DoT Strengthens Security Rules for Telecom Operators

Sunday, 20 May 2012

Government Security, Policy

By Priyadarshini Paul | 6 June 2011

The Department of Telecommunications, Government of India, has laid stringent rules regarding the procurement of telecom equipment, making service providers responsible for any security breach in the operators’ networks.

Photos

View photos

Related Categories

From this Section

NEWS

A fine of up to 500 million rupees ($11.1 million) will be levied in case of a breach.

Phone companies have been asked to keep all call and data records for 12 months and give the telecom department access to all such details. The companies also have to inform the department of any updates or changes in equipment within 15 days.

The Department is concerned that malicious software in foreign equipment could pose a threat to national security. The new rules come after some Indian mobile operators in 2010 complained about expansion plans getting hit due to rejection from local authorities regarding importing equipment from countries, including China, because of security concerns.

Equipment from Chinese companies – such as Huawei Technologies Co. and ZTE Corp – is sought after, given it is almost a third cheaper than products made by in the west. Western gearmakers such as Ericsson, Nokia Siemens and Alcatel-Lucent were given the option of following the policy issued in late 2009, after they refused to operate in India under the July rules.

Telecom operators now have to create their own policy on the management and security of their networks, and are required to submit their policy to the licensor (DoT) within 30 working days. Telecom operators can only import equipment certified by Indian or international standards from any international agency till March 31, 2013, but have to get the equipment certified by Indian labs from April 1, 2013.

Telecom operators have been asked to employ only Indians as chief technical officers, chief information officers and nodal executives to be in charge of security networks. Telecom companies will also have to create monitoring facilities to inform the telecom department within the next 12 months about the establishment.