Government mandates new rules for CCTV cameras: Here's what the order says

The Ministry of Electronics and Information Technology ( MeitY ) has taken a strong step to improve CCTV security in government establishments. This comes after an internal advisory issued in March regarding potential cyberattacks and data tampering

Weak CCTV security can lead to unauthorized access, compromising privacy and potentially granting control of cameras to attackers.

Hacked systems can even become launching points for further network breaches. Websites like Insecam demonstrate the real-world consequences of weak passwords, allowing access to live streams from compromised cameras worldwide.

New Regulations for CCTV manufacturers

• Encryption is Mandatory: CCTV vendors must now ensure data transmission is encrypted to safeguard information.
• Penetration Testing Required: Regular penetration testing will assess CCTV systems for vulnerabilities to cyberattacks.

Wireless Security Focus: Documentation detailing security measures to prevent tampering with wirelessly transmitted data must be provided by vendors. The notification emphasizes verifying encrypted channels for wireless communication.

Physical Security Measures: Vendors are required to use tamper-resistant enclosures and locking mechanisms for CCTV cameras.

To prevent unauthorized access, MeitY mandates role-based access protocols for CCTV systems. These protocols involve assigning permissions only to authorized personnel, followed by regular reviews to ensure continued validity.

Why the need for new CCTV rules
The new regulations follow concerns raised by various ministries and departments regarding CCTV security. In March, an internal advisory highlighted the growing risks associated with CCTV systems, including data breaches, privacy violations, and cyberattacks. The advisory also discouraged procurement from vendors with a history of security incidents.

This move by MeitY signifies a proactive approach towards strengthening India's cybersecurity posture.