Dahua’s cybersecurity approach

CCTV Handbook 2021 Cyber Security

In the AIoT era, the world is getting smarter. Everything is going to have an online ID and then connect into a vast network of IoT devices, like a laptop computer, a mobile phone, a connected thermostat or a network security camera.

Cybersecurity to watch in the AIoT era

According to a Marketsandmarkets report, IoT devices are extensively used by smart cars, smart manufacturing, connected homes and building automation solutions. However, there are currently no unified global technical standards for IoT, especially in terms of communications. This results in inefficient

data management and reduced interoperability and ultimately may cause reduced security in the IoT network. The global IoT security market is expected to grow from USD 12,5 billion in 2020 to USD 36,6 billion by 2025, at a compound annual growth rate (CAGR) of 23,9%.

Dahua Technology believes cybersecurity is of vital strategic importance in the age of AIoT. In various vertical industries, such as traffic, banking and finance, healthcare and critical infrastructure, organisations collect, process and store unprecedented amounts of data on devices like IP cameras and NVRs. A significant portion of that data can be sensitive or private information, which can be prone to cyber-attacks and the situation is getting worse. As a security solution provider, Dahua Technology continuously invests in cybersecurity and actively addresses network security issues.

Continuous investment

Committed to becoming a leader in cybersecurity and privacy protection in the global security industry, Dahua Technology has been developing cybersecurity for nearly 10 years. The company keeps investing about 10% of its annual sales revenue in R&D; every year, including cybersecurity. In addition, the company put together a professional team of nearly 100 people to focus on cybersecurity issues. With rich experience and sufficient resources, Dahua Technology promises to be positive, open, cooperative and responsible when it comes to cybersecurity.

Breaking down Dahua’s approach

Organisational structure

In order to achieve better efficiency and effectivity, Dahua operates a comprehensive system to cope with all cybersecurity-related issues. The system, led by a cybersecurity committee, also contains a cybersecurity and data protection compliance group, a cybersecurity institute and a Product Security Incident Response Team (PSIRT). The cybersecurity committee, above all departments or teams, can call on resources from the whole company, from the R&D; centre, to the legal department, supply chain, overseas business department, etc. when necessary. The cybersecurity institute is in charge of building sSDLC (secure software development lifecycle) processes and implementing them in all Dahua products.

Security development lifecycle

Dahua adopts a bunch of professional sSDLC security applications to improve product security. During the security design phase, STRIDE + Attack Tree + PIA are adapted to improve threat modelling. During the security realisation phase, OWASP (Open Web Application Security Project) top 10 and over 150 CWEs (Common Weakness Enumeration) are used to achieve static code analysis. During the security test phase, over 20 tools within seven fields are applied to complete multiple security testing processes. CompTIA PenTest+/Security+ are used to carry out professional penetration testing, while compliance to ISO 30111, ISO 290147 and MITRE are followed during vulnerability management after the products are sold.

Emergency response system

Cooperation with professionals from across the globe is a great way to improve vulnerability detection. Therefore, the Dahua Cybersecurity Centre (DHCC) was established to solve cybersecurity issues with security vulnerability reporting, announcement/notice and cybersecurity knowledge sharing with its global customer base in order to provide them with more robust and secure products and solutions.

The PSIRT is an integral part of the DHCC. Composed of professionals ranging from marketing, supply chain, service and legal representatives, PSIRT is responsible for receiving, processing and disclosing Dahua product and solution-related security vulnerabilities. Team members are on duty seven days a week and guarantee to respond to an emergency within 48 hours. End users, partners, suppliers, government agencies, industry association and independent researchers are encouraged to report potential risks or vulnerabilities to PSIRT at cybersecurity@dahuatech.com.

Personal data and privacy protection

Dahua also attaches great importance to personal data and privacy protection. Complying with applicable laws and regulations such as the EU’s General Data Protection Regulation (GDPR), the European Data Protection Board’s (EDPB) ETSI EN 303645 as well as the California Consumer Privacy Act, the company established the Personal Data & Privacy Protection Standard.

The standard stipulates that privacy protection methods such as de-identification, data encryption and systematic access control, privacy-friendly settings are fully adapted to the complete data life cycle all the way from collection, transmitting and storage, to sharing, copying and deleting. In addition, working with third-party institutions, Dahua has received the Protected Privacy IoT Product Certification and ETSI Certification from TÜV Rheinland, as well as an ISO 27018 Certification and ISO 27701 Certification from the BSI, which demonstrates its capability in managing personal information and compliance in line with privacy regulations around the world.

