NEW DELHI: Government is considering extending its cybersecurity push beyond CCTV cameras by introducing a similar regulatory framework for a wider range of internet of things (IoT) devices, including smart meters, amid concerns that these devices remain vulnerable as they are imported, mainly from China.While no final decision has been taken, discussions at the official level are underway on measures that could require connected devices to meet stricter security and certification standards before they can be sold in India. The move, persons in the know said, is aimed at reducing cyber vulnerabilities in internet-connected products and should not be seen as a proposal to ban any category of devices.The deliberations follow govt’s decision to mandate security certification for internet-enabled CCTV cameras under the Standardisation Testing and Quality Certification (STQC) framework.Since April 1, manufacturers whose products do not comply with the prescribed essential security requirements have been barred from selling connected CCTV cameras in India.
Officials said the same concerns increasingly apply across the wider IoT ecosystem, which spans smart meters, home automation products, connected appliances, industrial sensors, wearable devices, healthcare equipment and other internet-enabled products. As these devices grow across homes, factories, offices and critical infrastructure, they also create much larger attack points for hackers if security standards are weak or inconsistent.People familiar with the discussions said govt is examining whether a common baseline security framework can ensure that connected devices entering the Indian market meet minimum cybersecurity requirements before deployment. The emphasis is expected to be on product testing, vulnerability assessment, software integrity and greater visibility into supply chains.The focus is on ensuring that connected products meet India’s cybersecurity requirements irrespective of where they are made.