Secure by design, secure by default: self-certification scheme launched

Surveillance Camera Commissioner

June 20
08:00 2019

Today on the worlds first Surveillance Camera Day Tony Porter, the Surveillance Camera Commissioner, is launching another global first: secure by default/secure by design minimum requirements for manufacturers of surveillance camera systems and components.

Several high profile and well publicised compromises of systems demonstrated that they were being left live and internet-facing in an unacceptable security configuration. Some of these compromises, like Mirai botnet, that brought down social media and financial websites across the globe, also showed the root cause was down to poor design and manufacturing.

Driven by the need to ensure the UKs resilience against this and other forms of cyber security vulnerability, as well as to provide the best possible assurance stakeholders, the new minimum requirements are an important step forward for manufacturers, installers and users alike.

The work has been led by Mike Gillespie, cyber security advisor to the Commissioner (Advent IM) and Buzz Coates (Norbain) and developed in consultation with manufacturers (Axis, Bosch, Hanwha, Hikvision and Milestone Systems). Its been designed by manufacturers for manufacturers.

Mike Gillespie said,

If a device comes out of the box in a secure configuration, theres a good chance it will be installed in a secure configuration. Encouraging manufacturers to ensure they ship their devices in this secure state is the key objective of these minimum requirements for manufacturers. Manufacturers benefit by being able to demonstrate they take cyber seriously and their equipment is designed and built to be resilient. Installers and integrators benefit from the introduction of the requirements by not having to know how to turn dangerous ports or protocols off during the installation. End users benefit because they know they are buying equipment that has demonstrated it has been designed to be resilient to cyber-attack and data theft.

Manufacturers can demonstrate they meet the minimum requirements by completing a self-certification form and submitting it to the Commissioners office for validation. If successful they will be able to list the component or system as certified by the Commissioner and will be able to display his certification mark.

Tony Porter said:

It has been an enlightening and positive experience working with manufacturers toward a common goal and its a genuine first and furth

Related Articles


  1. We don't have any comments for this article yet. Why not join in and start a discussion.

Write a Comment

Your name:
Your email:

Post my comment

Recent Comments

Follow Us on Twitter

Share This

Enjoyed this? Why not share it with others if you've found it useful by using one of the tools below: