India's first Telecom Security Policy would ensure that overseas enterprises,including online content providers,adhere to the national laws and that these international networks create a protection point in the country so that they could be switched off in times of necessity. The draft note for the Cabinet Committee on Security - framed after incorporating views of the National Security Advisor,Home Minister,Principal Scientific Advisor to the Prime Minister,the PM's Office and others - suggests a "Safe to Connect" policy where all telecom network elements would be put into the network only after these have been certified and authorised by a National Telecom Security Certifying Organisation. "Enterprises would have to adopt a little flexible approach in building their network security policies in such a way that part of the network in the geographical boundary of the country follows the security requirements mandated or derived from this policy," says the policy drafted by the Department of Telecommunications on August 3. For international networks,it suggests that "appropriate protection measures would be required to be taken at the ingress points,including creation of isolation points which can be made operational at the time of need". Telecom networks would be continuously monitored for intrusions,attacks and frauds for which "necessary facilities" would be set up by the telecom service providers and government. A conducive environment would be created which would help the vendors to set up "their remote access in the country". The draft acknowledges the supremacy of an individual over the needs of the law enforcement agencies while emphasising this guiding principle of resorting to a technical solution rather than opting for a hardening of legal and regulatory framework to address the security needs. "There are times when a problem can be tackled either through technical solution or a change in enforcement of law. In modern times,technology races ahead of laws. When we tend to follow laws,it has a dragging effect on the introduction of new technology or services thus having the potential of putting the nation behind." "Hence,both for policy formulation and its implementation,if a technical solution exists for a problem,it should generally get precedence over regulatory framework. This will ensure that regulations attempts to change as quickly as technology," it says. The policy is directed only for individual,enterprise and commerce data transfers leaving out classified government and defence communications. "Last two require a separate policy guideline to deal with security-related issues," it said.
