The department of telecommunications’s (DoT) push to create a parallel framework for mandatory testing of telecom equipment and mobile phones for the proposed new communication security certification (Comsec) has raised the hackles of the telecom industry.
In a strongly worded communication to the secretary of the DoT, the Cellular Operators Association of India (COAI) has pointed out that multiple testings of specified telecom equipment and mobile devices will lead to overlaps in testing, increase costs for OEMs (original equipment manufacturers), which could run into crores, and negatively impact the ease of doing business.
Currently, telecom equipment and mobile devices have to get certifications from the Wireless Planning and Coordination (WPC) wing of the DoT, and then get the mandatory testing and certification of telecom equipment from the DoT’s Telecommunication Engineering Centre (TEC) wing. With Comsec, another layer of certification has been added to the process, and this one is to be certified by the National Centre for Communication Security (NCCS), which is yet another wing of the DoT. For mobile devices, there is the fourth step – clearance from the Bureau of Indian Standards.
In 2018, the DoT had mandated the testing and certification of telecom equipment, including testing for safety, technical parameters and security, which would be undertaken by the TEC. Discussions were on with stakeholders to put in a framework which would include third-party laboratories appointed by the government.
Mobile device players say that the new Comsec certification will delay launches of new mobile phones, as the security clearances would require time and the new models would become irrelevant (as their shelf life is limited) by then. The guidelines envisage that the time taken from registration to certification would be 16 weeks. Also, even if mobile devices are running on the same OS architecture, but have added features, they will need to go for a separate certification.
The COAI has suggested that instead of multiple labs and agencies, there should be a single-window scheme for testing and certification, including for security, and that there should be one registration, testing and certification fee.
In its letter to the DoT, the COAI has also pointed to the lack of DoT-mandated testing labs in the country — at present there is only one lab for security testing. It has pointed out, moreover, that sending the equipment for multiple testing schemes results in shipping the same product from one lab to another, leading to an increase in costs for the OEMs.
The OEMs undertake at least three to four software upgrades in a year and these are internally tested to comply with international security benchmarks. Under the new rules, while DoT will give the upgrades temporary security certificates, they will have to get a permanent certificate in a year.
The COAI says that as software is released globally, testing for country-specific security requirements will mean huge costs, additional time and effort, and will culminate in delaying the release of the software. Also, it will be next to impossible to carry out country-specific security testing each time a software is updated, since multiple updates take place in a year.
The article is authored by Surajeet Das Gupta, Business Standard