According to the Economic Times a new draft telecom security policy under development by the Department of Telecommunications (DoT) and National Information Board will require mobile operators to implement new measures to secure all network devices, local area and enterprise networks and to introduce safeguards to isolate the nation’s wireless networks in the case of potential cyber attacks. The draft policty reportedly provides a road map for service providers, vendors and software developers for implementing uniform security systems that will prevent information leaks and services denials as well as improve the handling of disaster management. Operators with international networks will be required to ensure that infrastructure within India’s borders complies with the new security policy.
The new policy also calls for greater powers to be granted to the nation’s security agencies to gain real-time access to ‘all forms of lawfully targeted communication’ and to detect malicious software hidden on imported equipment. Hinting at concerns regarding imports from China, the DoT notes that: ‘Dependence on imported core network gear like switches, routers, servers and transmission systems makes Indian telecom networks vulnerable to the decisions of foreign vendors, especially if upgrades don’t happen on time. And remote management of networks adds to such vulnerability.’ As previously noted by CommsUpdate, Indian authorities have a somewhat confused attitude towards China: in August this year the DoT called for restrictions to be placed on the import and use of Chinese goods in the telecoms industry, only to list its northern neighbour as a potential partner in technology research, development and manufacturing the following month.
Looking ahead at bringing the new security policy into force once finalised, the Telecom Commission has green-lit the creation of a Telecom Security Directorate that will handle the coordination of all security-related telecom activities, potentially adding a further layer to India’s Byzantine regulatory framework.