India has decided to ask all private telecom operators to provide a “flow chart” of their nationwide network, including equipment and support system-related details. Telcos and their gear vendor partners will also have to provide a certificate that the equipment is free of all known vulnerabilities and does not have any backdoors.
The move aims to tighten security and check for possible malware in Indian networks amidst growing concerns over meddling by Chinese elements into India’s critical infrastructure.
Private telecom operators – Reliance Jio, Bharti Airtel and Vodafone – will have to provide all details about their core equipment, radio equipment, transport equipment, and support systems to the National Security Council Secretariat (NSCS). Additionally, telcos will have to submit information about vendors that provide different equipment and solutions for their networks.
According to a report by India’s Financial Express, telcos will also have to provide details about their future rollout of networks, expansion or upgrades. “telecom vendors would also have to submit all details about their company, directors, businesses, shareholding pattern etc. to the NSCS,” the publication reported citing sources.
The Indian authorities are doing the exercise as part of the national security directive on the telecommunication (NSDT) sector, which will come into effect from June 15, 2021. The Department of Telecommunications is preparing to launch an online portal in June, which will act as a gateway for telcos to procure approvals and clarity over trusted telecom equipment.
In order to secure its telecom infrastructure, India recently amended the telecom license rule to mandate the procurement of equipment only from ‘trusted’ sources from June 15, 2021, which means Indian telecom operators can only use equipment that a “Designated Authority has approved”.
India’s National Cyber Security Coordinator (NCSC) is the “Designated Authority”, which will notify a list of sources or equipment makers from whom “no procurement” can be done. Indian telecom operators will also be notified of the vendors from whom they can procure equipment.
As per media reports, the latest move will restrict Chinese vendors such as Huawei and ZTE in India’s 4G telecom expansion and the upcoming 5G networks. However, the Indian government hasn’t officially announced any decision to ban both Chinese vendors.
The amendment, however, will not impact ongoing annual maintenance contracts or existing equipment deployment by the Indian telecom operators.
Last week, India also brought in clauses of ‘trusted sources’ and ‘trusted products’ for internet service providers (ISPs) by amending their licensing conditions.
All global telecom gear vendors with India registered subsidiaries will also have to provide a shareholding pattern up to three levels down, including nationality, to ascertain ultimate beneficiaries.
“The global vendors need to provide nationality details about their key people such as board of directors, global president/CEO and ownership breakdown by type of owner with country. The vendors also need to submit details about global locations of manufacturing, service delivery centres, locations for R&D, etc.,” the report added, citing sources.
Mint, citing sources, separately reported that China’s Huawei and ZTE could only participate in India’s 5G networks if they fulfil the eligibility criteria for “trusted” telecom equipment sources being prepared by national cybersecurity coordinator (NCSC) Lt. Gen. Rajesh Pant (retired).