Continuously iterating security baseline

Centred on the core principles of security by design and security by default, the Dahua security baseline initiative taps into product safety technology to provide users with adequate safety guarantees. The security baseline builds a security element layout of ‘AAA+CIA+P’, forming a systematic protection framework covering physical security, system security, application security, data security, network security and privacy protection. Seven versions of the baseline and 100+ principles have been developed to adapt authentication, authorisation, audit, confidentiality, integrity, availability and privacy protection deeply into its product quality assurance system, making sure that all Dahua products enjoy factory default security.

Product security centre

In order to help users clearly understand the security status and capabilities of devices, the product security centre assists users to quickly set up the right security configuration to suit their requirements. General security capabilities include privacy protection (face occlusion, information hiding etc.), video encryption, security alarm, trusted protection, CA certification management, key management services, attack defence and so on.

Cybersecurity ecosystem

Adhering to openness and cooperation, Dahua Technology keeps cooperating with international authoritative security institutions to jointly build a security ecosystem. Through in-depth communicating and cooperating with institutions like TÜV Rheinland, BSI, DNV·GL, Intertek EWA-Canada and brightsight security lab, the company stays ahead of the curve in its security capabilities and systems.

In a widely networked world of IoT, cybersecurity challenges are pretty much a universal sore spot for companies. Dahua Technology, in the business of keeping people safe, takes cybersecurity seriously. With a mindset that emphasises cybersecurity and all the resources that it can allocate to establish, carry out and strengthen its cybersecurity approach, Dahua plans to stay positive, open, responsible and improving in all aspects of cybersecurity.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

A ‘step-change’ in tracking and monitoring
Issue 8 2020, Dahua Technology South Africa , CCTV, Surveillance & Remote Monitoring, Products
View an overall scene while monitoring a specific person or vehicle, or obtain a panoramic view while being able to zoom in and track particular targets.

Protecting business from ransomware at the edge
Issue 4 2021 , Cyber Security
It might not always be possible to prevent ransomware from infecting remote networks, however, a robust backup and disaster recovery strategy can get the business back on track if systems are locked down.

Entry-level XVR powered by AI
Issue 4 2021, Dahua Technology South Africa , CCTV, Surveillance & Remote Monitoring, Products
Dahua Technology recently launched its Cooper-I Series XVR. As the first entry-level XVR to offer AI functions, this series allows customers to use AI-enabled XVRs without spending a fortune.

USBs threats are back
Issue 4 2021 , Cyber Security
Kaspersky has uncovered a rare, wide-scale advanced persistent threat (APT) campaign; initial infection occurs via spear-phishing emails containing a malicious Word document and can then spread to other hosts through removable USB drives.

Incedo consolidates its cybersecurity defence
Issue 4 2021 , Cyber Security
Check Point Software´s end-to-end solution safeguards Incedo and its customers from a global spike in cyberattacks, while reducing costs and increasing productivity.

Top 10 security misperceptions
Issue 4 2021 , Cyber Security, Security Services & Risk Management
The Sophos Rapid Response team has compiled a list of the most commonly held security misperceptions they’ve encountered in the last 12 months while neutralising and investigating cyberattacks in a wide range of organisations.

Top cybersecurity considerations for SMEs in 2021
Issue 3 2021 , Cyber Security, News
Cisco has published its 2021 SMB Security Outcomes Study, highlighting what SMB leaders are doing to thrive in today's ever-evolving threat landscape, as well as offering actionable insights on where they should focus.

Local cyber is global
Issue 4 2021 , Cyber Security
Understanding the risks and how cybercriminals implement their attacks allows Performanta to prepare customers for a proactive security posture against these threats.

Cybersecurity in the physical security world
Issue 4 2021, Technews Publishing, Milestone Systems, Axis Communications SA, AVeS Cyber Security, Vox , Editor's Choice, Cyber Security, Integrated Solutions, IT infrastructure
Hi-Tech Security Solutions, in partnership with Milestone Systems, hosted a round table discussion to find out about the trends and realities and the importance of cybersecurity in the physical security and IoT world.

Smart living with Dahua
Issue 4 2021, Dahua Technology South Africa , Integrated Solutions, Residential Estate (Industry)
The Dahua Intelligent Residential Solution aims to achieve smart security, smart living and smart property management by using a combination of cutting-edge technologies while taking living experience to a new level.