Telecom equipments, especially imported one, have been in controversy for long. The security agencies of India have shown their apprehension regarding imported telecom hardware and equipments. For some time, even import of the same was hampered.
This is primarily due to the fact that India has no telecom security policy that must essentially carry norms for import of telecom equipments and hardware. Meanwhile, it has been proposed to get the telecom equipments checked by Telecom Engineering Centre (TEC) mandatorily before use in India. Now intelligence agencies of India are asking telecom companies to store call data records for five years.
The Department of Telecommunications (DoT) has approved new security norms governing telecom equipment that could cost operators at least Rs 5,000 crore each to implement. DoT has unveiled a new telecom security framework that did away with many existing controversial clauses such as mandating foreign equipment companies to put their software in the equivalent of a sealed envelope and submit it to the government.
Another controversial clause that stipulates penalties of 100% of the contract value on vendors if any spyware or malware is found in the imported equipment has also been dropped. Instead, any security breach will invite a maximum penalty of 50 crore in addition to criminal proceedings against the mobile phone company.
The new policy also dilutes the earlier rule that mandated vendors to employ only Indian engineers to maintain the networks of local mobile phone companies. The fresh norms say only top personnel with vendors need to be Indians. The names of these individuals will have to be cleared by the telecom and home ministries prior to their appointment. This is in line with the rules for mobile phone companies where top executives are required to be resident Indians.
Besides, with phone tapping in the limelight, the changed policy also mandates that mobile phone companies must only appoint Indians as chief technical officer, chief information security officer or as nodal executives for handling monitoring and interception functions across mobile networks.
The new framework is a good step in the right direction. Perry4Law and Perry4Law Techno Legal Base (PTLB) welcome this effort of DoT. However, this is just a piecemeal effort and DoT must come out with a proper telecom security policy of India as soon as possible.
Source: ICTPS Blog.