New Delhi: In a significant Cabinet decision on Wednesday (December 16), the government gave approval for National Security Directive on Telecommunication Sector. This step has been taken to strengthen national security and further Atmanirbhar Bharat objectives including through the involvement of all stakeholders within government and in the private sector.
India is amongst the top three countries in the world facing cyber-attacks. In 2019, there were Four Lakh cyber incidents handled by CERT-In. MeitY has recently told Parliament that till August 2020, Indian citizens, government, and business entities faced almost Seven Lakh cyber-attacks. A sum of Rs 1.24 Lakh Crores was lost due to cyber-crime in India during the last year. Recent ransomware attacks, as well as data and identity thefts, are a serious cause for concern from the national security angle.
These Cyber-attacks are generally perpetrated through interconnected networks and devices. They are also committed through compromised hardware and software components of telecom networks. With the increasing use of Internet of Things (IoT) devices, the risk will continue to increase manifold and the advent of 5G technologies will further increase the security concerns resulting from telecom networks. Furthermore, maintaining the integrity of the supply chain including electronic components is also necessary for ensuring security against malware infections.
Telecom is also the critical underlying infrastructure for all other sectoral information infrastructure of the country such as Power, Banking & Finance, Transport, Governance and the strategic sector. Security breaches resulting in compromise of the confidentiality and integrity of information or in disruption of the infrastructure can have disastrous consequences. Telecom, today, is thus a crucial sector from the National Security perspective.
Considering the security concerns and for the protection of India’s essential national security interests, the Cabinet has for the first time approved a framework by issuing the National Security Directive on Telecom Sector. This will provide a significant boost in ensuring our national security by addressing 5G and supply chain concerns.
Under the provisions of the Directive, in order to maintain the integrity of the supply chain security and in order to discourage insecure equipment in the network, Government will declare a list of ‘Trusted Sources/ Trusted Products’ for the benefit of the Telecom Service providers.
The list of equipment to be covered under this Directive and the methodology to designate ‘Trusted Products’ will be devised by the Designated Authority who is the National Cyber Security Coordinator (NCSC). Telecom Service Providers are required to connect new devices which are designated ‘Trusted Products”.
The Designated Authority will make its determination based on the approval of a committee headed by Deputy NSA. The committee will consist of members from relevant departments/Ministries and will also have two members from the industry and an independent expert. The Committee will be called ‘National Security Committee on Telecom (NSCT)
Similarly, a list of ‘Designated Sources’ from whom no procurement can be done may also be created. The present directive is not directed at any nation but will ensure that only Trusted Products are procured by Telecom Service Providers.
The present Directive does not envisage mandatory replacement of the existing equipment already inducted in the networks of the TSPs. The Directive will also not affect ongoing Annual Maintenance Contracts (AMC) or updates to existing equipment already inducted in the network as on the date of effect of the Directive.
From among the sources declared as ‘Trusted Source’ by the Designated Authority, those which meet the criteria of Department of Telecom’s Preferential Market Access Scheme will be certified as ‘Indian Trusted Sources’. The National Security Committee on Telecom will take measures to increase the use of equipment from such ‘Indian Trusted Sources’ in domestic telecom networks. This will provide the desired incentives for Aatma Nirbhar Bharat.
Guidance for the manner in which the ‘Enhanced Supervision’ and ‘Effective Control’ could be maintained by TSPs will be issued by Designated Authority at regular intervals. The Department of Telecom will suitably modify its guidelines and ensure monitoring of compliance by Telecom Service Providers.
The Designated Authority will put in place a portal for easy upload of applications by TSPs and equipment vendors. It will improve ease of doing business through providing a predictable assessment methodology to TSPs and equipment vendors.
The Department of Telecom will make appropriate modifications in the license conditions for the implementation of the provisions of the Directive. The policy will come into operation after 180 days from the date of approval.
