The government provided login credentials to Chinese network equipment companies Huawei and ZTE to access the trusted telecommunications product portal, sources said. Access to the portal means Chinese companies can submit details of their products and services to the government in case an operator shows interest in purchasing equipment from them. Once the products are certified as reliable, operators can purchase the equipment.
The government launched on June 15 an authorization portal for trusted products that telecom operators can install in their networks as part of the national security directive on the telecommunications sector. Telecom operators must access the portal and indicate which telecom products they wish to purchase and from which supplier. Once the government obtains the tentative list, the respective suppliers will be contacted to submit product details on the portal.
Previous login information was not provided to Chinese vendors due to security concerns, but officials now believe the portal is very secure and the risk of hacking is negligible. In addition, since the mobile operators refuse to provide information on behalf of Chinese companies, the government has decided to provide login information to these companies.
Once the details of the products and services are submitted on the portal, the Secretariat of the National Security Council (NSCS) will decide whether the products can be qualified as “trusted” or not. However, operators can also apply for a waiver from the government, in case they want to use the products of Chinese companies.
But having access to a trusted telecommunications product portal doesn’t mean the government will be lenient on Huawei and ZTE. In fact, extra care will be taken if a trader expresses interest in buying from them. “If a product from these companies is blacklisted, operators will not be able to buy it, even if they request a waiver,” said a source familiar with the details.
As part of the Safety Directive, all details regarding the supply chain of the components must be provided and additional due diligence will be carried out in the event of a link with China, either for the components or the personnel.
When submitting details, operators should provide information related to the vendors they source from as well as details of network deployment, expansion and upgrades whenever such things take place. Telecommunications providers will also be required to submit full details about their company, directors, activities and shareholders, etc., to the NSCS.
Apart from this, carriers and telecom providers must also provide a certificate that the equipment does not contain any malware / backdoor and is free from all known vulnerabilities.