Image used for representational goal.
| Photo Credit: Getty Images
After dealing with hurdles within the implementation of CCTV surveillance programs at main railway stations throughout the nation, the Ministry of Railways has flagged a essential cyber security problem involving nationwide security with the NITI Aayog.
As half of enhanced security measures, the railways are implementing a Video Surveillance System at lots of of railway stations in a phased method. The project is being financed by means of the Nirbhaya Fund managed by the Ministry of Women & Child Development.
Though funds have been sanctioned and tenders finalised, there was an inordinate delay in commencing the work because the Original Equipment Manufacturers (OEMs) of the surveillance cameras are reluctant to get cyber security testing completed by the Standardisation Testing & Quality Certification (STQC) Directorate, Ministry of Electronics and Information Technology.
Also learn: Four years on, mission to put in CCTVs at railway stations derails
Despite fixed reminders and follow-up by the Ministry of Railways with the service suppliers after the contract agreements have been positioned, not a single digital camera producer bought cyber security clearance from the STQC Directorate, sources within the railways advised The Hindu.
“The OEMs are reluctant to get the testing done for reasons best known to them and not showing interest in the CCTV projects of the railways since only we are insisting on cyber security clearance of cameras and its components to ensure security. However, the cyber security clearance is not being insisted on for other surveillance camera projects funded by the Union Government like the smart cities,” a senior railway official stated.
Security audit obligatory
In a gathering convened by NITI Aayog on July 30, 2019, involving prime officers of the Ministry of Railways, Research Designs & Standard Organisaton, RailTel Corporation of India Ltd. and many others., it was determined to make security auditing and testing obligatory for information safety.
To make sure the security of the digital camera and community from vulnerabilities & breaches and discourage false enterprise from OEMs, it was determined that security auditing and testing be carried out by reputed businesses like CERT-IN or STQC on the time of Proof of Concept (POC) in addition to on the time of completion of project.
“In case any security breach is found in the system at any stage, including at POC level, the contract should be terminated. Before bulk supply and installation of the cameras and other components, the POC should be done and same evaluated by a competent technical team. The source code of the camera software should be taken from the supplier/OEM. If these conditions are fulfilled, the country of origin of the cameras is immaterial,” the official, quoting the resolutions handed within the NITI Aaayog assembly, stated.
The official stated the aim of insisting on the cyber security clearance was to rule out vulnerabilities as many OEMs are primarily based outdoors of India and supplying merchandise by means of their sellers in India. “It appears that many surveillance systems have already been implemented or in various stages of implementation without the cyber security clearance of the STQC directorate,” he stated.
Security considerations
The Railway Board has written to Chief Executive Officer, NITI Aaayog, stating that the cyber security clearance was mandated by the railways whereas it was not vital for different initiatives like metropolis surveillance, sensible cities and many others., and therefore OEMs weren’t giving precedence to refer their merchandise for security audit and testing.
Enforcing the rule of cyber security clearance for cameras and related software program put in in all authorities initiatives “will ensure overall security concerns in the country and will mandate camera OEMs to get their products complied with cyber security standards”, the letter stated.
According to railway sources, RailTel is offering Internet Protocol-based Video Surveillance System at railway stations and prepare coaches throughout the railway community. The system would have video analytics and facial recognition software program backed by Artificial Intelligence to make sure proactive high-tech security at railway stations. The goal is to supply the surveillance system at 6,049 stations and 14,000 plus coaches in numerous phases.
In the primary section of the project, the railways finalised businesses for executing the work overlaying 756 railway stations by January 2023. However, the goal time for finishing the project will now be delayed.
