Lankan Ranger
ELITE MEMBER
- Joined
- Aug 9, 2009
- Messages
- 12,550
- Reaction score
- 0
Telecom Security Certification Agency to be Set up in India
It is heartening to note that close on the heels of banning Chinese Mobiles without IMEI numbers, and banning of telecom equipments from China, the Government of India has now moved in to create a Telecom Security Certification Agency to provide security clearance to telecom supplies from China.
It is no secret that most telecom operators including the public sector BSNL have been using Chinese supplies both for consumer end equipments such as internet modems as well as equipments in the exchange. These are security sensitive decisions where bugs may be implanted to compromise the control of the entire telecom system.
If Indian Government had not so far reacted properly to this security threat, it was because there was lack of political will or security vision in the past. Now to the credit of the home minister Mr Chidambaram, things appear to be moving in the right direction.
The latest move to request Dr N Balakrishnan, Director, IISC, to suggest a framework under which a security certification agency can be set up is the right move in this direction is therefore heartening.
Recently, one of the major telecom operators had raised its voice against the ban on Chinese telecom imports and argued that this would increase the cost of the equipments. Other commercial organizations who put profits before everything else would naturally support this move and one can expect that a lobby has already been working in diluting the Ban Chinese Telecom Equipment order.
We trust that the move to set up the security agency itself is not influenced by this industry lobby with an intention to overcome the ban by manipulating the decisions of the agency.
It is flattering to think that this desperateness is because India is a commercially important market. But one cannot rule out the possibility that this is also because China would like tretain its control on the Cyber War button to overhaul India. Otherwise for a Country which keeps meddling in Arunachal Pradesh and Ladakh and which is militarily ambitious , it is not natural to appear bending low to seek Indian commercial markets.
We are also aware that Chinese Cyber War strategy does not end in hacking into some Government websites but extends into planting of people in Indian Companies who may infuse malicious codes in the software supplied to their customers.
In this background, Dr Balakrishnan should ensure that the frameworks suggested for the Security Certification Agency should be strong enough to withstand commercial influences from any telecom operator or from petty politicians who may be influenced or even by some of the large IT companies who may unwittingly support a Chinese intrusion.
Some of the precautions that need to be taken in this regard are
a) Every software and hardware supplied directly or indirectly from China should be subject to prior security clearance from the agency.
b) The agency should have the right to demand recall of equipments in the market and conduct sample checks even after the clearance is given.
c) It should be ensured that in critical areas, control is exercised on the possibility of equipments being manipulated several months after supply through a Maintenance or Repair operation. Hence even the AMC contracts are to be closely monitored.
d) User companies need to be properly educated on the security risks and liabilities fixed if they donot comply with security oversight.
e) The agency should use these powers properly and report to the Parliament periodically and its work itself should be subject to a review by a high powered committee.
f) Enough checks and balances are to be built to ensure that the agency is not prevented from fulfilling its designated role through infiltration of the agency at the management or operational level.
g) Apart from IISC, only organizations such as CDAC and DRDO should be involved at the highest policy level and only persons of impeccable integrity and commitment to national security should be part of the core policy making body.
h) The intelligence agencies including NTRO which have shown their incapability to resist political influence should also be kept out of the core policy committee.
i) Organizations such as SETS which are indirectly controlled by private sector and managed by persons of tainted reputation should also be kept out of the system.
j) The head of the agency must be a statutorily appointed authority with a fixed contractual term and supported by a multimember board again consisting of persons with the requisite background and integrity.
Dr Balakrishnan has an enviable task of suggesting a framework which can undertake the onerous and technologically complex task without compromising on the possible intrusion of commercial and political interests not only now but in future as well.
We hope that the Government would be transparent on the process and let the Dr Balakrishnan recommendation be effectively debated, refined if necessary and implemented in all earnestness.
Telecom Security Certification Agency to be Set up in India - Blogger News Network
It is heartening to note that close on the heels of banning Chinese Mobiles without IMEI numbers, and banning of telecom equipments from China, the Government of India has now moved in to create a Telecom Security Certification Agency to provide security clearance to telecom supplies from China.
It is no secret that most telecom operators including the public sector BSNL have been using Chinese supplies both for consumer end equipments such as internet modems as well as equipments in the exchange. These are security sensitive decisions where bugs may be implanted to compromise the control of the entire telecom system.
If Indian Government had not so far reacted properly to this security threat, it was because there was lack of political will or security vision in the past. Now to the credit of the home minister Mr Chidambaram, things appear to be moving in the right direction.
The latest move to request Dr N Balakrishnan, Director, IISC, to suggest a framework under which a security certification agency can be set up is the right move in this direction is therefore heartening.
Recently, one of the major telecom operators had raised its voice against the ban on Chinese telecom imports and argued that this would increase the cost of the equipments. Other commercial organizations who put profits before everything else would naturally support this move and one can expect that a lobby has already been working in diluting the Ban Chinese Telecom Equipment order.
We trust that the move to set up the security agency itself is not influenced by this industry lobby with an intention to overcome the ban by manipulating the decisions of the agency.
It is flattering to think that this desperateness is because India is a commercially important market. But one cannot rule out the possibility that this is also because China would like tretain its control on the Cyber War button to overhaul India. Otherwise for a Country which keeps meddling in Arunachal Pradesh and Ladakh and which is militarily ambitious , it is not natural to appear bending low to seek Indian commercial markets.
We are also aware that Chinese Cyber War strategy does not end in hacking into some Government websites but extends into planting of people in Indian Companies who may infuse malicious codes in the software supplied to their customers.
In this background, Dr Balakrishnan should ensure that the frameworks suggested for the Security Certification Agency should be strong enough to withstand commercial influences from any telecom operator or from petty politicians who may be influenced or even by some of the large IT companies who may unwittingly support a Chinese intrusion.
Some of the precautions that need to be taken in this regard are
a) Every software and hardware supplied directly or indirectly from China should be subject to prior security clearance from the agency.
b) The agency should have the right to demand recall of equipments in the market and conduct sample checks even after the clearance is given.
c) It should be ensured that in critical areas, control is exercised on the possibility of equipments being manipulated several months after supply through a Maintenance or Repair operation. Hence even the AMC contracts are to be closely monitored.
d) User companies need to be properly educated on the security risks and liabilities fixed if they donot comply with security oversight.
e) The agency should use these powers properly and report to the Parliament periodically and its work itself should be subject to a review by a high powered committee.
f) Enough checks and balances are to be built to ensure that the agency is not prevented from fulfilling its designated role through infiltration of the agency at the management or operational level.
g) Apart from IISC, only organizations such as CDAC and DRDO should be involved at the highest policy level and only persons of impeccable integrity and commitment to national security should be part of the core policy making body.
h) The intelligence agencies including NTRO which have shown their incapability to resist political influence should also be kept out of the core policy committee.
i) Organizations such as SETS which are indirectly controlled by private sector and managed by persons of tainted reputation should also be kept out of the system.
j) The head of the agency must be a statutorily appointed authority with a fixed contractual term and supported by a multimember board again consisting of persons with the requisite background and integrity.
Dr Balakrishnan has an enviable task of suggesting a framework which can undertake the onerous and technologically complex task without compromising on the possible intrusion of commercial and political interests not only now but in future as well.
We hope that the Government would be transparent on the process and let the Dr Balakrishnan recommendation be effectively debated, refined if necessary and implemented in all earnestness.
Telecom Security Certification Agency to be Set up in India - Blogger News Network
