurity. In addition, the company put together a professional team of nearly 100 personnel to focus on cybersecurity issue. With rich experience and sufficient resources, Dahua promises to be positive, open, cooperative and responsible when it comes to cybersecurity.

In order to achieve better efficiency, Dahua operates a comprehensive system to cope with all cybersecurity related issues. The system, led by a cybersecurity committee, also contains a cybersecurity and data protection compliance group, cybersecurity institute and product security incident response team (PSIRT). The cybersecurity committee, above all departments or teams, can call resources from the whole company, from the R&D; centre, to legal department, supply chain, overseas business department, etc. when necessary. The Cybersecurity Institute is in charge of building SDLC processes and implementing them in all Dahua products.

Security development lifecycle

Dahua adopts a number of professional SDLC (Security Development Lifecycle) applications to improve product security. During the security design phase, STRIDE + Attack Tree + PIA is adapted to improve threat modelling.During the security realisation phase, OWASP top 10 and over 150 CWEs are used to achieve static code analysis. During the security test phase, over 20 tools within seven fields are applied to complete the multiple security testing processes. CompTIA PenTest+/Security+ is used to carry out professional penetration testing, while compliance ISO 30111 and 290147 are followed during vulnerability management after the products are sold.

Emergency response system

Cooperation with professionals from across the globe is a great way to improve vulnerability detection. Therefore, the Dahua Cybersecurity Centre (DHCC) was established to solve cybersecurity issues with security vulnerability reporting, announcement/notice and cybersecurity knowledge sharing with its global customer base. The Product Security Incident Response Team (PSIRT) is an integral part of the DHCC. Composed of professionals ranging from marketing, supply chain, service and legal representatives, PSIRT is responsible for receiving, processing and disclosing Dahua-related security vulnerabilities. Team members are on duty seven days a week and guarantee to respond to an emergency within 48 hours. End user, partner, supplier, government agency, industry association and independent researcher are encouraged to report potential risk or vulnerability to the PSIRT at [email protected].

Personal data and privacy protection

Dahua Technology also attaches great importance to personal data and privacy protection. Complying with applicable laws and regulations such as EU’s General Data Protection Regulation (GDPR), EDPB’s guidelines on the concepts of controller and processor in the GDPR, ETSI EN 303645’s Cyber Security for Consumer Internet of Things: Baseline Requirements as well as the USA’s California Consumer Privacy Act, the company established the Personal Data and Privacy Protection Standard. The standard stipulates that privacy protection methods such as de-identification, data encryption and systematic access control and privacy-friendly settings are fully adapted to the complete data life cycle all the way from collection, transmitting, storage to sharing, copying and deleting. In addition, working with third-party institutions, Dahua has received Protected Privacy IoT Product Certification and ETSI Certification from TÜV Rheinland, as well as ISO 27018 and ISO 27701 Certification from the BSI, which help in demonstrating its capability in managing personal information and compliance with privacy regulations around the world.

In a widely networked world of IoT, cybersecurity challenges are a universal sore spot for companies. Dahua Technology, in the business of keeping people safe, takes cybersecurity seriously. With a mindset that emphasises cybersecurity and all the resources it can allocate to establish, carry out and strengthen its cybersecurity approach, Dahua Technology plans to stay positive, open, responsible and constantly improving in the field of cybersecurity.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Pentagon appointed as Milestone distributor
Elvey Security Technologies News & Events Surveillance
Milestone Systems appointed Pentagon Distribution (an Elvey Group company within the Hudaco Group of Companies) as a distributor. XProtect’s open architecture means no lock-in and the ability to customise the connected video solution that will accomplish the job.

Horn speakers from Sunell
Forbatt SA Products & Solutions Surveillance Residential Estate (Industry)
Horn speakers are an effective tool for actively deterring intruders from entering estates. By emitting loud, clear audio warnings, horn speakers can alert trespassers that they have been detected and are being monitored.

Sunell’s range of thermal cameras
Forbatt SA Products & Solutions Surveillance Residential Estate (Industry)
Thermal cameras offer significant value to estate security. Their ability to provide reliable surveillance in all lighting and weather conditions ensures continuous monitoring, providing a constant sense of security and reducing the likelihood of security breaches.

Integrating radar and surveillance
Forbatt SA Products & Solutions Surveillance Residential Estate (Industry)
Integrating radar with CCTV video systems significantly enhances estate security by providing long-range threat detection and comprehensive monitoring capabilities. This combination leverages the strengths of both technologies, offering several key benefits.

Sunell anti-corrosion cameras
Forbatt SA Products & Solutions Surveillance Residential Estate (Industry)
With Sunell’s anti-corrosion range of cameras, the initial investment in anti-corrosion CCTV cameras may be higher than standard cameras, but the long-term benefits outweigh the upfront costs.

Latest AI solution to manage guards
DeepAlert Products & Solutions Surveillance AI & Data Analytics
No guard at the guardhouse? Guard under duress? Guard asleep? DeepAlert’s AI technology delivers real-time alerts to mobile phones and video management systems, helping you manage your guards more effectively.

Axis advanced radar system
Axis Communications SA Products & Solutions Surveillance Residential Estate (Industry)
The Axis D2210-VE also offers a radar-video fusion model, combining the strengths of both technologies to provide comprehensive monitoring and enhanced situational awareness.

ONVIF launches new working groups for cloud, metadata and audio
News & Events Surveillance
ONVIF, the global standardisation initiative for IP-based physical security products, is announcing the formation of three new working groups to tackle standardisation work in cloud connectivity, audio, and advanced metadata.

Dallmeier receives ISO 27001 certification
Dallmeier Electronic Southern Africa Surveillance News & Events
Dallmeier has received ISO 27001 certification for its Information Security Management System (ISMS). The international standard for information security management ensures that companies meet the highest standards of data protection and data security.

AI and ransomware: cutting through the hype
AI & Data Analytics Information Security
It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it.