Govt unveils stiff rules for telecom gear imports
29-07-2010
Onus on telcos to rein in all security-related concerns
The government today amended telecom licences making it mandatory for equipment suppliers to share the "source code" and the "design details" to address concerns over security. The new rules will be incorporated into the licence agreements of all telecom companies with immediate effect.
It also said that a penalty, equivalent to 100 per cent of the contract value, shall be imposed on telecom equipment suppliers in case of detection of any security breach, for instance if spyware or malware is found in their imported equipment. Operators also face a fine of Rs 50 crore for every purchase of equipment.
The Department of Telecom (DoT) officials said that the information like "source code", "password" and "design details" would be kept in escrow account in encrypted form, to be used only in case of security emergency.
Most of the telecom vendors, including Ericsson, had earlier opposed sharing of "source code" saying it is proprietary information and cannot be kept in an escrow account.
However, DoT has asserted that this has been done for all vendors and is not limited to vendors from China.
The major telecom vendors include Ericsson, Nokia-Siemens, Alcatel Lucent and Chinese players like Huawei and ZTE
The DoT has sent the amended licence agreement to all the operators for their consent.
The DoT is also understood to have included a clause which mandates that Indian engineers operate and maintain the networks of telecom service providers.
The amendment comes in the wake of concerns being raised by the security agencies regarding the core telecom equipment imported from China.
Telecom operators will now be able to import equipment, which was on hold for over six months pending security clearance from the government.
Since February 10, the government has not cleared over 450 equipment orders worth close to $3 billion placed with Chinese vendors citing security concerns, slowing down the expansion plans of all operators.
The new rules state that global telecom gear makers like Nokia Siemens, Ericsson, Huawei and Alcatel-Lucent and others who maintain and manage mobile networks of cellphone operators here must only employ Indian engineers adding that these gear makers would be given a two-year time frame to comply.
The networks of India's largest phone firms, Bharti Airtel, Reliance Communications, Vodafone, Tata Tele and Idea, are being managed by either Sweden's Ericsson, Finland-based Nokia Siemens, China's Huawei or Paris-headquartered Alcatel-Lucent.
Reliance has outsourced its GSM network management to China's Huawei while Loop Telecom has tied up with another Chinese firm, ZTE, for its GSM rollout across India.
The norms unveiled have squarely put the onus on mobile operators to address and rein in all security related concerns regarding procurement of equipment, marking a paradigm shift from the government's earlier strategy of targeting vendors, the telecom gear makers. The telecom department also said that if any equipment provided by a vendor has spyware, the gear maker will be blacklisted and not allowed to do business in India.
The government has also asked all mobile phone companies to submit their 'organisational policy on security and security management of their networks within 30 days'
Under the new norms, about 18 equipment have been classified as "critical core equipment", these refer to all critical network gear that carry intelligence (read sensitive information) related to call routing, billing or personal customer records. Mobile phone firms will have to get security clearance from the home ministry as well as third-party audits on core equipment before they can be imported.
Based on story in Economic Times
The government today amended telecom licences making it mandatory for equipment suppliers to share the "source code" and the "design details" to address concerns over security. The new rules will be incorporated into the licence agreements of all telecom companies with immediate effect.
It also said that a penalty, equivalent to 100 per cent of the contract value, shall be imposed on telecom equipment suppliers in case of detection of any security breach, for instance if spyware or malware is found in their imported equipment. Operators also face a fine of Rs 50 crore for every purchase of equipment.
The Department of Telecom (DoT) officials said that the information like "source code", "password" and "design details" would be kept in escrow account in encrypted form, to be used only in case of security emergency.
Most of the telecom vendors, including Ericsson, had earlier opposed sharing of "source code" saying it is proprietary information and cannot be kept in an escrow account.
However, DoT has asserted that this has been done for all vendors and is not limited to vendors from China.
The major telecom vendors include Ericsson, Nokia-Siemens, Alcatel Lucent and Chinese players like Huawei and ZTE
The DoT has sent the amended licence agreement to all the operators for their consent.
The DoT is also understood to have included a clause which mandates that Indian engineers operate and maintain the networks of telecom service providers.
The amendment comes in the wake of concerns being raised by the security agencies regarding the core telecom equipment imported from China.
Telecom operators will now be able to import equipment, which was on hold for over six months pending security clearance from the government.
Since February 10, the government has not cleared over 450 equipment orders worth close to $3 billion placed with Chinese vendors citing security concerns, slowing down the expansion plans of all operators.
The new rules state that global telecom gear makers like Nokia Siemens, Ericsson, Huawei and Alcatel-Lucent and others who maintain and manage mobile networks of cellphone operators here must only employ Indian engineers adding that these gear makers would be given a two-year time frame to comply.
The networks of India's largest phone firms, Bharti Airtel, Reliance Communications, Vodafone, Tata Tele and Idea, are being managed by either Sweden's Ericsson, Finland-based Nokia Siemens, China's Huawei or Paris-headquartered Alcatel-Lucent.
Reliance has outsourced its GSM network management to China's Huawei while Loop Telecom has tied up with another Chinese firm, ZTE, for its GSM rollout across India.
The norms unveiled have squarely put the onus on mobile operators to address and rein in all security related concerns regarding procurement of equipment, marking a paradigm shift from the government's earlier strategy of targeting vendors, the telecom gear makers. The telecom department also said that if any equipment provided by a vendor has spyware, the gear maker will be blacklisted and not allowed to do business in India.
The government has also asked all mobile phone companies to submit their 'organisational policy on security and security management of their networks within 30 days'
Under the new norms, about 18 equipment have been classified as "critical core equipment", these refer to all critical network gear that carry intelligence (read sensitive information) related to call routing, billing or personal customer records. Mobile phone firms will have to get security clearance from the home ministry as well as third-party audits on core equipment before they can be imported.
Based on story in Economic Times
