SlideShare a Scribd company logo

Advisory-66.pdf

K
KalimullahKhan17

Cyber Security

Technology
1 of 3
Download to read offline
• 5 GOVERNMENT OF PAKISTAN CABINET SECRETARIAT CABINET DIVISION (NTISB) No. 1-5/2003/24(NTISB-II) Islamabad, the 4th December, 2023 . Subject: - Cyber Security Advisory (Advisory No. 66) Introduction. CCTV camera usage has become indispensable in offices and residential areas. However, where it offers ease of use/remote view from anywhere' around the world (via internet), CCTV cameras are at the same time a cyber and physical security risk. A few recommendations on safe usage of CCTV network are appended below for adherence. 2 Recommendations. Following are cyber security best practices/safety guidelines for CCTV administrators and end users: CCTV Administrators - CCTV Camera Safe Usage Guidelines (1) M (IR-0;n1 NI (1R-11 NI :,(zo,-Or.cl r1.11,,dm•7971! fill Ili) --- M 1AiO IVI itr,c:10 Ni :I 5ccv(H”v.Cliv.) V' / SPS 1 Avoid Unnecessary Remote View. Do not provide CCTV remote view access unnecessarily. In case, remote access is necessary, ensure strong passwords, device MAC filtering etc. on devices being used for remote access and remote access portal. Access Control. Limit access of CCTV camera system to only authorized administrators. Implement strong authentication mechanisms and follow the principle of least privilege. Regular Auditing. Conduct regular audits of user access logs, EN 2_1 camera configurations and system settings. This helps in -tt' E ti identification and addressing potential security vulnerabilities/ g suspicious activities. c, Network Segmentation. Isolate the CCTV camera network from Cr Li ;--: other critical networks to minimize risk of lateral movement by potential attackers. r-t-- (5) co cm =1.1.1 1 -2 CU TT .01J CC 0 ort a> = u_ cr CD Firm wares and Software Updates. Keep camera firmware and software up to date to patch known vulnerabilities. Regularly check for updates from manufacturers and apply them promptly.
• Incident Response Plan. Develop and regularly update an incident' response plan specific to the CCTV camera system. This ensures' a swift and effective response to security incidents. (7) Encryption. Enable encryption for both data in transit and data at rest. This adds an additional layer of protection against unauthorized access. Monitoring and Alerts. Implement continuous monitoring for the CCTV system and set up alerts for any suspicious activities. Early detection can help to prevent or mitigate potential security threats. (9) Vendor Guidelines. Adhere to security guidelines provided by camera manufacturers. Stay informed about any security advisories or patches released by vendors. b. CCTV End Users User Training. Educate end-users about the proper use of CCTV cameras and the potential security risks associated with them. , Encourage the use of strong passwords and secure authentication practices e.g. OTP remote view. Privacy Awareness. Make end-users aware of privacy considerations related to CCTV cameras. Avoid placing cameras in sensitive areas and ensure that they are used responsibly. Secure Passwords. If end-users have access to camera settings, ensure that they use strong, unique passwords. Discourage the sharing of passwords and emphasize the importance of password hygiene. Reporting Suspicious Activity. Encourage end-users to report any suspicious or unusual activities related to the CCTV system promptly. This helps in the early detection of potential security incidents. Physical Security. If end-users have physical access to cameras, stress the importance of maintaining the physical security of the
(Muh Usman Tang) Assistant S retary (NTISB-II) Ph# 1-9204560 the Federal Government and Chief • • devices. Tampering with cameras could compromise the entire surveillance system. Privacy Filters. Consider implementing privacy filters or controls to limit the exposure of certain areas, addressing concerns about unintentional or intrusive monitoring. Compliance with Policies. Ensure that end-users are aware of and comply with organizational policies related to CCTV camera usage and cybersecurity practices. 3. Kindly disseminate the above information to all concerned in your organizations, all attached/affiliated departments and ensure necessary protective measures. All Secretaries of Ministries/Divisions of Secretaries of the Provincial Governments Copy to: Principal Secretary to the PM, Prime Minister's Secretariat, Islamabad Secretary to the President, Aiwan-e-Sadar, Islamabad Cabinet Secretary, Cabinet Division, Islamabad Additional Secretary-III, Cabinet Division, Islamabad Director General (Tech), Dte Gen, ISI Islamabad Director (IT), Cabinet Division, Islamabad

