Telcos asked to carry out security audit2 min read . Updated: 18 Sep 2020, 06:01 AM IST
- Sanjay Dhotre says telecom operators are responsible for the security of their networks
- The proposal assumes importance amid the ongoing India-China border standoff
The department of telecommunications (DoT) has proposed that telecom companies undertake network audits to address security risks from spyware and malware, minister of state for communications Sanjay Dhotre said.
In a written reply submitted to the Rajya Sabha, the minister said telecom equipment and network could have backdoor and trapdoor vulnerabilities, adding operators are responsible for the security of their networks.
The proposal assumes importance amid the ongoing India-China border standoff. Tensions between the two nations escalated in June when 20 soldiers of the Indian Army were killed in a clash with Chinese forces along the Line of Actual Control (LAC) in Ladakh. Since then, the government has taken several steps to limit trade with the neighbour, including a ban on more than 200 Chinese mobile apps.
The minister said the government has not banned the purchase of equipment from Chinese vendors, adding, however, that an amendment in the General Financial Rules, 2017, allows the department of expenditure to impose restrictions on public buying from any country on the grounds of national security.
“This apprehension (of security threat) is further confirmed by the fact that other countries like the US, UK and Australia have also taken parallel recourse against Chinese vendors, citing their close allegiance with the People’s Liberation Army of China," said Sameer Jain, founder and managing partner, PSL Advocates & Solicitors.
The UK has imposed a blanket ban on Huawei’s 5G equipment from the end of 2020, and plans to phase out all gear supplied by the Chinese firm by 2027, Jain added.
Last December, DoT had directed all telecom operators—Bharat Sanchar Nigam Ltd (BSNL), Mahanagar Telephone Nigam Ltd (MTNL), Reliance Jio Infocomm Ltd, Bharti Airtel Ltd and Vodafone Idea Ltd to undertake security audit of their networks by an external agency.
Under the “Unified License, each licensee has to undertake an audit of their networks or get their networks audited from a security point of view once in a financial year from a network audit and certification agency," Dhotre said on Thursday.
Companies such as Ericsson, Nokia Networks, Samsung, Huawei and ZTE account for the major share of global telecom equipment supplies. The last two are Chinese.
Dhotre clarified that the government does not maintain any data on the percentage of equipment supplied by Chinese manufacturers--Huawei and ZTE. He said telcos procure and deploy equipment from vendors based on their techno-commercial interests, provided all security provisions are met.
According to the information received by the DoT, Reliance Jio does not use any equipment sold by Huawei and ZTE, while Vodafone Idea follows a multi-vendor strategy and Bharti Airtel uses equipment of Indian, American, European and Chinese vendors.
State-owned BSNL gets 44.4 % of its mobile network equipment from ZTE and 9% from Huawei, while 10% of MTNL’s network equipment is procured from Chinese manufacturers.
“Regular security audits are important since security is a legitimate and serious issue. However, for that very reason, the audits must be carried out professionally, with an open mind and without preconceived notions," said Mahesh Uppal, a senior consultant on telecom regulation.
“This is important since replacing working telecom equipment is expensive for telcos and disruptive for their users," Uppal added.