A month after it issued an internal advisory on securing CCTV cameras at government establishments from cyber attacks and tampering, the IT ministry has come out with a gazette notification mandating encryption of such data.
Vendors will have to ensure network security of CCTV systems by "employing encryption of data transmission" and deploy penetration testing to assess resistance to cyberattacks, the Ministry of Electronics and Information Technology (MeitY) said in a notification.
"Vendors shall provide the documentation regarding the security measures implemented in the device to prevent tampering of the data being sent through wireless mode of communication," the April 9 notification said.
It amended the Electronics and Information Technology Goods (Requirement of Compulsory Registration) Order of 2021.
Weak security can allow unauthorised access, potentially granting threat actors a view of one's property or even control of the cameras. Hacked CCTVs can become a launchpad for further attacks on one's network.
There are websites such as Insecam which livestream hacked private CCTV cameras worldwide. Most such cyberattacks happen due to weak passwords.
Encryption paramount
The MeitY notification says vendors will have to verify that wireless communication about CCTVs is sent over encrypted channel. For that, they will have to identify all security mechanisms being used in the communication process.
Vendors should use "tamper-resistant camera enclosures and locking mechanisms to deter physical tampering".
Vendors will also have to ensure a role-based access protocol and to regularly review the permissions given to personnel to prevent unauthorised access.
In March, the IT ministry issued an internal advisory on CCTV security after several ministries and departments raised security concerns about CCTV cameras and hardware testing of such devices.
"Some of the growing risks associated with CCTV systems include data security, privacy breach, hacking and cyber-attack etc. Various incidents have also been reported due to security flaw in the surveillance cameras," the advisory issued on March 11 said.
The ministry had advised government departments and ministries to avoid procuring equipment from suppliers who have history of security and data breaches.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