Recommended

Survey Paper on Smart Surveillance System
Survey Paper on Smart Surveillance SystemSurvey Paper on Smart Surveillance System
Survey Paper on Smart Surveillance System
IRJET Journal
 
Uk cctv-viseum-strategy-recommendations
Uk cctv-viseum-strategy-recommendationsUk cctv-viseum-strategy-recommendations
Uk cctv-viseum-strategy-recommendations
Stuart Thompson Viseum Group Owner & President
 
CREATING CCTV CAMERA SYSTEM USING ARTIFICIAL INTELLIGENCE, IMAGE PROCESSING, ...
CREATING CCTV CAMERA SYSTEM USING ARTIFICIAL INTELLIGENCE, IMAGE PROCESSING, ...CREATING CCTV CAMERA SYSTEM USING ARTIFICIAL INTELLIGENCE, IMAGE PROCESSING, ...
CREATING CCTV CAMERA SYSTEM USING ARTIFICIAL INTELLIGENCE, IMAGE PROCESSING, ...
IRJET Journal
 
security_assessment_report_nidhi yadav.pptx
security_assessment_report_nidhi yadav.pptxsecurity_assessment_report_nidhi yadav.pptx
security_assessment_report_nidhi yadav.pptx
Akttripathi
 
ATM Security System Based on the Video Surveillance Using Neural Networks
ATM Security System Based on the Video Surveillance Using Neural NetworksATM Security System Based on the Video Surveillance Using Neural Networks
ATM Security System Based on the Video Surveillance Using Neural Networks
IRJET Journal
 
CCTV Cameras Installation Tips for Businesses: Protecting Your Assets
CCTV Cameras Installation Tips for Businesses: Protecting Your AssetsCCTV Cameras Installation Tips for Businesses: Protecting Your Assets
CCTV Cameras Installation Tips for Businesses: Protecting Your Assets
IT Company Dubai
 
Guidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxGuidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptx
srinivascooldude58
 
IRJET- Intruder Detection System using Camera with Alert Management
IRJET- Intruder Detection System using Camera with Alert ManagementIRJET- Intruder Detection System using Camera with Alert Management
IRJET- Intruder Detection System using Camera with Alert Management
IRJET Journal
 

Recommended

Survey Paper on Smart Surveillance System
Survey Paper on Smart Surveillance SystemSurvey Paper on Smart Surveillance System
Survey Paper on Smart Surveillance System
IRJET Journal
 
Uk cctv-viseum-strategy-recommendations
Uk cctv-viseum-strategy-recommendationsUk cctv-viseum-strategy-recommendations
Uk cctv-viseum-strategy-recommendations
Stuart Thompson Viseum Group Owner & President
 
CREATING CCTV CAMERA SYSTEM USING ARTIFICIAL INTELLIGENCE, IMAGE PROCESSING, ...
CREATING CCTV CAMERA SYSTEM USING ARTIFICIAL INTELLIGENCE, IMAGE PROCESSING, ...CREATING CCTV CAMERA SYSTEM USING ARTIFICIAL INTELLIGENCE, IMAGE PROCESSING, ...
CREATING CCTV CAMERA SYSTEM USING ARTIFICIAL INTELLIGENCE, IMAGE PROCESSING, ...
IRJET Journal
 
security_assessment_report_nidhi yadav.pptx
security_assessment_report_nidhi yadav.pptxsecurity_assessment_report_nidhi yadav.pptx
security_assessment_report_nidhi yadav.pptx
Akttripathi
 
