Thursday, February 2, 2012

New National Telecom Network Security Policy Of India

Recently a body named National Telecom Network Security Coordination Board (NTNSCB) of India has been proposed to be constituted by Indian government. The aim of establishment of NTNSCB is to ensure cyber security and telecom network security in India in a centralised manner.

The establishment of proposed NTNSCB would require formulation of telecom security policy in India and telecom equipments security framework in India at the first instance. There is no local or indigenous mechanism in India through which telecom hardware and software can be analysed for backdoors and malware.

However, Indian government has declared in the past that telecom equipments must be certified by TEC before use in India. A proposal to store call data records has also been given. The norms for import of telecom equipments in India would also be formulated very soon. Similarly, a telecom security policy of India may also be drafted.

Now as per recent media reports, telecom operators, equipment vendors, enterprise communication network users will all be made responsible for securing telecom networks under a new telecom network security policy of India. It has been reported that the policy would be drafted by the Department of Telecom (DoT) and it also intends to make network robust so that they can deal with disasters and crisis situations.

Under the proposed telecom network security policy, all telecom network equipments will have to get a “safe to connect certification” before they can be used in India. The certification will have to be done through a testing laboratory. Periodic test of the telecom networks will be carried out to ensure that no threat has crept into the network.

The proposed telecom network security also wants corporates using global enterprise communication networks to ensure that the network within the country complies with the security requirements. It is possible that network of these enterprises are subjected to laws of different countries, which may not be the same. Therefore, enterprises would have to adopt a little flexible approach in building their network security policies in such a way that part of the network in the geographical boundary of the country follows the security requirements mandated by this policy.

The policy also suggests setting up a centralised institution to address network and cyber security issues. Presently, the central monitoring system (CMS) project of India is one such centralised mechanism that DoT is planning to launch. A national cyber security policy of India may strengthen this initiative of DoT.