Centre asks States to not procure CCTVs from suppliers with history of security, data breaches

While MeiTY did not mention any specific brands of CCTV cameras to avoid in its memorandum, it urged States to procure cameras made in India, or equipment that was certified in accordance with norms set by Bureau of Indian Standards

May 01, 2024 11:08 pm | Updated 11:08 pm IST - New Delhi:

The MHA memorandum comes in the wake of a series of guidelines issued by the Ministry of Electronics and Information Technology since March after various ministries raised concerns regarding the security implications associated with CCTVs and other Internet of Things devices. Image for representation. File

The MHA memorandum comes in the wake of a series of guidelines issued by the Ministry of Electronics and Information Technology since March after various ministries raised concerns regarding the security implications associated with CCTVs and other Internet of Things devices. Image for representation. File | Photo Credit: The Hindu

The Union Ministry of Home Affairs (MHA) has asked all States and government departments to avoid procuring CCTVs, its allied solution and hardware, from suppliers who have a “history of security and data breaches.”

The MHA memorandum comes in the wake of a series of guidelines issued by the Ministry of Electronics and Information Technology (MeITY) since March after various ministries raised concerns regarding the security implications associated with CCTVs and other Internet of Things (loT) devices. In a March 11 advisory, MeITY said that “various incidents have also been reported due to security flaw in the surveillance cameras.”

The advisory titled “Threat of Information Leakage through CCTV/ Video Surveillance system (VSS)/ Digital Video Recorders /Network Video Recorders” said that “while surveillance technologies undoubtedly offer a range of benefits and are valuable tools for monitoring and security, they also raise certain concerns and risks. Some of the growing risks associated with CCTV systems include data security, privacy breach, hacking and cyberattack etc.”

On March 6, MeITY amended the public procurement order for CCTVs and video surveillance systems and on April 9 amended the Electronics and information Technology Goods (Requirement of Compulsory Registration) Order, 2021 to tighten the norms.

In an advisory issued on April 26, the MHA advised all government agencies to adhere to the guidelines outlined within the ambit of the Public Procurement Orders by MeITY “to safeguard the overall security and integrity of CCTV cameras and IoT devices.”

While MeiTY did not mention any specific brands of CCTV cameras to avoid in its March memorandum, it urged States to procure cameras made in India, or equipment that was certified in accordance with norms set by the Bureau of Indian Standards.

However, last March, the Indian Computer Emergency Response Team (CERT-in) flagged “vulnerabilities” in some foreign firms’ equipment. These firms are Chinese firms Hikvision, Milesight and Dahua; Germany-headquartered Mobotix, ABUS and Bosch.

The MeiTY advisory also suggested restricting physical access to the CCTV control room and equipment and to ensure all communication between cameras, recorders, and viewing devices is encrypted. “This prevents unauthorised individuals from intercepting and accessing sensitive information,” MeITY said.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.