New Security Requirements in India

India's government will begin asking all foreign vendors of telecommunications equipment to demonstrate that their products do not pose a threat to network security. This story has been developing for several months, following a ban on carrier procurement of equipment from Chinese vendors. Various parts of the Indian government are concerned about the potential for foreign designed and manufactured equipment to contain software that could allow unlawful intercept of communications or even remote controlled network disruption in times of crisis.

At present, India's National Informatics Centre (NIC) is establishing a laboratory at which the security of telecommunications equipment can be verified. That lab is expected to be completed within the next 12 months. Until then, network operators and equipment vendors are being asked to take responsibility for the security of their equipment. Any foreign vendor whose equipment is found to contain malware will face very stiff penalties. They would no longer be permitted to sell equipment in India; equipment already deployed would be seized; and financial penalties may also be imposed. 

The types of equipment affected include mobile switching centres (MSCs), MSC servers, routers, LAN switches, packet data serving nodes (PDSN), media gateways, serving GPRS support nodes (SGSN), soft switches, call servers, firewalls, intrusion detection systems, intrusion prevention systems, session border controllers (SBC), operation support systems (OSS) and provisioning management systems.

We are continuing to follow these developments to understand how they will affect our clients.

Questions? Please contact us.