The department of telecom said that the information like "source code" and "design details" would be kept in the escrow account in encrypted form and would be used only in case of security emergency.
The government on Wednesday issued fresh security-related norms for telecom service providers. The new norms suggest that the government wants to know the specific location of every mobile phone subscriber, even if the subscriber is on the move. Telcos have to provide location details of their mobile customers in the licensed service area with a precision of up to 50 metres.
According to the new rulebook, necessary technical upgrades in existing equipment must be made to meet location-based service within one year of the amendment. The licensee, or the telecom service provider, will have a well-outlined organisational policy on network security. Every telco must submit organisational policy on security to the government within a month. Network forensics, network hardening, network penetration test, etc, will be done by international agencies in consultation with the government.
In case a security breach is detected after installation of the equipment, a penalty of Rs50 crore for each purchase order will be imposed on the licencee.
In addition, a penalty of 100% of the contract value will be levied on the licencee in case of violation of norms.
Licencees in the telecom sector are service providers, such as Bharti, Vodafone, Reliance Communications, Idea, Tata Teleservices, Bharat Sanchar Nigam Ltd and Mahanagar Telephone Nigam Ltd.
Besides the financial penalty, the equipment in question will be taken out of service. Also, the licensor (department of telecommunications, or DoT) may blacklist the vendor from making any supply deals with Indian operators.
The licensees have also been told to work towards a phased plan to take over the maintenance of the equipment locally. Dependence on foreign engineers shall be minimal within a period of two years from the date of the amendment, according to the guidelines.
The vendor, or supplier of equipment, must allow telcos and the government or its designated agencies to inspect the hardware, software, design, development, manufacturing facility, etc at the time of installation and at least once a year.
The service providers will also have to spend towards creating a test laboratory and a test bed in their premises to monitor intrusions and frauds.
The DoT decision follows concerns raised by security agencies on foreign telecom equipment used by service providers. The fear among the security agencies has been that foreign equipment (mainly Chinese) used by telcos could contain spyware or malware that may result in the interception of sensitive data and conversation.
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}