New National Telecom Network Security Policy Of India

Recently a body named National Telecom Network Security Coordination Board (NTNSCB) of India has been proposed to be constituted by Indian government. The aim of establishment of NTNSCB is to ensure cyber security and telecom network security in India in a centralised manner.

The establishment of proposed NTNSCB would require formulation of telecom security policy in India and telecom equipments security framework in India at the first instance. There is no local or indigenous mechanism in India through which telecom hardware and software can be analysed for backdoors and malware.

However, Indian government has declared in the past that telecom equipments must be certified by TEC before use in India. A proposal to store call data records has also been given. The norms for import of telecom equipments in India would also be formulated very soon. Similarly, a telecom security policy of India may also be drafted.

Now as per recent media reports, telecom operators, equipment vendors, enterprise communication network users will all be made responsible for securing telecom networks under a new telecom network security policy of India. It has been reported that the policy would be drafted by the Department of Telecom (DoT) and it also intends to make network robust so that they can deal with disasters and crisis situations.

Under the proposed telecom network security policy, all telecom network equipments will have to get a “safe to connect certification” before they can be used in India. The certification will have to be done through a testing laboratory. Periodic test of the telecom networks will be carried out to ensure that no threat has crept into the network.

The proposed telecom network security also wants corporates using global enterprise communication networks to ensure that the network within the country complies with the security requirements. It is possible that network of these enterprises are subjected to laws of different countries, which may not be the same. Therefore, enterprises would have to adopt a little flexible approach in building their network security policies in such a way that part of the network in the geographical boundary of the country follows the security requirements mandated by this policy.

The policy also suggests setting up a centralised institution to address network and cyber security issues. Presently, the central monitoring system (CMS) project of India is one such centralised mechanism that DoT is planning to launch. A national cyber security policy of India may strengthen this initiative of DoT.

Huawei And ZTE In Telecom Security Tangle Of India

With the proposal to establish National Telecom Network Security Coordination Board (NTNSCB) of India, the issues of cyber security and telecom security in India have arisen once again. Even the national telecom policy of India 2011 reflects these concerns.

The issues pertaining to telecom security policy in India and telecom equipments security framework in India are not new. The home ministry of India and ministry of information and communication technology have been raising security concerns regarding telecom hardware manufactured by foreign dealers. Concerns regarding possible existence of backdoors in such hardware are frequently raised in India.

There is no mechanism in India through which telecom hardware and software can be analysed for backdoors and malware. Indian government has declared that telecom equipments must be certified by TEC before use in India. A proposal to store call data records has also been given. The norms for import of telecom equipments in India would also be formulated very soon (may be already formulated).

At present, India has two separate policy guidelines for import of telecom gear. Chinese vendors such as Huawei and ZTE follow the July 2010 guidelines while Western telecom equipment manufacturers were given the option of following the policy issued in late 2009, after they refused to operate in India under the July rules.

According to latest news, in an internal report, the security unit of the department of telecommunication (DoT) has raised fresh concerns about Chinese equipment vendors - Huawei and ZTE. The report adds that India must also be on the guard against equipment from the West, including US and Europe. It has been reported that the new security norms had brought all these vendors under a common security framework.

To counter the possible threats from foreign hardware vendors, India is encouraging to develop indigenous hardware manufacturing capabilities. In fact, India has announced to give preferences, including tax cuts, to indigenously manufactured telecoms equipment, despite concerns raised by the United States and the European Union, which had said that such concessions would violate WTO commitments.

There is an urgent need to provide reasonable and sufficient regulatory norms regarding telecom security in India. The sooner they are formulated the better it would be for all the telecom stakeholders in India.