THE DEPARTMENT OF Telecommunications (DoT) is set to direct all telecom operators to undertake an ‘information security audit’ of their networks and submit the report by October end.
The objective of the audit, according to sources in the know of the development, is to specifically check for any ‘backdoor’ or ‘trap door’ vulnerabilities in the telecom networks, which can be exploited to extract information and pass on illegally to agencies around the world. A ‘backdoor’ or a ‘trap door’ is a bug installed in the telecom hardware which allows companies to listen in or collect data being shared on the network.
“There have been reports that Chinese vendors have installed back doors and trap doors in telecom networks of other countries where they have worked on 4G and other older technologies. We just want to be doubly sure there are no such gaps in our networks,” an official told The Indian Express.
State-owned telecom companies, BSNL and MTNL, have already been asked to complete such an audit. The two have floated a request for proposal for the audit work.
While almost 30 per cent of Bharti Airtel’s network comprises Chinese telecom equipment, it is as much as 40 per cent for Vodafone Idea. State-run Bharat Sanchar Nigam Limited (BSNL) and Mahanagar Telephone Nigam Limited (MTNL) also have equipment from Chinese vendors, including Huawei and ZTE in their 3G and older networks.
As far as 5G trials in India are concerned, while Telecom Minister Ravi Shankar Prasad had, in December 2019, said all telecom vendors, including Huawei and ZTE, would be allowed to participate, given the increased scrutiny on Chinese investment and technology, it is unclear now if Huawei and ZTE will be allowed to participate.
After a border skirmish at Galwan Valley in Ladakh, in which 20 Indian soldiers were killed, the government moved to bar all Chinese companies from India. As a part of its measures, the DoT had asked state-run telcos BSNL and MTNL not to use Chinese equipment for the roll-out of its 4G network. The DoT had then also hinted it would announce guidelines asking even private telcos to refrain from using Chinese equipment. No such guidelines have, however, been issued till now.
Subsequently, the Ministry of Electronics and Information Technology (MeitY) had banned 59 Chinese apps from operating in India, while other ministries of the government also cancelled tenders which had been awarded to Chinese companies. Later, MeitY also banned operations of the lite versions of the Chinese apps.
Under the fresh audit, the DoT may also ask the telcos to get the checking done only by agencies or auditors empanelled with the Indian computer emergency response team (Cert-IN), the officials said. The report, to be submitted by companies, would also detail the corrective measures suggested during auditing.
In January, the US had released a report alleging that Huawei had inserted ‘backdoors’ in telecom networks it had helped build in mobile phone networks in the US and across the world. Subsequently, on June 30, the US Federal Communications Commission (FCC) had formally designated Huawei and ZTE, their parent and subsidiaries as well as affiliate firms, as “national security threats”.
The same day, Federal Communications Commission Chairperson Ajit Pai had, in a webinar, said that countries must be wary of vendors which could bring “digital pandemic”. “Equipment at heart of 5G networks currently comes from just a few global suppliers, and the largest of course right now is the Chinese company Huawei. This has raised concerns given that Chinese law requires all companies subject to its jurisdiction to comply with request from the country’s intelligence services,” had said.