Month: February 2025

ADITYA KHEMKAMD, Aditya Infotech Ltd. Standards are not merely guidelines; they are the foundation of trust in a rapidly evolving technological world. In India, the IoTSCS Essential Requirements (ER) Certification for Security administered by STQC under the Ministry of Electronics and Information Technology (MeitY), has emerged as a cornerstone of credibility in the surveillance industry. It assures quality, security, and compliance with the stringent requirements of the nation’s digital ecosystem. For security and surveillance products, the certifications by STQC-certified labs signify a commitment to excellence, especially in combating cyber threats and ensuring adherence to the Public Procurement Order (PPO) and BIS Compulsory Registration Order (CRO) guidelines. Regulatory Frameworks Governing CCTV Certification CCTV manufacturers and suppliers in India are now subject to two key regulatory frameworks that dictate compliance requirements: Both frameworks aim to ensure cybersecurity compliance, but they differ in scope, timelines, and mandates. Differences between PPO and BIS Mandates Aspect PPO BIS CRO Scope Government procurement General sales in the Indianmarket Effective Date June 6, 2024 April 9, 2025 Certifications Required Essential Requirements(ER) Essential Requirements(ER) & Safety Requirements Impact of Non-Compliance Disqualification from government contracts Ineligibility for generalsales in India What is the Essential Requirements (ER) Certification for Security About? The ER Certification is more than a mark of quality; it’s a comprehensive evaluation of a product’s ability to withstand the challenges of the modern security landscape. In the surveillance industry, it focuses on critical domains like cybersecurity standards, safeguarding against vulnerabilities like unauthorized access, hacking, or data breaches and supply chain mitigations. Security testing evaluates the resistance of hardware and software to cyber threats and unauthorized access, while supply chain verification ensures compliance with PPO guidelines for essential requirements. Together, these measures create a fortified framework for ensuring the reliability and integrity of surveillance solutions. Objectives of the Essential Requirements (ER) Certification The primary objectives of the ER Certification in the surveillance sector include: Enhancing Cybersecurity: Ensuring that surveillance systems are resilient to cyber threats and unauthorized intrusions. Promoting Trust: Providing assurance to stakeholders that certified products meet stringent quality and security benchmarks. Compliance with PPO & CRO Guidelines: Verifying the supply chain to ensure adherence to the Essential Requirements (ERs) outlined by the government. Boosting Indigenous Manufacturing: Encouraging Makein- India initiatives by certifying products developed within the country. Scope of Essential Requirements (ER) Certification In the surveillance industry, the scope of the ER Certification encompasses: Security Testing: Assessing hardware and software for vulnerabilities, resistance to cyberattacks, and ensuring robust data encryption. Supply Chain: Trusted supply chain verification to ensure that the critical components are sourced from trusted source and are not counterfeited. For instance, surveillance systems employed in traffic management projects – such as ANPR cameras at toll booths or facial recognition systems in airports – rely on the ER Certification to guarantee their performance and reliability. Importance of Essential Requirements (ER) Certification in India In an era where data breaches and cyber threats are rampant, the significance of the ER Certification cannot be overstated. For the surveillance industry, it: Strengthens Cybersecurity: By mandating rigorous security testing, it ensures that surveillance systems are equipped to protect sensitive data. Builds Credibility: Certified products gain a competitive edge in government and private sector projects.Enforces Accountability: Through supply chain verification, it ensures that all components and processes comply with national standards. Supports National Security: By certifying systems resistant to tampering and breaches, it safeguards critical infrastructure. Impact of these Mandates on the Industry Manufacturers: Manufacturers must align their production and testing processes to ensure all CCTV products meet the Essential Requirements and safety standards. This involves partnering with STQC-certified labs, updating software, and possibly redesigning products to eliminate cybersecurity risks. Distributors and Retailers: Distributors and retailers need to be vigilant about sourcing compliant products. Non-compliant stock will become unsellable after the April 2025 deadline in the market, leading to potential losses.End Users: Government agencies are already required to procure compliant products, while general consumers will benefit from enhanced security features in CCTVs once the BIS mandate is fully enforced. Certification Process The ER Certification process is rigorous, involving: Application Submission: Manufacturers provide detailed documentation on product specifications and compliance with ERs. Testing and Evaluation: Comprehensive security testing of hardware and software to identify vulnerabilities and ensure resilience. Supply Chain Mitigation Verification: Scrutinizing the origin and compliance of components with PPO guidelines. Final Approval: Upon meeting all requirements, certification is granted, reinforcing trust and credibility. Key Areas of Testing In the surveillance industry, STQC testing primarily focuses on: Security Testing: Examines resistance to cyber threats, unauthorized access, and data breaches. It ensures robust encryption and secure communication protocols. Supply Chain Mitigation Verification: Evaluates adherence to PPO guidelines, ensuring transparency and compliance in sourcing components. Essential Requirements (ER) Certification in the Surveillance Industry The surveillance industry, being critical to national security, benefits immensely from the ER Certification. By certifying products against cyber threats and ensuring compliance with supply chain guidelines, its aimed at creating a robust framework for safeguarding sensitive areas such