Faced with the possible threat of built-in vulnerabilities in telecom hardware imported from China,the government has decided,in principle,to set up a regulator to provide security certification at different stages for equipment brought to India by both the public and private sectors. This decision has the concurrence of the Prime Ministers Office,Home Ministry and Telecom Ministry. Government sources told The Sunday Express that Prof N Balakrishnan,head of Aerospace Engineering,Supercomputer Education and Research Centre and Information Security Expert at the Indian Institute of Science,Bangalore,was asked by the Centre last week to prepare the framework for the proposed security regulator within 30 days. Balakrishnan has been asked to seek assistance and consultancy,if needed,from British Telecom which has the capability to certify Chinese telecom hardware from the security point of view before it is exported. British Telecom developed the telecom security certification capability after intelligence chiefs raised security concerns in 2008 with the British government over the import of telecom equipment from Huawei due to its perceived linkages with the PLA and the possibility of a crippling attack in future through embedded software in the imported machinery. It is learnt that till such time India develops in-house expertise,New Delhi may seek the help of British Telecom to give security certification to the telecom equipment before it is imported from China. The security establishment may even consult it for helping India in doing periodic checks on Chinese equipment to rule out the possibility of any malware or code being injected during repair and maintenance of hardware. Balakrishnan.has been tasked to come up with the framework for the security regulator which will be set up after Parliament nod. Sources said there is an urgent need for a security regulator empowered to do periodic security checks even after basic certification on imported telecom or even power hardware,as India imports some $10 billion telecom equipment from Huawei and ZTE. Chinese Ambassador Zhang Yan told the Home Ministry this week that Chinese telecom firms were willing to give written guarantees to Delhi stating that their equipment was secure and did not have any embedded malware. But the government does not want to take chances. Zhang conveyed that India could impose stringent penalties on Chinese firms if there was any malafide on their part. Neither he nor the telecom company representatives,who met Home Ministry officials,make any commitment about manufacturers sharing the source code with India.