ATM Security System Based on the Video Surveillance Using Neural Networks
ATM Security System Based on the Video Surveillance Using Neural NetworksATM Security System Based on the Video Surveillance Using Neural Networks
ATM Security System Based on the Video Surveillance Using Neural Networks
IRJET Journal
 
CCTV Cameras Installation Tips for Businesses: Protecting Your Assets
CCTV Cameras Installation Tips for Businesses: Protecting Your AssetsCCTV Cameras Installation Tips for Businesses: Protecting Your Assets
CCTV Cameras Installation Tips for Businesses: Protecting Your Assets
IT Company Dubai
 
Guidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxGuidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptx
srinivascooldude58
 
IRJET- Intruder Detection System using Camera with Alert Management
IRJET- Intruder Detection System using Camera with Alert ManagementIRJET- Intruder Detection System using Camera with Alert Management
IRJET- Intruder Detection System using Camera with Alert Management
IRJET Journal
 
Cctv guide
Cctv guideCctv guide
Cctv guide
Mohammed Al Qureshi
 
Enhancing Security With CCTV Monitoring Services
Enhancing Security With CCTV Monitoring ServicesEnhancing Security With CCTV Monitoring Services
Enhancing Security With CCTV Monitoring Services
kodiperez7568
 
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEODEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
IRJET Journal
 
Detailed Study of CCTV Cameras
Detailed Study of CCTV CamerasDetailed Study of CCTV Cameras
Detailed Study of CCTV Cameras
Hans Khanna
 
Detailed study of_cctv_cameras
Detailed study of_cctv_camerasDetailed study of_cctv_cameras
Detailed study of_cctv_cameras
Yaser Al-Abdali
 
Surveillance Camera
Surveillance CameraSurveillance Camera
Surveillance Camera
Ariful Tanveer
 
IRJET- Securing IP Surveillance Cameras using Adaptive Security Appliance...
IRJET- Securing IP Surveillance Cameras using Adaptive Security Appliance...IRJET- Securing IP Surveillance Cameras using Adaptive Security Appliance...
IRJET- Securing IP Surveillance Cameras using Adaptive Security Appliance...
IRJET Journal
 
Video Surveillance Report
Video Surveillance ReportVideo Surveillance Report
Video Surveillance Report
Mihika Shah
 
PLN9 Surveillance
PLN9 SurveillancePLN9 Surveillance
PLN9 Surveillance
PLN9 Security Services Pvt. Ltd.
 
CCTV Surveillance System, attacks and design goals
CCTV Surveillance System, attacks and design goals CCTV Surveillance System, attacks and design goals
CCTV Surveillance System, attacks and design goals
IJECEIAES
 
Project
ProjectProject
Project
vijay chauhan
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
Ivan Carmona
 
Move Inn Estates Case Study
Move Inn Estates Case StudyMove Inn Estates Case Study
Move Inn Estates Case Study
Michael W. Chitwa
 
GA-CSD4007.pptx
GA-CSD4007.pptxGA-CSD4007.pptx
GA-CSD4007.pptx
Perak1
 
IRJET- i-Surveillance Crime Monitoring and Prevention using Neural Networks
IRJET- i-Surveillance Crime Monitoring and Prevention using Neural NetworksIRJET- i-Surveillance Crime Monitoring and Prevention using Neural Networks
IRJET- i-Surveillance Crime Monitoring and Prevention using Neural Networks
IRJET Journal
 
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptxEnhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
erickxandergarin
 
Surveillance camera control system
Surveillance camera control systemSurveillance camera control system
Surveillance camera control system
kvinitha
 
Real-time Anomaly Detection and Alert System for Video Surveillance
Real-time Anomaly Detection and Alert System for Video SurveillanceReal-time Anomaly Detection and Alert System for Video Surveillance
Real-time Anomaly Detection and Alert System for Video Surveillance
IRJET Journal
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
IRJET Journal
 
