UK PSTI Act Cybersecurity Compliance Examined
Hikvision has been marketing compliance for the UK's Product Security and Telecommunications Infrastructure (PSTI), but what does PSTI consist of, who supports it, and what does it say about surveillance product cybersecurity?
In this report, we examine the legislation, how it regulates cybersecurity, what improvements it brings to cybersecurity, what it does not signal or show about cybersecurity, and who does or does not support it.
Executive *******
** ** *** *** **** ********** having **** ********* ****** ** ****, as ********* *** ** ****** ************* already **** ***** ***** ************* ************. However, ******* ********* ** *********** *** be ******** ** **** ********* ** not ******* *** **** ** ******** here.
*****'* ******* ****** *** ******** ************** (PSTI) ******* **** ****** ** ***** **, 2024. ******* ** ****** **** *** Act ** * ******** ******* **** can **** ** ***** ** ** to £** ******* ** *% ** global *******.
Hikvision *********
********* ******** *********** ********** **** **** **********:
3 ************ ******* **** **** ** *** ***
*** ** **** *** ** ***** on*** **** ** *** *** ******** (see *** *********), ******** ***** *****:
- *** *********** ** ****** ******* ******* passwords,
- *** *********** **** *** ************ **** a ************* ********** ******
- *** *********** ** ******* ******* *** devices.
*** **** *********** ****, *.* ******** ****:
Default *** ****** ******* ********* **********
*** ** **** *** *********** ********* *** ****** ******* *********, ***** **** ****** *** **** video ************ ************* ** **** *** resulted ** *********** ***** ******, ***** *** **** 3 ******* ******** *******, ************** *** *** ****, *** **** ******* *********** ** *******, ************** ********* ** ****.
****-***** *** ****** ********* **** ** "admin", "********", *** "*****" *** ********** and **** ****** ** *** ** the **** **** *** ****** ** initialized ** ******** **** ****** ********* for **** ********** ******.
*****, ** ****, ********* *** ***** surveillance ************* ******* ***** ** ****** or ****** ********* ****** ****** **************.
Disclosure ********
************* **** **** *********** ************* ********** policies **** ****** *********** ************* ********** (CVD) *********.
************* ******** ******* **** ********. *******, how **** **** ****** ***** ******** and *** ******** **** ** ******* to ******* ******* * *******, ****** is ****** *** ***** ** *** PSTI's ************.
Support *******
******* ******* *** ******** **** ** published *** **** ** **** *** users.
*******, **** ********** **** *** ****** nor ******* *** ******** ******* ******, so *** **** ******* **** ******** could **** *************** ****** *** ****** support **** *** *** *******.
£10m ** *% ** ****** ******* *****
************* *** ** ***** ** ** £10 ******* ** *% ** ***** global *******, ********* ** ******* ** they ***'* ****** **** *** ** PSTI ***, ** ***** ******** ***** ******** ****** (****)******:
**** ***** ******* *** ************ ******* the **, *** *** **** *** also ******* ** *** ************* ********* or ********* ******** *** *** ** market.Failure ** ****** **** *** *** ** * ******** *******, **** ***** ** ** £** ******* ** *% ** ********** ********* ******* (********* ** ******). [emphasis added]
***** **** ** * *********** ********* risk, ***** *** ***** ***** ************ are *** *** ****** ********* **** are ** **** *****, ** ** not * **********, ********* ***.