Govt sets up ‘trusted source’ bar for phone companies to shield them from attacks

Phone companies in India can only use telecom equipment certified by a top security panel to have come from a “trust source”, the Union Cabinet decided at its meeting chaired by Prime Minister Narendra Modi on Wednesday. The certificate will be issued by a security panel headed by Deputy National Security Advisor Rajender Khanna who reports to NSA Ajit Doval. A former chief of India’s external intelligence agency, Research and Analysis Wing, Khanna heads the technologies section in the National Security Council Secretariat, people familiar with the matter said.

“This is a very important decision with respect to national security,” Union telecom minister Ravi Shankar Prasad said as he unveiled the National Security Directive on Telecommunication Sector that had been cleared by the cabinet minutes earlier.

The directive does not require phone companies to replace their existing equipment and will not impact ongoing annual maintenance contracts or updates to existing equipment.

The move comes against the backdrop of concerns expressed in India and abroad over mobile companies using equipment manufactured by the China-headquartered Huawei that has been accused by the United States of spying for Beijing. One official said the new security directive owed its origin to a presentation made way back in July by India’s lead intelligence agency on the risks posed by Chinese companies across different sectors.

Ravi Shankar Prasad did not name any country or company.

A government official indicated that the freshly-minted security directive would enable India to address concerns around equipment pitched by Chinese companies but stressed that this policy was designed to secure Indian telecom infrastructure against other risks as well.

The government, he said, wants to minimise the risks posed by cyber attacks. The Indian Computer Emergency Response Team (CERT-In) reported 4 lakh cyber incidents in 2019. In August this year, the government reported 7 lakh cyber incidents. During the last one year, the ministry of electronics and information technology told Parliament in August, the government and business entities had lost ₹124 lakh crore to cyber crime.

“The fact is that India is among the top three countries in the world facing cyber-attacks,” the official said.

How will it work

India’s National Cyber Security Coordinator Lt General (retd) Rajesh Pant will issue a list of telecom equipment that will be covered under the new security directive.

Gen Pant’s office will notify a list of ‘Trusted Sources/ Trusted Products’ for the benefit of the telecom service providers once they have been cleared by a committee headed by Dy NSA Rajinder Khanna. The committee, called the National Security Committee on Telecom, will have representatives from government departments concerned apart from two industry representatives and an independent expert. The committee has also been empowered blacklist companies that will not be allowed to sell equipment to phone companies.

The National Security Committee on Telecom has also been authorised to give incentives under Aatma Nirbhar Bharat exercise to companies identified as a “trusted source” if they meet the criteria in this regard.

A portal will be launched for easy upload of applications by telecom service providers and equipment vendors. This will improve the ease of doing business by providing a predictable assessment methodology to phone companies and equipment vendors, a government official said.