On December 16, the Cabinet Committee on Security headed by Prime Minister Narendra Modi gave its approval for a National Security Directive on the Telecommunication Sector (NSDTS) that will impact the digital and telecom ecosystem in the country. The NSDTS is aimed at preserving the integrity of the supply chain under which the government will declare a list of trusted sources and trusted products for installation in the country’s telecom networks. There will also be a list of designated sources from where no procurement is to be made. The methodology to designate trusted products will be devised by the designated authority, the National Cyber Security Coordinator of India, and the list of the trusted source and product decided on the basis of approval by a committee headed by the Deputy National Security Adviser and having representation from the relevant ministries, industry bodies and independent experts. The directive will apply to new deployment and does not compel the telecom providers to mandatorily replace the existing equipment or alter the annual maintenance contracts.
The NSDTS will be a step ahead of the Preferential Market Access (PMA) policy that was approved by the UPA cabinet in February 2012 and meant to support the domestic manufacturers and give preference to the domestically manufactured telecom and electronic products.
In November 2015, the NDA government notified the guidelines for the implementation of the PMA policy but those guidelines weren’t exclusively based on security yardsticks and hadn’t indicated about notifying a sanitised list of products, sources or even a blacklist. However, with the fast changing realisation around criticality of telecom networks and vulnerability to backdoor bugs and state and non-state hacking syndicates, the government’s move is prudent.
While the whole move around NSDTS is country agnostic and is purportedly meant to tone up the security of digital networks in the country, the reference to China is definitely doing the rounds. This is primarily due to two reasons. First, the Indian government’s stern approach in banning more than Chinese owned 200 mobile apps in three phases following the Ladakh incursions and subsequent border tensions. The Chinese establishment were taken by surprise at India’s digital belligerence. At the same time, citizens across the country, particularly the younger generation hooked on to popular apps like Tiktok and WeChat, took it in their stride and didn’t protest the government’s move. Second, the concerns and the resulting strategy of many nations to keep away Chinese telecom companies from participating in the 5G network rollouts. With the US, UK and Australia already banning Huawei in their national 5G implementation due to the company’s closeness to the People’s Liberation Army of China and the resulting backdoor risks, the perception is that India would also take the same route.
Irrespective of its timing and the motive of the government, the decision to have a sanitised list of products and providers is optimal in many ways. While the government has given a policy boost to domestic electronic manufacturing in the country in the context of Digital India policy and has given the clarion call on Aatmanirbhar Bharat strategy towards motivating many businesses in the mobile manufacturing ecosystem, the domestic manufacturing of telecom products will take a further qualitative push if the focus in now on manufacturing switches, routers and other networking equipment. The local manufacturing industry has shown its support to the government move, but much will depend on the quality of the products they manufacture and the overall tier-based cluster growth of the ecosystem. Such motivated steps will not only ensure an optimal realisation of the NSDTS policy but also ensure that the Indian manufactured telecom products get into the global supply chain of the system integrators. Many countries have adopted a policy to avoid China-manufactured products. It provides an opportunity for the Indian telecom industry to realise its potential as a manufacturing hub.
Cyber security continues to be a major threat and securing critical infrastructure remains a key challenge for most nations. Securing the hardware that goes into the infrastructure along with the codes and network connectors is part of this challenge. The NSDTC is meant to provide guidance in securing the telecom sector.
Bhattacharjee is a member of the editorial board of the cyber journal of Chatham House