December 31, 2018:
India’s import of parts of mobile phones as well as telecom equipment from China increased from $1.3 billion in 2014 to $9.4 billion in 2017.
India’s invitation to Chinese telecom giant Huawei Technologies—a company banned in the US, which has termed it a cybersecurity threat, & from building 5G networks in Australia & New Zealand—to participate in 5G trials has aroused some concern in security & technology establishments.
The move comes eight years after India’s home ministry raised concerns that imported telecom equipment could contain “back doors” & spyware that would allow foreign governments to snoop on Indians, intercept calls or remotely control networks, posing a security threat. Huawei was banned for eight months.
Little has changed over the past decade. India still doesn’t have sufficient safeguards in the telecom sector, which forms the backbone of the digital economy, top security & technology officials said on condition of anonymity. The only thing that has changed is the technology standard — back then, the fear was of Chinese 3G equipment fitted with spyware; now it is Chinese 5G equipment.
The security threat is inevitable: it is a feature of the current capitalist economy that operates through global supply chains & in which the components of a finished product are not manufactured in one location.
If a company decides to insert backdoor into hardware products—which is the concern being flagged over the invitation to Huawei to take part in 5G trials—it is difficult to protect one’s telecom security.
Experts point out two ways that governments can adopt to guard against the perceived security threat. One, set up auditing infrastructure to test & identify vulnerabilities in the telecom equipment before deploying it in the country. Two, develop the capacity to manufacture critical hardware components within the country.
India has not made progress on either front, officials say, & the security threat is not limited to Chinese companies but applies to imported telecom equipment in general.
“The department of telecom & the department of IT (information technology) have failed in setting up credible & reliable security-testing infrastructure which has inspired confidence in foreign vendors in sending equipment to India. The policy exists on paper but has not been implemented,” a top official in the security establishment with direct knowledge of the matter said.
The telecom department promised to set up security testing labs by 2013 in order to test for bugs in network equipment, the official added, but they are still not in place.
And India still imports 90% of its telecom equipment needs. India’s import of parts of mobile phones as well as telecom equipment from China increased from $1.3 billion in 2014 to $9.4 billion in 2017, according to a recent study by the ministry of commerce & industry.
Why Huawei is controversial?
Huawei is the world’s largest manufacturer of core telecom equipment. Western intelligence agencies have for long feared that Huawei installs backdoors in its telecom hardware. The recent arrest of Meng Wanzhou, Huawei’s chief financial officer (and daughter of the company’s founder) in Canada on behalf of the US for allegedly violating sanctions against Iran, raised tension between the US & China. She was eventually released.
Huawei says that the fears of secret interception by the Chinese government are unfounded as the company is privately run & is “100% employee-owned”. On 18th December, to further alleviate global security concerns, Huawei announced that it will invest $2 billion over the next 5 years on cybersecurity.
“So many years, so many telecom operators, so many countries—someone should have already found the back doors in our products,” Huawei India CEO Jay Chen said in an interview.
Chen said security issues over Huawei equipment have been raised by the US & its allies — the so-called Five Eyes — Australia, Canada, New Zealand, the United Kingdom & the United States. The current debate, he argues, is because of Huawei’s dominance in 5G, a technology in which it is “ahead of all Western companies”.
“Huawei’s operations in Germany, France & Japan is business as usual,” he said. “The ongoing controversy is only about politics. Not about technology, not about security, not about the commercial aspects. Just politics,” Chen said.
To build trust & infuse confidence among stakeholders over the last eight years, Huawei India’s Chief Security officer Debabrata Nayak said they had complied with “each & every regulation as part of the telecom security policy issued by the Indian government” & “till date, not a single incident has been found where we have been caught in the wrong.”
“The good thing is that this time, in India, the industry is much more mature. Because of our transparency, our security controls, & the efforts that we have put in, the Indian industry has the confidence in our company,” Chen said.
The security official cited above said India needs to be prepared for the security challenge irrespective of the source of telecom equipment. The American ban on the Chinese companies should be looked at in the larger context of the ongoing trade war between the world’s two biggest economies, the official said.
“From India’s perspective, the threat is not limited to Huawei or other Chinese companies. Issues have been discovered even with Cisco equipment as well,” the official added. “Installing backdoors & vulnerabilities in hardware equipment is an established practice by all countries. These backdoors act as silent & vigilant sleeper cells.”
India is neither capable of participating in building such equipment nor is it capable of testing what’s coming into the country, the official added.
India’s telecom service providers & local equipment manufacturers have diverging views on the issue.
Last week, the Telecom Equipment & Services Export Promotion Council (TEPC), a government-promoted telecom equipment manufacturers’ group, requested national security advisor Ajit Doval to ban Huawei & other Chinese companies in the interest of national security.
In response, the Cellular Operators Association of India (COAI), which represents telecom service providers, , defended Huawei & requested the government to not take any “arbitrary” action. “We acknowledge & appreciate Huawei being one of the major companies at the forefront of 5G innovation. They are suitably equipped to prepare operators & industry to build 5G capabilities in operations, in organization, & most importantly, in the ecosystem, that they are fully compliant with all government requirements,” Rajan S Mathews, the director general at COAI, said in a statement.
Critics argue that Indian telcos support Chinese manufacturers as they provide cheaper equipment & other incentives & a ban will raise their costs.
“Overarching security of the network & cybersecurity is not possible unless we improve our technical prowess & manufacturing capability in this country which is only possible through the concerted effort of all agencies & we removing all bureaucratic strongholds in the Indian industry. Our thinking is not far-fetched,” Ram Narain, who had charge of telecom security at the Department of Telecom (DoT) from 2007 to 2014, said in an interview. DoT functions under the ministry of communications.
Why is India lagging?
“In 2007-08, there was hardly any awareness about the criticality of the telecom equipment,” Narain said.
“We did not want a blanket ban right from the beginning. If you ban imports without creating adequate indigenous capacity, it will introduce a supply constraint,” he explained. “The challenge confronting us was how to take care of security while not disrupting the supply.” The Indian government then devised plans for auditing telecom equipment & boosting indigenous manufacturing.
In May 2011, India issued comprehensive guidelines for telecom security. It was mandated that only those elements shall be inducted into India’s telecom network that have been tested according to Indian or International security standards.
“It was planned that until India gets an in-house testing infrastructure in place, we will rely on testing reports from other countries. But eventually, it is crucial that we test within India,” Narain said. International testing was just an interim solution.
But seven years later after the guidelines were formulated, India still doesn’t have adequate testing equipment in place. “DoT has failed in addressing emerging issues, known since 2011,” the security official quoted earlier said on the condition anonymity. “They promised to install infrastructure in 2013 but they kept on extending the dates.”
In December 2012, the then minister of communication & information technology Milind Deora told Parliament that “from 1st April 2013 the certification [of telecom equipment] shall be got done only from authorized & certified agencies/labs in India.”
In December 2015, the ministry said that the date was set to April 2016. Most recently, in September, the government again extended the deadline from October 2018 to April 2019.
On November 15, the government inaugurated the “Security Standards Facility of the National Centre for Communications Security, Department of Telecommunication” located in Bengaluru.
This Centre will facilitate “security testing & certification of equipment, security audits, threat intelligence & reporting of security incidents.”