Telecommunications operators claimed there were delays in network deployment due to the process of identifying reliable sources and products?
We have a one-year one-year exemption, which we grant to telecommunications service providers (TSPs). Without saying that this is a trusted source or product, if there is anything urgently required, we give them a one-time exemption.
We have done everything possible to accommodate requests, especially Vodafone Idea. We have requests from Reliance Jio and Bharti Airtel and we are dealing with them.
Security is even more crucial for 5G networks. Do you anticipate any network delays due to this process?
There will be no delay in 5G since it is still two years away. 5G trials have just started. There is no 5G equipment that everyone puts in the pipeline. Even the 4G core will be used because 5G will use the non-autonomous mode. There won’t be a problem with 4G as there is a one-time exemption for one year that allows telecom operators to conduct a large rollout.
Do you think this process will help keep India’s telecommunications networks secure?
We did something that no other country in the world is doing. Other countries have created a negative list of entities when we say we’re going to go through a proper process, also check the business and the semiconductors inside the products.
So we go to the main company first and then to the product where we see information about the semiconductor being used, because this is where the manipulation can be found.
Indian solutions are unique in this sense. We have banned the apps. We are now looking forward to our cybersecurity strategy.
When do you think the first list of products and sources you can trust will be released?
In the first week of October. We have a meeting scheduled and we will publish the list after that. And, whenever the committee meets, the (trusted) names will be there.
It will therefore be an ongoing process …
Once a company is trustworthy, it is displayed in the portal and after that, if someone else wants to buy the equipment from that company, we do not immediately resume the review process.
But, the first time around, it has to go through a process and it starts after they (the companies) submit the documents. Companies took two to three months to submit documents. Until we have documents, our officers cannot begin their investigations.
Are Huawei and ZTE allowed to subject their equipment to scrutiny?
The process begins for telecom service providers because I can’t tell them what to buy. So operators download the business and the product they want to buy… it could be any business in the world.
So once the TSP tells us that they want to buy the equipment from a certain company, which we call the OEM (Original Equipment Manufacturer), then we ask the OEM to send their corporate data. Then we check whether it is a trusted source or not. It must be a specific business and a specific product that they want to purchase.
OEM by itself can’t download the data, unless we tell them that some TSP has requested your list.
Does the government give every OEM a fair chance? Will Chinese OEMs be treated on an equal footing with others?
We have a committee under the leadership of the deputy NSA called the National Security Committee on Telecom. So I am the designated authority and the order will be issued through me but the decision is made by this committee.
In this committee we have industry representatives, IIT professors, co-secretaries, and it is chaired by the deputy of the NSA. It is the one who makes a decision on the basis of all the inputs that are given through the portal.
What is the role of DoT in the whole process?
DoT is the licensor. They recently changed the main license conditions saying that any equipment connected to the national network will be trusted equipment from a trusted source and the process for this, he said, the designated authority will specify which is the source of trust and the product of trust.
After that, they are also members of this high level committee. And then one of the roles is that they will ensure compliance which is also one of the rules after all of these processes are implemented.
What were the main challenges you encountered in setting up this trust portal process?
We created this process without any background of the work. There are approximately 1,150 companies under the Unified Licensing System, including telecom operators, ISPs, and NLDs, among others. So you can imagine how many people wanted to sign up as a TSP, so that was the first challenge as to how we handle so much information.
Data security is the most important, very sensitive data. And OEMs don’t trust TSPs with their data, they trust the government. We have the primary responsibility to ensure that the data is not disclosed.