Railways’ video surveillance system project stumped by lack of cyber security clearance

After facing hurdles in the implementation of CCTV surveillance systems at major railway stations across the country, the Ministry of Railways has flagged a critical cyber safety issue involving national security with the NITI Aayog.

As part of enhanced security measures, the railways are implementing a Video Surveillance System at hundreds of railway stations in a phased manner. The project is being financed through the Nirbhaya Fund controlled by the Ministry of Women & Child Development.

Though funds were sanctioned and tenders finalised, there has been an inordinate delay in commencing the work since the Original Equipment Manufacturers (OEMs) of the surveillance cameras are reluctant to get cyber security testing done by the Standardisation Testing & Quality Certification (STQC) Directorate, Ministry of Electronics and Information Technology.

Also read: Four years on, mission to install CCTVs at railway stations derails

Despite constant reminders and follow-up by the Ministry of Railways with the service providers after the contract agreements were placed, not a single camera manufacturer got cyber security clearance from the STQC Directorate, sources in the railways told The Hindu.

“The OEMs are reluctant to get the testing done for reasons best known to them and not showing interest in the CCTV projects of the railways since only we are insisting on cyber security clearance of cameras and its components to ensure security. However, the cyber security clearance is not being insisted on for other surveillance camera projects funded by the Union Government like the smart cities,” a senior railway official said.

Security audit mandatory

In a meeting convened by NITI Aayog on July 30, 2019, involving top officials of the Ministry of Railways, Research Designs & Standard Organisaton, RailTel Corporation of India Ltd. etc., it was decided to make security auditing and testing mandatory for data protection.

To ensure the security of the camera and network from vulnerabilities & breaches and discourage false undertaking from OEMs, it was decided that security auditing and testing be carried out by reputed agencies like CERT-IN or STQC at the time of Proof of Concept (POC) as…