IRJET- A Survey on Human Action Recognition
IRJET- A Survey on Human Action RecognitionIRJET- A Survey on Human Action Recognition
IRJET- A Survey on Human Action Recognition
IRJET Journal
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
Mohamed Sweelam
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
alexjohnson7307
 

More Related Content

Similar to Advisory-66.pdf

CCTV Surveillance System, attacks and design goals
CCTV Surveillance System, attacks and design goals CCTV Surveillance System, attacks and design goals
CCTV Surveillance System, attacks and design goals
IJECEIAES
 

Similar to Advisory-66.pdf (20)

Cctv guide
Cctv guideCctv guide
Cctv guide
 
Enhancing Security With CCTV Monitoring Services
Enhancing Security With CCTV Monitoring ServicesEnhancing Security With CCTV Monitoring Services
Enhancing Security With CCTV Monitoring Services
 
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEODEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
 
Detailed Study of CCTV Cameras
Detailed Study of CCTV CamerasDetailed Study of CCTV Cameras
Detailed Study of CCTV Cameras
 
Detailed study of_cctv_cameras
Detailed study of_cctv_camerasDetailed study of_cctv_cameras
Detailed study of_cctv_cameras
 
Surveillance Camera
Surveillance CameraSurveillance Camera
Surveillance Camera
 
IRJET- Securing IP Surveillance Cameras using Adaptive Security Appliance...
IRJET- Securing IP Surveillance Cameras using Adaptive Security Appliance...IRJET- Securing IP Surveillance Cameras using Adaptive Security Appliance...
IRJET- Securing IP Surveillance Cameras using Adaptive Security Appliance...
 
Video Surveillance Report
Video Surveillance ReportVideo Surveillance Report
Video Surveillance Report
 
PLN9 Surveillance
PLN9 SurveillancePLN9 Surveillance
PLN9 Surveillance
 
CCTV Surveillance System, attacks and design goals
CCTV Surveillance System, attacks and design goals CCTV Surveillance System, attacks and design goals
CCTV Surveillance System, attacks and design goals
 
Project
ProjectProject
Project
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Move Inn Estates Case Study
Move Inn Estates Case StudyMove Inn Estates Case Study
Move Inn Estates Case Study
 
GA-CSD4007.pptx
GA-CSD4007.pptxGA-CSD4007.pptx
GA-CSD4007.pptx
 
IRJET- i-Surveillance Crime Monitoring and Prevention using Neural Networks
IRJET- i-Surveillance Crime Monitoring and Prevention using Neural NetworksIRJET- i-Surveillance Crime Monitoring and Prevention using Neural Networks
IRJET- i-Surveillance Crime Monitoring and Prevention using Neural Networks
 
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptxEnhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
 
Surveillance camera control system
Surveillance camera control systemSurveillance camera control system
Surveillance camera control system
 
Real-time Anomaly Detection and Alert System for Video Surveillance
Real-time Anomaly Detection and Alert System for Video SurveillanceReal-time Anomaly Detection and Alert System for Video Surveillance
Real-time Anomaly Detection and Alert System for Video Surveillance
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
IRJET- A Survey on Human Action Recognition
IRJET- A Survey on Human Action RecognitionIRJET- A Survey on Human Action Recognition
IRJET- A Survey on Human Action Recognition
 

Recently uploaded

How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
Wonjun Hwang
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Paige Cruz
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 

Recently uploaded (20)

الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
How to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in PakistanHow to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in Pakistan
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 

