In the wake of issuing an internal advisory on securing CCTV cameras at government establishments from cyber attacks and tampering, the IT ministry has come out with a gazette notification mandating encryption of such data. The Ministry of Electronics and Information Technology (MeitY) said in a notification that vendors will have to ensure network security of CCTV systems by "employing encryption of data transmission" and deploy penetration testing to assess resistance to cyberattacks.
"Vendors shall provide the documentation regarding the security measures implemented in the device to prevent tampering of the data being sent through wireless mode of communication," the April 9 notification said.
MeitY amended the Electronics and Information Technology Goods (Requirement of Compulsory Registration) Order of 2021.
The MeitY notification says vendors will have to verify that wireless communication about CCTVs is sent over encrypted channel, besides identifying all security mechanisms being used in the communication process. Vendors are also directed to use "tamper-resistant camera enclosures and locking mechanisms to deter physical tampering".
Vendors will also have to ensure a role-based access protocol and to regularly review the permissions given to personnel to prevent unauthorised access.
In March, the IT ministry issued an internal advisory on CCTV security after several ministries and departments raised security concerns about CCTV cameras and hardware testing of such devices.
"Some of the growing risks associated with CCTV systems include data security, privacy breach, hacking and cyber-attack etc. Various incidents have also been reported due to security flaws in the surveillance cameras," the advisory issued on March 11 said.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.