Two years after the Department of Telecom (DoT) decided to set up a telecom equipment testing lab at the Indian Institute of Science (IISc), Bangalore, to address security issues, foreign vendors have now refused to share their design details with the premier academic institute as it could hurt their business interests.
This sudden turn of events will now further delay the setting up of a full-fledged ‘Telecom Testing and Security Certification Centre’ (TTSCC), which should have become fully operational by April 2013. It will also hurt India’s preparedness towards creating the ‘Telecom Security Directorate’ as mandated by the National Security Council.
“IISc-Bangalore has done some initial work in a pilot lab but is now unable to proceed further because [foreign] vendors are not ready to share the design details of equipment with IISc Bangalore,” said an internal government note, adding that now the TTSCC could be established under the DoT.
“This is a major setback for the government’s initiative towards creating a ‘safe to connect’ telecom network in the country, particularly amid reports that the U.S. and other western countries are being extra cautious while deploying foreign-made telecom networks, particularly those being imported from Chinese equipment-makers, Huawei and ZTE,” said a senior MHA official involved in internal security preparedness.
“At present, the testing of equipment in India is dependent on unreliable methods of self-certification by operators. The government levies a fine of just a few crores if a network is not found compliant with security norms. The fine is too little compared to the risk involved, keeping in mind India’s strategic priorities and requirements,” the official added.
Notably, another internal note mentions that “the U.S. had found security loopholes in products supplied by Huawei through testing procedures and based on such security lapses, had banned supplies from Huawei”.
Following this report, the National Security Council had highlighted the fear of attacks on telecom networks and stealing of sensitive information and data and demanded multiple-level, robust testing facilities, which may include additional testing requirements beyond those specified by [foreign] manufacturers.
“In 2001, the Centre had asked the DoT to ensure that all telecom service providers (TSPs) should induct only ‘safe to connect’ telecom equipment in their network, besides ensuring annual security audit of all TSPs to create a telecom infrastructure sans bugs and ‘leakages’.
“The DoT was asked to start the first round of security audit beginning mid-2012, but now all this would be further delayed. And when we have reports that intelligence agencies in the U.S. and other countries were vary of Chinese telecom equipment, this is not good news,” the official said.