as: Smart Cities: Certified surveillance systems play a vital role in monitoring urban areas. Critical Infrastructure: Ensures the security of airports, railways, and power plants. Public Safety: Enhances law enforcement capabilities with secure and reliable CCTV systems. STQC Certified CP PLUS Product Line An industry leader, CP PLUS demonstrates the transformative potential of the ER Certification in the security and surveillance landscape. With an extensive range of STQC-certified products, the company sets new benchmarks in quality and reliability. Certified Models Revolutionizing Surveillance CP-UNC-TE21ZL6C-VMDS-Q: ● High-resolution imagery and advanced AI-enabled analytics. ● Designed for traffic management and public safety applications. CP-UNP-F4521L30-DPQ: ● Compact yet powerful, ideal for indoor environments like retail and banking. ● Features cutting-edge motion detection and cloud integration. CP-UNC-VE21ZL4C-VMDS-Q: ● Built for extreme weather with IP67 certification. ● Perfect for industrial and outdoor applications. By integrating STQC-certified products into its portfolio, CP PLUS not only meets but exceeds the expectations of government and private stakeholders. These models exemplify the perfect balance of cutting-edge technology and unwavering security,…

What is a Data Centre? A data centre is a specialized facility designed to house computer systems, telecommunications equipment and storage systems, supported by the necessary infrastructure to ensure their efficient operation. These facilities consist of several core components including computing equipment like servers and mainframes, storage systems such as hard drives and tape systems, and a robust network infrastructure comprising routers, switches, firewalls, and cabling. The infrastructure includes power distribution systems, cooling mechanisms, fire suppression tools, and security measures for both physical and cybersecurity. Critical infrastructure in a data centre is vital for uninterrupted functionality. Power systems include uninterruptible power supplies (UPS), backup generators, multiple power feeds, and power distribution units (PDUs). Cooling systems rely on Computer Room Air Conditioning (CRAC) units, chillers, hot/ cold aisle containment, and raised floors to manage airflow. Environmental controls ensure optimal conditions through temperature and humidity monitoring, air filtration, and fire detection and suppression systems. Data centres come in various types, including: (i) Enterprise centres – Operated by companies for their own use, (ii) Colocation centres – That rent space to multiple customers, (iii) Cloud centres – Managed by cloud service providers, (iv) Edge facilities – Located closer to end-users, and (v) Hyperscale centres – Operated by tech giants. They are also classified into tiers based on their capacity and redundancy: (i) Tier 1 provides basic capacity with a single path for power and cooling, (ii) Tier 2 offers redundant components, (iii) Tier 3 includes multiple paths for concurrent maintainability, and (iv) Tier 4 achieves fault tolerance with the highest redundancy level. Data centres serve numerous critical purposes such as hosting websites and applications, storing and processing data, supporting cloud computing services, enabling business continuity, providing backup and recovery solutions, and supporting telecommunications infrastructure. They also facilitate content delivery networks, process business transactions, support artificial intelligence and machine learning, and enable big data analytics. The evolution of data centres is driven by trends toward greater energy efficiency, higher density computing, increased automation, enhanced security measures, and sustainable operations. Innovations include integrating edge computing, adopting AI-driven management, and implementing modular design approaches. These facilities are essential to modern digital infrastructure, underpinning global digital economies, business operations, internet connectivity, and digital services worldwide. Like all assets of value, apart from facing cyber threats, data centres increasingly face physical security threats because damage, sabotage or outages to data centres can cause catastrophic damage amounting to millions of dollars, loss of brand value and potentially ruinous litigations. To set context, as per a 2023 survey, roughly 54 percent of data centre operators said their latest most significant outage cost over USD100,000. A further 16 percent of respondents said the most recent crucial system outage caused them monetary damage of over USD1 million. Physical Security Threats The physical security threats faced by data centres encompass a wide range of challenges that require comprehensive protection strategies. Let us examine a few of these threats/ challenges. The most common threats are given in the Fig 2 below and thereafter are described in detail. Unauthorized physical access At the forefront of these concerns is unauthorized physical access, which can manifest through various methods including social engineering attempts, tailgating through secure entrances, impersonation of authorized personnel or contractors, theft of access credentials, forced entry attempts, and insider threats from disgruntled employees. These access-related threats are particularly concerning as they can lead to more severe security breaches if successful. Infrastructure sabotage Infrastructure sabotage represents another critical threat category, involving deliberate damage to essential systems such as power distribution units, network cables, cooling systems, backup generators, and server racks. Such attacks can cripple data centre operations and lead to significant service disruptions. The risk of vandalism to security systems themselves must also be considered, as damage to these protective measures can create vulnerabilities that malicious actors might exploit. Environmental threats Environmental threats pose a significant risk to data centre operations and require robust mitigation strategies. These include fire and smoke damage, water damage from flooding or leaks, extreme temperature fluctuations affecting equipment, humidity issues that can damage hardware, natural disasters such as earthquakes and hurricanes, chemical contamination, and