CyberSecurity_Banner_v2_opt

Cybersecurity

Hanwha Vision Cybersecurity

At Hanwha Vision, cybersecurity begins at the product development stage and continues on long after a product has reached its end of production. Our innovative hardware technologies and usage of cybersecurity best practices ensure that network and IP camera devices meet the highest levels of security achievable.

Subscribe to our RSS feed to be notified of cybersecurity-related updates using your favorite RSS feed reader. 

BestPractices_Banner2_opt

Built-in Best Practices

The Hanwha Vision Security Policy

Hanwha_Security_Policy_Icons_Client

Client

Complex password policy

Hanwha_Security_Policy_Icons_HTTP

HTTP/HTTPS

Encrypted video data transmission

Hanwha_Security_Policy_Icons_Web_Server

Web Server

No backdoor via Telnet/SSH

Hanwha_Security_Policy_Icons_Application

Application

Encrypted firmware

Hanwha_Security_Policy_Icons_Database

Database

Database encryption

S-Cert

Hanwha Vision’s S-CERT

Hanwha Vision’s Security Computer Emergency Response Team, S-CERT, is dedicated to designing proactive safeguards against unauthorized device access and intrusion as well as addressing security vulnerabilities found in Hanwha Vision products.

The latest example of Hanwha Vision’s commitment to driving industry-wide standards and best practices in cybersecurity is the company’s new role as a CVE Numbering Authority (CNA). Authorization as a CNA allows Hanwha Vision to work with the Common Vulnerabilities and Exposures (CVE®) program to identify, define, and catalog publicly reported cybersecurity vulnerabilities. All information is then shared, assigned, and published to a CVE List that feeds the U.S. National Vulnerability Database (NVD), all for the collective benefit of the international information technology (IT) and cybersecurity communities. 

Download White Paper

Long-term Firmware Support Policy

Hanwha Vision will provide firmware updates to address cybersecurity vulnerabilities discovered in our camera products for up to five years after a product’s discontinuation date.

VIEW POLICY
User_education
Cybersecurity Education

Even when using the most advanced cybersecurity technologies, almost all data and network breaches experienced by an organization originate at the user level. Hanwha Vision provides tools and documentation as well as regularly conducts in-person and online training via webinar to cover cybersecurity hardening topics to guide and educate customers and integrators in the best and most up to date cybersecurity practices available.

Network Hardening Guide

Hanwha Vision has been continuously making eff­orts to strengthen cyber security with a careful consideration of customers' property and personal information. This guide will help you understand and safely use the security features implemented in Hanwha Vision cameras and recorders.

Download White Paper
Network Hardening Guide NVR

This guide will help you understand and safely use the security features implemented in Hanwha Vision NVRs (7-2020)

Download White Paper
Guidelines for secure use of SNMP

Occurrence of denial-of-service attacks and secure use of the SNMP service

Download White Paper

Uncompromising Security

Global Certifications: A Testament to Security Excellence

Hanwha Vision adheres to stringent international security and privacy standards, including the U.S. National Defense Authorization Act (NDAA) and the European General Data Protection Regulation (GDPR). The company’s products are trusted by organizations that require the highest levels of privacy and data security, including:

  • Leading, global Fortune 500 companies across many industries
  • Airports and global/regional airlines
  • The U.S. government and its agencies
  • Hospitals and healthcare networks
  • School and universities, and more

Hanwha Vision actively pursues certifications from renowned independent organizations. A sampling of top-tier certifications that Hanwha Vision has earned include:

  • UL CAP CertificationHanwha Vision’s core security camera lineup has achieved UL CAP (Cybersecurity Assurance Program) certification from UL, a global safety science leader. This certification validates the company’s commitment to rigorous security standards, including penetration testing, access control, user authentication, encryption, and software updates.
  • FIPS 140-2 Certified TPM: Many Hanwha Vision products incorporate a FIPS 140-2 certified Trusted Platform Module (TPM), a security chip that protects encryption keys and prevents data breaches in hardware.
  • TTA CertificationHanwha Vision has obtained TTA certification from the Korea Information and Communication Technology Association (TTA), ensuring the quality and security of its products.
  • ISO 27001 Certification: The company’s ISO 27001 certification demonstrates its robust information security management system, guaranteeing the systematic and secure management of sensitive information.

