A considerable national security risk that needs immediate intervention through policy directives and groundwork
DR SIDDHARTHA GHOSH
Kashmir’s surveillance infrastructure has grown rapidly in the last few years. There is a deployment of roughly 3 to 5 Lakh CCTV units in total across both public and private domains. A significant portion of these (around 75 to 80%) has been historically sourced from Chinese manufacturers. This widespread use of non-Indian brands in the surveillance setup comes with its security challenges. It exposes a systemic surveillance vulnerability which is particularly problematic in a sensitive area like Kashmir, which has also seen military conflicts in the recent past.
This is particularly troubling as China has a history of launching cyber-attacks using these Chinese manufactured digital infrastructure. This was particularly seen after the Galwan skirmish, when in August 2021, Chinese hackers targeted seven major electricity load dispatch centres located in Ladakh. The CCTV network, along with Digital video recording devices were largely to be blamed. Although the government didn’t confirm this particular attack, but the then minister of state for communications and IT had acknowledged the dangers of video or audio captured by CCTVs and then passed on to servers located abroad.
The CCTV presence in Kashmir, like any other place, is seen in Residential homes (in entrances and even in key areas like rooms and passageways), shops, offices, educational institutions, roads, key public utility areas, government infrastructure such as power grids and security installations. In this, there are High-risk zones like the Lieutenant Governor’s and Chief Minister’s residence, army installations, intelligence Headquarters, police posts, CRPF installations, secretariat, key offices and smart city command systems. The legacy Chinese-origin CCTV systems are still operational in many of these strategic locations.
The core security concerns are many, with one being a ‘hardware-level concern’. The dependence on either Chinese-manufactured or Chinese chipsets carrying CCTV systems are highly problematic. There is also a trend where IT products, including CCTVs and DVRs, carry “Manufactured in India” branding, only to have an entirely Chinese apparatus on the inside.
There is also the ‘Software & Firmware vulnerabilities’ where foreign servers can push through firmware remotely, making the originally intended surveillance system by the Indian government to effectively a surveillance system by the foreign entities on the Indian government.
Apart from this, there can be other potential backdoors through software to access critical data by nefarious elements and a possibility of what experts refer to as silent “heartbeat” data transmission. This can be remotely used to kill the entire surveillance system at sensitive times at the will of the server controlling entity.
These said problems also come with a strategic intelligence risk where the data can be exploited for tracking of VVIP and security forces movements, mapping of sensitive security installations, facial recognition profiling of key individuals, and triggering network disruptions during military operations or similar critical times.
Also, beyond this, these CCTV systems come with vulnerabilities which can be exploited in home surveillance systems, office security networks, webcam modules and can even exploit routers and Network Video Recorder or NVRs. It is a type of computer that is designed to receive, save, and manage digital video streams that are recorded by IP (Internet Protocol) security cameras via a local area network (LAN) or Wi-Fi.
The recent years have seen a shift in the regulatory context. There has been tightening of norms around Chinese surveillance equipment in India, with the centre’s reluctance to issue certification under Standardisation Testing and Quality Certification (STQC) rules for Chinese-manufactured or Chinese-chipset-deployed products. From April 2026 onwards, a restriction has been placed on Chinese internet-enabled surveillance devices.
The new framework requires hardware origin disclosures and vulnerability testing to stop unauthorised remote intrusion and reduce the chances of espionage. This is particularly important as trusted and certified hardware must be made crucial for Government and public system infrastructures. This will gradually see a shift in government procurement as well, where ‘trusted sources’ will be valued for crucial projects. Although the newer policy will take some time to show ground-level impact, the private sector’s procurement and the legacy systems right now in place must also be checked for vulnerabilities.
The entire surveillance grid in the Kashmir region might be having a ‘Trojan Horse Risk’ with foreign-origin infrastructure playing a key role in enabling external intelligence access. Some recommended actions which can be taken in this regard is to immediately have some directives in place to ban any new Chinese-origin or Chinese-component carrying installations in any government office, building or residence.
A prioritised and phased removal of the existing legacy systems should be done (the Delhi government also announced something similar in April, where over 1.4 lakh Chinese-origin cameras will be replaced because of security and data concerns). The replacements must be from a “Clean and Trusted Source”. Also, a “True Non-Dangerous” Standard for procurement must be clearly defined with clear requirements on chipset origin, firmware audits and server routing controls.
For the long term, the government must consider and promote the development of an air-gapped network (physically separated from the internet) and from other unsecured networks. Strict firewalling protocols must also be in place for added layers of security. Even an Indian-controlled Vessel Monitoring Systems (VMS) operated, regulated, or controlled by Indian authorities will be especially useful for tracking fishing vessels, maritime movement, and activity in Indian waters.
Recently, under the Pradhan Mantri Matsya Sampada Yojana (PMMSY), the Department of Fisheries of the Government of India has sanctioned the project “National Rollout Plan for Vessel Communication and Support System (VCSS)”, to induct indigenously manufactured transponders with the support of the Indian Space Research Organisation (ISRO).
Kashmir’s surveillance expansion, although an operational necessity, has also created significant intelligence risks and needs decisive corrective measures at the earliest. With the potential possibility of the entire surveillance system being compromised by these Chinese CCTV systems.
It’s high time the administration takes a closer look in order to weed out the threats. Otherwise, the same systems can be used for real-time intelligence gathering, behavioural and movement mapping of our security forces and may also prove to be an operational hindrance. This represents a considerable national security risk and needs immediate intervention through policy directives and groundwork.
(The Author is Director, Red Lantern Analytica Foundation)