Advisory-66.pdf

  • 1. • 5 GOVERNMENT OF PAKISTAN CABINET SECRETARIAT CABINET DIVISION (NTISB) No. 1-5/2003/24(NTISB-II) Islamabad, the 4th December, 2023 . Subject: - Cyber Security Advisory (Advisory No. 66) Introduction. CCTV camera usage has become indispensable in offices and residential areas. However, where it offers ease of use/remote view from anywhere' around the world (via internet), CCTV cameras are at the same time a cyber and physical security risk. A few recommendations on safe usage of CCTV network are appended below for adherence. 2 Recommendations. Following are cyber security best practices/safety guidelines for CCTV administrators and end users: CCTV Administrators - CCTV Camera Safe Usage Guidelines (1) M (IR-0;n1 NI (1R-11 NI :,(zo,-Or.cl r1.11,,dm•7971! fill Ili) --- M 1AiO IVI itr,c:10 Ni :I 5ccv(H”v.Cliv.) V' / SPS 1 Avoid Unnecessary Remote View. Do not provide CCTV remote view access unnecessarily. In case, remote access is necessary, ensure strong passwords, device MAC filtering etc. on devices being used for remote access and remote access portal. Access Control. Limit access of CCTV camera system to only authorized administrators. Implement strong authentication mechanisms and follow the principle of least privilege. Regular Auditing. Conduct regular audits of user access logs, EN 2_1 camera configurations and system settings. This helps in -tt' E ti identification and addressing potential security vulnerabilities/ g suspicious activities. c, Network Segmentation. Isolate the CCTV camera network from Cr Li ;--: other critical networks to minimize risk of lateral movement by potential attackers. r-t-- (5) co cm =1.1.1 1 -2 CU TT .01J CC 0 ort a> = u_ cr CD Firm wares and Software Updates. Keep camera firmware and software up to date to patch known vulnerabilities. Regularly check for updates from manufacturers and apply them promptly.
  • 2. • Incident Response Plan. Develop and regularly update an incident' response plan specific to the CCTV camera system. This ensures' a swift and effective response to security incidents. (7) Encryption. Enable encryption for both data in transit and data at rest. This adds an additional layer of protection against unauthorized access. Monitoring and Alerts. Implement continuous monitoring for the CCTV system and set up alerts for any suspicious activities. Early detection can help to prevent or mitigate potential security threats. (9) Vendor Guidelines. Adhere to security guidelines provided by camera manufacturers. Stay informed about any security advisories or patches released by vendors. b. CCTV End Users User Training. Educate end-users about the proper use of CCTV cameras and the potential security risks associated with them. , Encourage the use of strong passwords and secure authentication practices e.g. OTP remote view. Privacy Awareness. Make end-users aware of privacy considerations related to CCTV cameras. Avoid placing cameras in sensitive areas and ensure that they are used responsibly. Secure Passwords. If end-users have access to camera settings, ensure that they use strong, unique passwords. Discourage the sharing of passwords and emphasize the importance of password hygiene. Reporting Suspicious Activity. Encourage end-users to report any suspicious or unusual activities related to the CCTV system promptly. This helps in the early detection of potential security incidents. Physical Security. If end-users have physical access to cameras, stress the importance of maintaining the physical security of the
  • 3. (Muh Usman Tang) Assistant S retary (NTISB-II) Ph# 1-9204560 the Federal Government and Chief • • devices. Tampering with cameras could compromise the entire surveillance system. Privacy Filters. Consider implementing privacy filters or controls to limit the exposure of certain areas, addressing concerns about unintentional or intrusive monitoring. Compliance with Policies. Ensure that end-users are aware of and comply with organizational policies related to CCTV camera usage and cybersecurity practices. 3. Kindly disseminate the above information to all concerned in your organizations, all attached/affiliated departments and ensure necessary protective measures. All Secretaries of Ministries/Divisions of Secretaries of the Provincial Governments Copy to: Principal Secretary to the PM, Prime Minister's Secretariat, Islamabad Secretary to the President, Aiwan-e-Sadar, Islamabad Cabinet Secretary, Cabinet Division, Islamabad Additional Secretary-III, Cabinet Division, Islamabad Director General (Tech), Dte Gen, ISI Islamabad Director (IT), Cabinet Division, Islamabad