Security code share must for telecom equipment cos

Written by fe Bureaus | New Delhi | Updated: Jul 30 2010, 05:21am hrs
Amid security concerns over telecom equipment, particularly from China, the government on Wednesday made it mandatory for suppliers to share the password and design details and said heavy penalty would be imposed on operators in case of any security breach.

FE was the first to report on the measures the government was planning to take to end the impasse on the import of Chinese equipment by telecom service providers. The first report was in the edition dated May 28 and the second on July 15.

Amending the telecom licences, the department of telecommunications said, The licensor shall have the power to allow inspection, analysis and use by the competent experts designated by the government, the hardware and software designs/codes deposited in the Escrow accounts to prevent/detect any security hazards, malware, traps at any time or for any criminal investigation purpose.

In case of any security breach after deployment/installation of equipment as a result of security audit, the relevant equipment supplied by the vendor shall be taken out of service and a penalty of Rs 50 crore for each purchase order shall be imposed on the operator. In addition, a penalty of 100% of contract value shall be levied by the government on the operator. This, some vendors said, would be passed on to them as per the agreement between suppliers and operators. The licensor (DoT) may also at its discretion blacklist the vendor from making any supply deals with Indian operators, according to the amendment.

It has also asked the operators to work towards a phased plan to take over the maintenance of the equipment locally, meaning thereby, the operation and maintenance of the networks shall be entirely by Indian engineers and dependence on foreign engineers shall be minimal or almost nil within a period of two years from now.

The telecom operators and the equipment suppliers did not offer any comment immediately saying they would study its impact before reacting. Some vendors, however, said that it would at least put business back on track as no purchase order was placed by any operator for last more than six months.

The DoT said the operators would have to engage services of international accredited network audit and certification agencies in consultation with licensor (DoT) to perform network auditing and their testing.

The third party audit and certification initially limits to core equipments such as Routers, Switches, Firewall, and the software associated with all the telecom operations and services.

The licensor (DoT) has the option to issue directions to add more systems to the list of core equipments. The DoT has also asked the operators to provide location details of mobile customers in the licensed service area with a precision of up to minimum 50 meters as a part of call data record (CDR).

Ericsson, Nokia-Siemens, Alcatel Lucent and Chinese players like Huawei and ZTE are the main equipment suppliers. The DoT has sent the amended licence agreement to all the operators for their consent.