Skip to main content
Bosch Security and Safety Systems I Nordics
Video systems

Data and cybersecurity for a reliable and compliant video system

Cybersecurity in the digital age

As more video security cameras connect to the Internet of Things (IoT), the role of video security is changing. Cameras are no longer part of a “closed” system, solely focused on gathering, recording, and viewing images. They are transitioning into intelligent sensors that collect significantly more data than video security images alone. And since video data is often highly critical and sensitive, every component of the video security infrastructure, including cameras, storage devices, network communication, Public Key Infrastructure (PKI), and video management software, needs to be addressed. The surge in data collection also increases the risk of cybercriminals looking to steal sensitive data.

Secure server and IT environment with icon cloud

By 2030, it is expected that over 29 billion devices will be connected to the Internet.

─ Statista Research 2022

Getting to future-proof and compliant solutions

Bosch security camera portfolio

Cybersecurity has consistently remained a top priority in the face of escalating digital threats and interconnectedness. Our approach aims to establish trust, safeguard data, manage user access, and enhance data security to uphold the most stringent reliability benchmarks. We understand that as connectivity and data collection evolve, so do the regulations surrounding their protection. These include, but are not limited to, the European Union’s Network and Information Security Directive (NIS2), and the Cyber Resilience Act (CRA).

Our commitment to continuous improvement is a cornerstone of our operations. We are committed to staying ahead of the curve and continually working to meet both current and future government compliance requirements in the video security industry. We are actively engaged in taking the necessary actions to ensure our products are in line with the standards defined by government purchasing and trade agreements organizations, including the National Defense Authorization Act (NDAA) and the Federal Acquisition Agreement onTrade Agreements (FAAR) in the United States.

Certifications

We provide comprehensive tools, documentation, and training to mitigate risks and safeguard our products and services. Our robust policies, processes, and third-party certifications ensure our security measures are always up to date. As a result of our sustained efforts, we have achieved critical cybersecurity certifications, indicating that we are doing the right things beyond the competition.

Logo Underwriters Laboratories

UL 2900-2-3 Certified

Standard for Safety and Software Cybersecurity for Network-Connectable Products

  • Includes penetration testing on our products to probe for vulnerabilities.
  • Our certification is device-specific up to level 3

“Certification to the UL 2900 Series of Standards is the highest recognition of cybersecurity due diligence and helps demonstrate that a product is secure to modern standards." − UL Cybersecurity Assurance Program (UL CAP)

Logo IEC

IEC 62443-4-1 Certified

Security for industrial automation and control systems

  • Focuses on the processes and definitions around developing and creating secure products.
  • Proves that Bosch can ensure a secure development process.

Requirements assessed include security management, security requirements, secure by design, secure implementation, security verification and validation testing, management of security-related issues, security update management, and security guidelines.

US government compliance regulations

US government regulations on purchasing and trade agreements

We continually work to meet current and new government compliance requirements, and we aim for continuous improvements to our products through collaboration with our government customers. Many products offered are compliant with section 889 of the National Defense Authorization Act for Fiscal Year 2019 [Pub. L. 115-232] (NDAA 889) and the Trade Agreements Act (TAA).

10 leading measures to ensure data and cybersecurity

We embrace the highest standards when developing and manufacturing products, ensuring optimum data security and cyber resilience in every network-connected device. Since 2004, we have integrated crypto co-processors, certificates, closed operating systems, and signed firmware into all our products, including cameras, storage devices, and network communications – all to help you build a reliable and compliant system.

Embedded login firewall

  • Focus on blocking threats, not functionality
  • An intelligent login firewall you can count on

Secure Element

  • We set the standard with the most future-proof Secure Element with Trusted Platform Module (TPM) functionality
  • Supports 4096-bit keys

Password enforcement

  • Security first: set a password, then connect

Minimum TLS 1.2

  • Transport Layer Security (TLS): a cryptographic protocol that provides secure communication
  • A minimum version of TLS provides maximum security

Simple Certificate Enrollment Protocol (SCEP)

  • Simplifies cybersecurity at scale
  • An easy way to deploy and manage certificates on cameras

Software sealing

  • Changes to a sealed camera configuration will trigger an alarm
  • Protects against unintentional or unauthorized changes

Encrypted firmware

  • Verifies firmware authenticity and prevents malware insertion

Cloud firmware check

  • Stay up-to-date at all times
  • Checks Download store for new firmware automatically

Session timeout

  • Manage how long a configuration session can be left unattended

Secure by default

  • Security by default, closed until you say it is open

Maximize resilience

Users can rely on BVMS for maximum resilience with continuous live video and playback, no matter the interruption. The video management system keeps operations running even if both management and recording servers fail. BVMS uses Advanced Encryption Standard (AES), preventing unauthorized access to sensitive data. It also offers extensive user management to ensure only authorized users can access video data.

Your trusted partner for peace of mind

We deliver security solutions that are:

Predictive-ready, supporting data-driven decision and proactive responses to minimize risk

Secure, cyber-resilient, and compliant to maximize peace of mind in a connected world

Designed to perform, last, and be accessible no matter what, empowering you to focus on your business

Product security throughout the life cycle

Security with supplier Security engineering process Vulnerability and incident management
Security with supplier
We have high-quality requirements for purchased products. To ensure the security of purchased products, modules, and components, we evaluate each supplier concerning product security as an integral part of our purchasing process.
Security engineering process
Whenever we develop a new product, we conduct a comprehensive threat and risk analysis and create an individual security concept for the product and its integration into a complete solution. We ensure product security with comprehensive security and penetration testing during the design phase and before release. Any updates, patches, or upgrades will undergo the same rigorous tests and only be deployed once they have proven secure.
Vulnerability and incident management
Because requirements are constantly changing, 100% security is never guaranteed. Therefore, a structured vulnerability and incident management process is established to professionally manage potential product security vulnerabilities and incidents. Visit the Security Advisories webpage to get the latest information about identified security vulnerabilities and proposed solutions.

In addition, we have established a global Product Security Incident Response Team (PSIRT) that is the central point of contact for external security researchers, partners, and customers to report product security concerns.

Resources and tools

Learn more about data security

download icon

IP video and data security guidebook

 

download icon

Network Authentication white paper

 

Speak with an expert

Our experienced and trained technical support team can help you build and configure a secure and compliant system wherever you are.

Share this on:

Explore more