Secure by Default

11 Jun 2019

Hanwha Techwin is proud to have been invited to participate in the development of a new ‘Secure by Default’ standard for manufacturers of video surveillance products and solutions.

The standard, which aims to ensure that security surveillance products are cyber and network secure by default out of the box, was introduced by Tony Porter, the UK’s Surveillance Camera Commissioner on 20th June 2019 at IFSEC International at EXCEL London. The 20th June was also the date of National Surveillance Camera Day which saw control rooms open their doors to the public in order to raise awareness about how and why surveillance cameras are used.

Cyber security has been at the top of Hanwha Techwin’s list of priorities for some time. We believe our cameras and recorders incorporate all reasonable measures to prevent unauthorised access to images and data. However, we appreciate that it is important not to be complacent. Using third party security agencies, we have a sustained programme of monitoring and testing the latest methods of hacking. If and when necessary, we will develop further advanced versions of our firmware to combat any new identified threats.

A good starting point for any company providing electronic security products or services is to demonstrate it has done everything possible to protect its own IT infrastructure against the threat of a cyber attack. This is why Hanwha Techwin Europe has participated in the UK Government backed Cyber Essentials Scheme. This verifies we have adopted procedures to minimise the threat of an attack on the IT infrastructure at the company’s headquarters and this extends to cover field based laptops. In addition, Hanwha Techwin’s information security system has been ISO 27001 certified.

 

Product Protection

Hanwha Techwin approach has been to make security a fundamental feature of our cameras and recording devices. As such, it is taken into account at the start of the design and development process and not just treated as an optional feature.

 

Password protection

Our training programmes for installers and systems integrators highlights the importance of setting up password protection as an essential part of the commissioning process for cameras and recording devices. The importance of this has been underscored by recent high profile examples of hacking which occurred just because sensible password protocols were not implemented.

Although we appreciate security needs to be easy to implement, we do not allow for a default password to be used. We consider it essential that a secure password is set up during the initial installation process, which is why we prohibit the consecutive use of the same letter or number and we encourage the use of special characters as well as a combination of letters and numbers.

 

Protecting the ‘back door’

Using an intentionally created ‘back door’ to gain access to a camera, recorder or network can be managed through company policy. Hanwha Techwin recognised this in 2012 when we removed a function used for remote customer support which had the potential to be exploited. We upgraded firmware for every model, started third party agency testing and since then this policy has remained in effect.

 

Data Protection

Hanwha Techwin has published a White Paper which sets out the impact on video surveillance systems of the new General Data Protection Regulation (GDPR) which came into force in May 2018.

This article is intended to summarise the key aspects of the White Paper which addresses in detail the responsibilities of those who are in control of video surveillance systems. It also explains what steps Hanwha Techwin has taken to ensure the features and functions of its Wisenet cameras, recording devices and video management software (VMS), are able to assist operators in complying with GDPR.

Download the White Paper

 

Vigilance

Whilst no manufacturer can offer 100% guarantees, Hanwha Techwin is committed to providing video surveillance solutions which incorporate best practise in respect of preventing cyber attacks. We fully understand the importance of keeping our end-user clients’ data safe and will continue to be vigilant in our efforts to combat the cyber threat by use of technologies and features which, for example, strengthen the user authentication process and protect firmware through advanced encryption techniques.