Secure by Design: Hanwha Vision’s Commitment to Trust

Hanwha Vision’s Wisenet7 chipset, equipped with the company’s embedded security platform module HTPM (Hanwha Trusted Platform Module), provides an additional layer of security.

Critical information is saved in the chipsets’ Secure Storage and processed through the Secure OS. The Secure Boot feature verifies the firmware during each step of the device boot phase, blocking the execution of malicious firmware.

Mutual authentication supported in Hanwha Vision’s products ensures secure communication between devices. This prevents hacking during encrypted communication and secures sensitive information from leakage or damage. Each Hanwha Vision product carries a unique device authentication, acting as a digital fingerprint to thwart large-scale data breaches.

Hanwha Vision’s Security-Computer Emergency Response Team (S-CERT) proactively monitors for and responds to potential security threats 24/7. By leveraging advanced security technologies, the team conducts regular security assessments and implements immediate countermeasures to protect customer assets.

As a designated CVE® Numbering Authority (CNA), Hanwha Vision is responsible for identifying, defining, and cataloging cybersecurity vulnerabilities. The company contributes to the global effort to make a safer cyber environment with its technical leadership.

Embracing Transparency: Software Bill of Materials (SBOM)

As open source software becomes ubiquitous, the transparency and management of components within software products have gained significant importance. The escalating threat of cyberattacks targeting software supply chains has made it imperative to implement robust countermeasures.

To further strengthen its cybersecurity protocols, Hanwha Vision will, by the end of this year, start issuing Software Bills of Materials (SBOMs).

A SBOM is a management tool that provides a historical record of the components, licenses, versions, and other relevant information included in the software, serving as a sort of ingredient list for the product. By introducing SBOMs, Hanwha Vision aims to provide even broader transparency for its products and solutions, and to facilitate the identification and management of potential security threats.

“Customer safety and trust are our top priorities. We are dedicated to protecting valuable assets against ever-evolving cyber threats,” said an official of S-CERT at Hanwha Vision. “This proactive SBOM approach is just another example of Hanwha Vision’s commitment to strengthening security across the entire software supply chain, thereby not only enhancing the quality of the company’s products and solutions, but also solidifying trust with its customers.”

Hanwha SBOM for Supply Chain Security White Paper
Download White Paper
Vulnerability Disclosures

Security Vulnerability Response Process

Upon receipt of a security vulnerability report, a Security Breach Accident Countermeasures Council is convened immediately. Reporters of security vulnerabilities can receive an initial response within 2 business days, and can receive a response regarding the manufacturer’s future action and distribution plan related to the vulnerability within 10 business days. Firmware with improved vulnerabilities and vulnerability details will not be disclosed until 90 days from receipt or until a date mutually agreed upon with the informant. For transparent and efficient management of security vulnerabilities, starting in September 2023, Hanwha Vision is participating in the CVE program as a CNA that can directly register and manage CVE vulnerabilities, and is operating a bug bounty program for internal customers.

Security Vulnerability Notice Policy
The vulnerability patched firmware is uploaded to the website together with the Vulnerability Report. The details of the vulnerability (vulnerability content, affected product information / firmware version, risk, countermeasures, etc.) are not disclosed until the patched firmware is released on the website for zero-day attack prevention. Details such as attack scenarios for vulnerabilities are not disclosed to prevent imitating attacks. If multiple products are affected by the vulnerability, corresponding firmware patches will be released concurrently.

Download
Download
CVE-2023-5037
CVE-2023-5037 (mobile)
Download
Download
2024-04-25 15_13_21-Vulnerability Report 4-2023 tile.pptx - PowerPoint
2024-04-25 15_13_21-Vulnerability Report 4-2023 tile.pptx - PowerPoint (mobile)
Download
Download
2024-04-25 15_20_35-Vulnerability Report 4-2023 tile.pptx - PowerPoint
2024-04-25 15_20_35-Vulnerability Report 4-2023 tile.pptx - PowerPoint (mobile)
Download
Download
2023-12-13 11_31_43-Vulnerability Report 4-2023 tile
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Penetration Test Reports
Download
Download
Download
Download
Download
Download
Download
Download
Download
Download
Cybersecurity Guides
Download
Download
Download
Download
Download
Download
Download
Download