With a view to promoting domestic technology and preventing data theft by foreign entities, the government will soon announce a policy that accords preference in official procurement to ‘Made in India’ antivirus and cybersecurity solutions.
The Ministry of Electronics and Information Technology (MeitY) has issued a draft notification which states “preference shall be provided by all procuring entities to domestically manufactured/ produced cybersecurity products.”
Ajay Kumar, Additional Secretary, MeitY said, “MeitY proposes to give a boost to domestic cybersecurity technology development by giving preference to good quality domestic products in government procurement.”
The notification will cover all products and software used for “maintaining confidentiality, availability and integrity of information by protecting computing devices, infrastructure, programs, data from attack, damage, or unauthorized access,” as per the notification.
Currently, almost 70 categories of cybersecurity products have been identified. These include products used for data loss prevention, security analytics, big data analytics, web security, antivirus, mobile payments, mobile data protection, cloud security, spam free email solutions, among others.
Preference for domestic products would also be given for cybersecurity products used by intelligence agencies.
‘Right direction’
“This is a step in the right direction,” said Pavan Duggal, a cyberlaw expert. “India is alive to the possibility of breach of cybersecurity. Putting our cybersecurity as mortgage to foreign firms is not a solution.”
He added, “Indian companies can be taken to task under the India law in case of any breach. And in all probability they will not act against the sovereignty of the country. For foreign players, the priority will be business... you cannot be sure if there is any backdoor to data with their technology.”
The challenge, however, would be to support the move with adequate supply of such products, according to Mr. Duggal.
Backdoor access
The possibility of foreign vendors retaining some backdoor access and the risk of a third party gaining access was a key factor spurring the policy, said an official, who did not wish to be named. “So, you have to have your own solutions.”
The latest move takes forward the government order on public procurement in June this year to encourage ‘Make in India’ programme.
The draft notification has defined ‘local supplier’ as a company incorporated and registered in India, adding that revenue from the product and revenue from Intellectual Property licensing should accrue to the company.
