Local sourcing obligation to apply to private telecom operators too
By: Kalyan Parbat, Economic Times
KOLKATA: Private telecom operators, apart from Government entities, will have to fall in line with the much awaited “preferential market access” or PMA policy, which progressively mandates 100% domestic sourcing of “security sensitive” electronics and telecom products. “Telecom services are sensitive from the security point of view and the PMA obligation must apply to all telecom licencees who must be responsible for compliance in respect of telecom products used in their networks,” says the final draft PMA notification circulated internally by the DoT, post-consultation with the commerce ministry.
The move comes even as International business lobbies, including the US-India Business Council, Information Technology Industry Council, Digital Europe and the Tele-communications Industry Association of US, amongst several others, warned this would represent an unprecedented interference in the procurement of commercial entities and be inconsistent with the country’s obligations to the World Trade Organisation.
A copy of this notification, which was fine-tuned by an expert panel headed by DoT’s technology advisor, was reviewed by ET.
The PMA implementation roadmap will be discussed at a DoT meeting on June 5, which will also be attended by senior home and commerce ministry officials and representatives of the Department of Electronics & IT.
The draft PMA notification also offers detailed reasons for 14 categories of telecom products, including 2G/3G base stations, ordinary SIM cards, access routers, DWDM-based network transmission gear, GPON devices, microwave radio systems, network management systems, billing software to 4G broadband network and Wi-Fi wireless systems have been classified “security sensitive and prone to hacking,” and, accordingly, to be purchased from Indian-owned telecom gear vendors.
DoT claims imported “SIM cards are security sensitive as it has internal feedback of handset-based attacks that exploit device weakness”.
Systems used in 3G and 2G networks like media gateways or servers are software-intensive and can be subject to tampering for eavesdropping, remote monitoring and malicious control, said the notification.
The telecom department also claims that since “3G networks are data-centric, they are more vulnerable to known security weaknesses in IP protocols,” adding that “various attacks have been reported that exploit vulnerabilities in GPRS transport protocols and 3G security issues”.
The DoT warns “rogue BTS (base stations) systems can hijack 2G/2.5G/3G mobile connections by exploiting the absence of mutual authentication protocols. This basically means, “base stations can be controlled remotely to tap calls or even fake mobile signals, said the ex-CTO of a leading telecom networks vendor, who did not wish to be named.
Security threats posed by 2G network gear vendors, include exploitation for snooping on voice calls or tracking data communications by suppliers with malicious intent. What’s more, DoT wants PMA rules to also apply to procurement of wireless PABXs, claiming “such IP-based systems are increasingly susceptible to hacking and unauthorised call forwarding.”
The home ministry, in a recent note, has asserted that India’s security-related concerns are in sync with WTO agreements, “which are based on the premise that it is the legitimate role of member states and governments to take action that the member country alone in its sole dis-cretion considers necessary for protection of it essential security interests”.
The ministry also claimed it is perfectly “legitimate to include security-related conditions in tender specifications”.
“Provisions may be invoked on grounds of national security to place em-bargo on products originating from certain countries and the manner of placing such embargo may be determined in consultation with the com-merce ministry,” said the home ministry note, a copy of which was reviewed by ET.