In a widely networked world today, cybersecurity is an increasing concern among users, and will become more of an issue with the development of AIoT. Many manufacturers have begun to proactively take steps towards more secure products, both in their hardware and software solutions.

As a responsible manufacturer, Dahua Technology attaches great importance to cybersecurity and privacy protection. It maintains a high cybersecurity standard to provide users with secure products and responsive support through a series of initiatives, continuously setting up special funds to improve product security R&D and delivery, research on key security technologies, and the construction of security emergency response systems.

Focus on Security and Privacy Technology Research

For a long time, Dahua has been deeply exploring and developing product security technologies to provide users with solid security guarantees. To help users better comply with data protection laws and regulations around the world, Dahua has developed security technologies and applied industry best practices related to data protection, such as authentication, authority management and video stream encryption. At the same time, products equipped with product security center feature can analyze the security level of the device (e.g. weak passwords, functional configurations, security modules, etc.), assisting users to conveniently and quickly set up the right security configuration to suit the scenarios.

Security Assurance Throughout Product Development Lifecycle

The Dahua Cybersecurity Institute has built a professional sSDLC (secure Software Development Lifecycle) process that provides security management covering the entire product development lifecycle; from requirement, design, implementation, verification to production. Committed to providing users with “Security by Default” and “Privacy by Default” guarantees, the company adopts security and privacy baselines from the initial requirement stage to provide security standards for each product. Moreover, “STRIDE + Attack Tree + PIA” threat modeling, standardized management and control of open source and third-party software, static code analysis, multiple security testing, and Pen-Testing are also adopted to comprehensively strengthen product security.

Vulnerability Management and Emergency Response System

By establishing Dahua Cybersecurity Center (DHCC), Dahua aims to mitigate cybersecurity issues by providing security vulnerability reports and sharing cybersecurity know-how with customers. Moreover, Dahua has its Product Security Incident Response Team (PSIRT) in place to receive, process and disclose any security vulnerability related to Dahua products and solutions. It is in compliance with ISO/IEC 30111, ISO/IEC 29147 and other industry standards. Dahua strongly encourages partners, customers and end users to conduct regular firmware updates and maintenance during the product’s life cycle, and report any vulnerability discovered on any Dahua devices to cybersecurity@dahuatech.com.

Building Up a Cyber Ecosystem with International Security Institutions

In the world of AIoT and cyberattacks, all partners involved need to make the commitment to stay involved and keep open lines of communication. Dahua always adheres to its core values of openness and cooperation and constantly seeks cooperation with international authoritative security institutions to jointly build a robust security ecosystem while improving its own security capabilities and solutions. The company has established audit and certification cooperation with a number of international security institutions, including British Standards Institution (BSI), Bureau Veritas (BV), TÜV Rheinland, Intertek EWA-Canada as well as many others. While complying with applicable laws and regulations such as GDPR, Dahua’s capability in product security and corporate cybersecurity management has been certified by ISO/IEC27001, ISO/IEC 27701, FIPS 140-2, ETSI EN 303645, ETSI TS103645 and other global standards.

Effective protection of cybersecurity and data security is the key to the continuous and in-depth development of AIoT. Whether you are a manufacturer, integrator or end user, let’s move forward together for a responsible, open, professional, and systematic cybersecurity environment.