The china “essential security parameters” of CCTV cameras supplied in India must now be tested, according to an amendment made by the government to the mandatory registration order.
Following a series of discussions about how to prevent Beijing from allegedly spying on India through a network of CCTV cameras with Chinese origins that are put throughout government and military buildings, the Union government has released safety guidelines that prioritize national security.
Since the certification for surveillance cameras with Chinese origins primarily considered factors like fire hazard or durability, rather than security or snooping issues, the Indian government has not yet had a way to verify the installation of these cameras.
Pakistan vs New Zealand,1st T20I Live Streaming: When and where to watch on television and online.
But early last week, the Union ministry of electronics and information technology (MeitY) amended the compulsory registration order (CRO) for CCTV cameras sold in India. This amendment makes the testing of ‘essential security parameters’ of all CCTV cameras mandatory. Given the massive network of such cameras, the new regulation comes into effect on October 9 this year, thereby allowing manufacturers sufficient time to adapt.
Prioritising national security in such matters is crucial, especially given the sensitive nature of government and military establishments. Setting up guidelines to monitor and certify these surveillance cameras on the security aspect is a prudent move.
India is estimated to have over two million surveillance cameras, installed at every nook and corner. Out of these, around a million cameras made by Chinese companies are installed in various government institutions, posing a serious risk of snooping. It is suspected that CCTVs being deployed in most Indian government projects are of Chinese origin—imported from China and supplied as Made in India. This is a threat to national security.
It is estimated that the market penetration of Chinese CCTVs is over 80 percent for domestic and over 98 percent for government installations. As experts say, countries no longer need to send spies across the border. Such suspect CCTVs become the eyes of any country aiming to do mischief. Such cameras are the best tool for technical intelligence. The unchecked proliferation of such devices across India is a grave security risk.
There is the threat of China snooping on India through hundreds of thousands of such surveillance cameras, with security experts flagging serious concerns about the security threat.
In last week’s notification, dated April 9, MeitY made the testing of ‘essential security parameters’ of CCTV cameras mandatory. The notification also mandates that test reports from the Bureau of Indian Standards (BIS)-recognized labs, such as the Standardisation Testing and Quality Certification, would need to be submitted by manufacturers.
Reacting to the guidelines, Lieutenant General Rajesh Pant (retired), former national cyber security coordinator for India’s National Security Council and also chairman of the Cyber Security Association of India, told INDIA TODAY that the proliferation of CCTVs in the country without any security checks had created a major vulnerability for national security since most of these devices were imported from the country of concern. This has led to remote surveillance and loss of data. “The notification by MeitY is a long-awaited and welcome step by the government to ensure that essential security parameters are built into these devices. I hope this is extended to all IoT (internet of Things) devices in the future,” Lt Gen. Pant said.
On March 6, MeitY issued a notification for public procurement of CCTVs for essential testing of critical security parameters and giving details for local content calculations. The requirement of verification of the trusted source for sourcing the critical hardware components related to security functions is of special significance. They don’t allow proprietary network protocols or give implementation schedules and source code, and verification of all codes including third parties.
Further, one of the amendment’s primary features is the confirmation of reliable sources for crucial hardware parts associated with security operations (such as system-on-a-chip or SOC). In addition, it forbids the use of proprietary network protocols without source code disclosure and implementation timetables.
Prof. N.K. Goyal, chairman emeritus, the Telecom Equipment Manufacturers Association of India, had been highlighting the issue for a long. Relieved by the government order, he said: “The government has stepped in to ensure that all CCTV cameras deployed in India are free of any national security concerns and that the major components of CCTV/ video surveillance are built by trusted sources on a reliable basis. Goyal added that this would go a long way in ensuring that CCTV/video surveillance systems deployed in the country do not compromise national security.
As for compliance with BIS being a check on CCTVs rigged for snooping, industry insiders say CCTV cameras/ recorders were to date covered in the CRO Phase III (with effect from May 23, 2018). However, the same standard applies to mobile phones, cash registers, laptops, set-top boxes, power banks, scanners, etc. But these BIS norms only mention human hazards such as fire or their durability, and not national security aspects.
However, in addition to the national security threat, there is a huge economic impact in terms of billions of dollars lost in cheap and under-invoiced imports and a lost opportunity to become a net exporter of hardware through actual manufacturing with transfer of technology against just factory assemblies. The global CCTV market is expected to grow to approximately $46.52 billion at a 13.1 percent CAGR (compound annual growth rate) during the forecast period of 2020-2030.
The issue hit Parliament sometime back when Minister of state for Communications and electronics & IT Sanjay Dhotre informed the Lok Sabha that around one million CCTVs from Chinese companies were installed in government institutions. “There are vulnerabilities associated with video data captured through CCTV cameras being transferred to servers located abroad,” Dhotre said.
The minister was speaking about video security surveillance (VSS), which is more than CCTV and being connected to a telecom network. The VSS also contains a video network recorder by which all images are connected to a telecom network and then stored and analyzed. That is where national security risks crop up as data can be transferred to anyone.
Intelligence agencies’ biggest fear is the continuous deployment of technology of Chinese origin across the entire nation through VSS. Security agencies fear Chinese companies and their Indian partners are sending regular data to China through backdoor access with their CCTVs installed in almost all smart cities, state police, highways, airports, metro rails, ministries, including the Ministry of Home Affairs, and Organisations.
Surveillance cameras are also china being used extensively for military establishments. It’s all a serious threat to national security due to proven data transfer to the Chinese intelligence establishment. As per the China Intelligence Law, 2017, these companies are duty-bound to share all their data and access to the sites with the Chinese intelligence. The Chinese government-owned companies are directly, or through their Indian subsidiaries, joint ventures, or distributors, supplying VSS hardware and software.
A couple of years ago, the Integrated Defence Headquarters china of the Ministry of defence (MoD) flagged serious concerns over Chinese-origin CCTVs at naval installations. The internal note by the Integrated Defence Headquarters—seen by INDIA TODAY—stated that one of the market leaders in surveillance cameras is Hikvision, which has 41 percent Chinese government holding and is operating in India through an Indian company’s collaboration.
“The modules of these camera systems are supplied by the Chinese firm. However, these products are marketed as Made in India,” claims the MoD note. It added that this loss (of data) could be through programmed or coded servers or embedded hardware for wi-fi or SIM-based connectivity, or during maintenance or replacement from the memory/cache of the CCTV and other surveillance systems.
After the border incursions in Ladakh by Chinese troops in July 2020, the Union Finance Ministry’s Department of Expenditure issued GFR ( General Financial Rule) 144 XI (on July 23, 2020) to ensure that Chinese companies do not directly, or through their Indian/Chinese subsidiaries, participate in procurements without prior registration with the Department for Promotion of Industry and Internal Trade (DPIIT).
Reader Interactions