The Department of Telecommunications (DoT) is all set to direct telecom companies to undertake an “information security audit” of their networks and submit the report by October end.
What is an information security audit for telecom networks?
As the name suggests, an information security audit is a step-by-step assessment of the complete network infrastructure which checks for the equipment installed and the latest upgrades done in order to prevent any data leakages. Read in Bangla
The auditors also check the data storage and security policies of the company and check whether all sections of the company adhere to the norms set by the company itself.
Apart from that, some auditing agencies also launch a controlled bug into the network of the company to check for vulnerabilities, and see what all systems are being impacted.
The objective of the audit is also to check for ‘backdoor’ and ‘trapdoor’ vulnerabilities. A ‘backdoor’ or a ‘trap door’ is a bug installed in the telecom hardware which allows companies to listen in or collect data being shared on the network.
📣 Express Explained is now on Telegram. Click here to join our channel (@ieexplained) and stay updated with the latest
Why does the DoT want telcos to do this audit?
One of the main reasons for the DoT asking telecom companies to get this external audit done by an agency empanelled with the Indian Computer Emergency Response Team (Cert-IN) is to check for any ‘backdoor’ or ‘trapdoor’ bugs installed on their networks.
While it has not specifically mentioned threat from any company, DoT officials did hint that this audit was necessary since there were reports from other parts of the world of such bugs being installed in telecom networks.
The audit is likely to increase the scrutiny on Chinese vendors Huawei Telecommunication Company and ZTE, which have been alleged to spy for the Chinese government.
For example, in January 2020, the US had released a report in which it had said that Huawei had inserted ‘backdoors’ in telecom networks it had helped build in mobile phone networks in the US and across the world.
Apart from the US, other countries such as the UK and Australia have also banned both the Chinese companies on “national security” concerns with the same allegations.
Nearly all the countries that have barred the operations of these companies have cited the same law which requires Chinese firms to cooperate with Chinese intelligence agencies no matter where they are located in the world.
Who will do the audit? How will it help?
In its guidelines, the DoT is likely to suggest to the companies that the external audit should be done only by an agency empanelled with Cert-IN. This means that the audit will no longer remain a commercial compliance norm for the company, but will also look into the national security aspects of the telecom network.
Though such internal and external audits are done by companies every three or four years, it will be the first time that the audit will be done by an agency specified by the DoT. The report of the audit is likely to help DoT put in a concrete plan to bar Chinese vendors from the Indian telecom market space if any problems are found.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines