Introduction
Due to the security risk involved, the Indian government made testing and certification of software and hardware of all foreign telecom companies mandatory. Therefore, the Department of Telecommunications (“DOT”) proposed for guidelines for Mandatory Testing of Telecom & IT Equipment before induction into the Indian telecom network. This proposed set of guidelines advocate creating a conducive environment for law enforcement agencies and allowing them to access real-time information of exchange of messages, data and calls made by users as well track their location “in the case of need.”
Lack of proper testing facility was also identified as one of the issues that have impeded the National Telecom Policy of 2011. In this bulletin, we shall discuss the regulatory landscape of testing requirements for telecom equipments and analyze the need for new guidelines for testing facilities.
1.0 Current landscape of regulations
All equipments manufactured or traded or used in India are required to meet the relevant International Telecommunication Union or Telecommunication Engineering Centre (“TEC”) standards. Approval of TEC is required before connecting equipments to a particular network. Manufacturers are issued an Interface Approval or Type Approval upon satisfaction of the requirements or the performance dimensions on the basis of the applicable Generic Requirements1 laid down by the TEC. TEC currently carries out Interface Approval testing and Type Approval of telecom equipments. However, this testing is presently not mandatory for service providers.
The application or deployment of any telecom equipment in a real telecom network environment is provided in the Planning Guidelines. The engineering of networks using such equipment or a class of equipments is contained in the Engineering Guidelines. Any Indian manufacturer, authorized trader/dealer of a foreign manufactured equipment licensed service operator or local office of a foreign telecom equipment manufacturer or branch office of a foreign manufactured product is eligible to seek approval of TEC for equipments provided in the list of Generic Requirements.
Please note that Type Approval is only a certificate of compliance with the Generic Requirements and does not convey any commitment of actual procurement or deployment of the equipment. Vendors who offer such equipments are issued Type Approval after testing of the equipment is done by the specialized core group of TEC in association with the regional TEC on the representative equipment to determine compliance with the requirements of the Generic Requirements.
The issue lies with the testing requirement of the equipments. As the testing is not mandatory, the quality of equipments is also questionable. It is crucial that a certain quality standard is maintained and for that government testified labs can be the best resort. Proposed plan once implemented would require all the telecom equipments used in Indian telecom network to not only conform to the international requirements or that prescribed by the TEC, it would ensure that each product is tested for its capacity before being used.
2.0 Proposed changes
DOT feels that to ensure proper working of telecom network in the country and to ensure user safety, testing of telecom equipment has to be mandatory prior to sale in the country. Accordingly, a Committee was constituted by DOT to develop necessary procedures for the implementation of mandatory testing of telecom equipment. This Committee has since submitted its report. The report includes detailed procedure for implementation of mandatory testing.
As the implementation of mandatory testing of telecom equipment calls for setting up of testing laboratories, including security labs, accreditation of Conformance Assessment Bodies (CABs), and due notification of products to be made mandatory for testing, DOT is working on all the aspects of mandatory testing mentioned above and an ecosystem for this purpose is being created that will ensure safety of users, safety of telecom networks, and ease of testing and certification of products.
In addition, the central government has recently approved “Center for Telecom testing and Security Certification”, which was earlier a pilot project at IISc Bangalore, to be scaled up to a full-fledged center in due course of time. The proposed centre would formulate standards and policies as well as provide facilities for testing, validation and security certification for various network elements in order to render the networks secure and less vulnerable from internal and external threats. The center would also involve creation of test bed facilities and capacity building for networks’ security so that each network element is tested and validated before integration with the networks.
IT testing labs
The Indian government is all set to establish 15 new laboratories for testing IT (both hardware and software) products under the PPP model having national and international accreditation and recognitions in the area of testing and calibration. With 15 new laboratories, the total number of such laboratories will rise to 20 as there are already five such laboratories in Delhi, Mumbai, Kolkata, Bangalore and Noida. These laboratories fall within the aegis of the Department of Electronics and Information Technology. It will allow the IT companies to test their products in the laboratories before marketing them in India. The products will have to be registered in accordance with the safety standards for such products prescribed by the government. These laboratories would be part of Standardization Testing and Quality Certification and their services would include testing, calibration, IT and e-Governance, training and certification to public and private organizations. As proposed, the testing laboratories will work in a similar way the Automotive Research Association of India works in Pune, which provides certification to all cars.
Conclusion
This system will promote innovation and supply of only tested and qualified equipments in the Indian market. Further, it would ensure that quality and tested products are used in the Indian telecom network. Presently, around 80-90% of telecom equipments are imported and it raises security concerns of any possible spyware and malware attacks. As the nature information that the companies would share with the testing laboratories would be confidential, all vendors normally would insist that testing laboratories should sign “Non- Disclosure-Agreement” prohibiting labs to make their study report public in a manner prejudicial to business interests of vendor, without explicit prior consent of vendor. The government is also considering including legal provisions to enable law enforcement agencies to seek real-time information of telecommunication exchanges.
Authored by: Neeraj Dubey
1 GR of telecom product/components technically refers to the fundamental qualitative and operational requirements, applicable standards, applicable interface requirements, and requirements regarding the performance, facilities etc. of service providers.