India’s highest cyber security office finalizes trusted gear vendor list

The National Cyber ​​Security Coordinator (NCSC) set the criteria for identifying trustworthy sources and products and conveyed the process of providing information to telecommunications companies and other stakeholders in a meeting where all telecommunications companies and overseas equipment providers – with the exception of Huawei in China – participate and ZTE.

“As part of the process, providers must provide telecommunications companies with information that informs the Notified Authority (NCSC) of the equipment and procurement. The agency then informs telecommunications companies whether they can procure the equipment based on whether the provider is trusted, “a multinational operator who attended the meeting told ET.

NCSC, India’s highest cybersecurity bureau, shared with stakeholders the list of products and the submission of the data they need. However, the agency did not disclose the basis of criteria used to determine whether a source or product is trusted and assured companies that all information provided will be kept strictly confidential.

“They discussed how the agency will use the information to determine the trustworthiness of a vendor according to the process. And what challenges and delays could arise if this goes into effect? “Said a senior executive at a multinational, asking not to be named.

Another executive said many problems could arise once the portal where the information needs to be provided goes online. “there will be many things that cannot be visualized today … we will get to know the real action and its implications once it comes into effect,” the executive said.

Some vendors also raised concerns about the amount of information they were looking for, saying that due to the strict deadlines, they cannot provide as much information.

While the procurement rules will go into effect on June 16, the NCSC will launch the beta portal on April 15 and notify the equipment categories to which the Trusted Sources Security Code applies.

The Department of Telecommunications (DoT) recently changed its telecommunications permits, making it mandatory from June 15 to only use network equipment from “trusted sources”. This is generally intended to help keep Chinese actors away from key elements of a telecommunications network for national security reasons.

The details were discussed at a virtual meeting convened by the NCSC and attended by telecommunications companies, chipmakers, domestic and multinational providers. Huawei and ZTE were not invited to the meeting. In addition to the telecommunications operators, the companies represented at the meeting also included Ericsson, Nokia, Cisco, Samsung, Qualcomm, Ciena, Intel, AMD, Tejas, Nivetti-Systeme, C-DoT and VNL.

The NCSC gave a presentation to everyone involved and shared the flow of the procurement rules and process.

“They (NCSC) asked for a lot of details and asked everyone for feedback if they have a problem. Then they can bring it up and the agency can make changes before the portal goes online,” said another executive.

Telecommunications companies have urged the government to clarify their stance on whether Chinese providers can participate in 5G tests and rollouts in India, saying they need to make informed decisions before investing top dollars.

Airtel and Vodafone Idea have contracts with the Chinese suppliers Huawei and ZTE as well as Nokia and Ericsson, while Samsung is Jios supplier in South Korea. Daily Online Security