electromagnetic interference. These environmental factors can cause catastrophic damage to sensitive equipment and disrupt critical services. Power-related threats Power-related threats are particularly concerning given the data centre’s reliance on consistent, clean power. These include grid power failures, UPS system failures, generator malfunctions, power surges or spikes, disruption to fuel supplies for backup systems, and potential sabotage of electrical systems. The interconnected nature of power systems means that a failure in one component can cascade through the entire facility. Theft Theft remains a persistent threat to data centres, targeting valuable assets such as server and network equipment, storage devices, copper wire, backup media, personal property, and maintenance equipment. These theft attempts can be opportunistic or carefully planned operations, potentially involving insider knowledge. The financial impact of theft extends beyond the immediate loss of equipment to include service disruption and potential data breaches. Service disruption attempts Service disruption attempts represent a broad category of threats aimed at preventing normal data centre operations. These can include blocking physical access to facilities, disrupting cooling systems, interfering with power delivery, cutting communication lines, combining DDoS attacks with physical intrusion, and jamming wireless systems. Such attacks can be particularly effective if coordinated across multiple vectors simultaneously. Malicious surveillance and intelligence gathering activities Malicious surveillance and intelligence gathering activities pose a significant threat as precursors to more direct attacks. These can include photography of facilities, drone surveillance, dumpster diving for sensitive information, social engineering to gather facility information, recording of security patrol patterns, and monitoring of staff movements. This information can be used to identify vulnerabilities and plan more targeted attacks. Vehicle-based threats Vehicle-based threats present unique challenges for data centre security including the potential for ramraid attacks, car bombs, unauthorized parking near critical infrastructure, blocking of emergency access routes, vehicle- borne surveillance, and hijacking of delivery vehicles. These threats require specific countermeasures such as vehicle barriers, bollards, secure parking areas, and…

GARIMA GOSWAMYCEO and Co-FounderDridhg Security International Pvt. Ltd. The rapid advancement of technology has brought unprecedented convenience, but it has also opened doors to ethical dilemmas and potential misuse. One of the most alarming possibilities lies in the hypothetical misuse of technology for unauthorized data retrieval, particularly from sensitive repositories like Aadhaarlinked databases and the sale of objectionable non consensual pictures produced by using deepfake technologies via nudify apps. Deepfake Technology and Nudify Apps: A Looming Threat Deepfake technology, which uses generative AI models to create realistic but fake images, videos, or audio, has become a significant concern. Once exclusive to media professionals, these tools are now widely accessible, and their potential for misuse is immense – from of ‘nudify’ apps, which claim to remove clothing from images, often targeting women. These apps, available for as little as INR199 on platforms like Telegram, enable anti-social elements to exploit technology for financial and reputational harm. Tutorials for these tools are freely available online, making them even more dangerous. The combination of deepfake tools with apps like Microsoft’s VASA – which generates lifelike, audio-driven talking faces – further heightens the risk of identity theft and reputational damage. These technologies, when misused, create opportunities for exploitation on a scale previously unimaginable. Unauthorized Data Retrieval: A Growing Concern Imagine an application capable of instantly retrieving personal details – such as names, phone numbers, or Aadhaar-linked addresses – by simply pointing a smartphone camera at an individual. While this may sound like science fiction, the rapid evolution of technologies like artificial intelligence (AI), augmented reality (AR), and centralized databases makes such scenarios increasingly plausible. This highlights the urgent need to address privacy and security risks associated with emerging technologies. The Role of Ethics in Technological Advancements The integration of ethics into the development and deployment of advanced technologies is no longer optional – it is a necessity. Without ethical guidelines, the misuse of such tools could lead humanity down a perilous path. Technology, when unbridled by ethics, has the potential to create a dystopian reality where privacy, security, and human dignity are continuously compromised. Developers, organizations, and governments must work collectively to ensure that technology serves the betterment of humanity. Safeguards, transparency, and strict regulatory oversight must be in place to prevent exploitation and misuse. The Need for Corrective Action It is not just governments and regulatory bodies that bear the responsibility of preventing the misuse of emerging technologies. Private organizations must also play their part by investing in solutions to counter these threats. For example, while tools to create deepfakes are widely accessible, reliable detection mechanisms remain scarce. Companies like Sensity, ResembleAI, and DridhG Security International are leading the way in developing tools to identify and counteract the misuse of these technologies. Such innovations are critical in ensuring that the digital world remains safe and secure for everyone. Conclusion The allure of technological advancements should not blind us to their potential risks. Without the integration of ethics, innovation could become a double-edged sword, capable of both immense progress and devastating harm. The time to act is now – by fostering collaboration between governments, private organizations, and ethical technologists, we can ensure that technology remains a force for good. Without immediate corrective measures, we risk entering a digital dark age where innovation outpaces our ability to control its consequences.