Hanwha Vision is ready to meet CRA and NIS 2 cybersecurity regulations
November 2023 by Marc Jacob
Hanwha Vision has announced its preparedness for the upcoming Cyber Resilience Act (CRA) and Network and Information Security Directive 2nd Edition (NIS 2) expected to come into force in 2024. With a longstanding commitment to cybersecurity best practice and global compliance, Hanwha Vision announced its readiness with the upcoming regulations, prior to them being ratified into European Union law, to better prepare affected firms, and give users peace of mind.
The EU’s CRA is a regulation that sets minimum cybersecurity requirements for products with digital elements. Under this regulation, products including video cameras must be designed and developed with security in mind, protected against known vulnerabilities and updated regularly with security patches. Users must also be provided with detailed information about product security features and how to use them securely. Although the Act is still being deliberated by the European Parliament and Council, Hanwha Vision is already following the guidelines with the CRA owing to the comprehensive cybersecurity processes it has implemented.
Likewise, NIS2 is a directive adopted by the European Parliament and the Council of the European Union in December 2020. EU member states are expected to comply with NIS2 by October 2024, in order to meet specific measures aimed at improving the cybersecurity of network and information systems across the EU. As a Digital Service Provider, Hanwha Vision must conduct regular risk assessments to identify and assess any risks to its networks and information systems, implement appropriate security measures to mitigate any risks identified in assessments and report cybersecurity incidents to national authorities.
Hanwha Vision has been hardening its security measures for many years, including removing chipsets manufactured in blacklisted countries from its products, and manufacturing in South Korea and Vietnam. These and other measures have contributed to Hanwha Vision’s compliance with the US’ National Defense Authorization Act (NDAA). As an indicator of responsible design and trusted cybersecurity, the NDAA is also used across Europe, with Hanwha Vision’s products relied on in many sensitive Government, defence and commercial applications in the region.
Hanwha Vision is also one of the few video device manufacturers to achieve the UL CAP certification for its Wisenet 7 chipset cameras. The Wisenet 7, Advanced System On Chip (SoC) offers the highest levels of cybersecurity possible with its own device certificate issuing system, as well as Root CA, Secure Boot, Secure Storage, Secure OS, Mutual Authentication, App Verification, and more.
To facilitate a rapid response to possible security vulnerabilities, Hanwha Vision operates a security vulnerability response team (S-CERT). As well as responding to new threats and vulnerabilities, S-CERT carries out regular penetration testing and security checks. Hanwha Vision is also committed to disclosing any potential vulnerabilities as per its Security Vulnerability disclosure policy and was recently authorised by the CVE Program as a CVE® Numbering Authority. This allows Hanwha Vision to identify, define, and catalogue publicly reported cybersecurity vulnerabilities for the benefit of users, partners and the wider information technology and cybersecurity communities.