Agreement between service providers, vendors on mobile sets
For ensuring secure mobile phone equipment in the country, Government has recently issued a template of agreement between service providers and vendors to address security concerns, the Rajya Sabha was informed on Thursday.
New Delhi: For ensuring secure mobile phone
equipment in the country, Government has recently issued a
template of agreement between service providers and vendors to
address security concerns, the Rajya Sabha was informed on Thursday.
Minister of State for Telecom Sachin Pilot said after
consultations with the Home Ministry, the government last
month prepared a template of agreement between telecom service
providers and vendors of equipment to address concerns in
procurement of sets from foreign vendors.
He said during Question Hour that there were concerns of a
possibility of an embedded software in imported mobile phone
equipment, which could violate internal security, and
therefore this template was prepared.
"I don`t see any problem in seeking cooperation with
vendors and service providers on this matter as national
safety is involved," Pilot said, adding that quite a few
operators have signed it with vendors, including those from
China, as it is compulsory and across the board.
He said government had issued notice in this regard to all
companies importing mobile equipment from all countries,
Pilot said that under the template, all vendors would have
to undergo third party audit of their operations from
international third party certifiers.
The minister was replying to supplementaries on whether
Chinese vendors have also agreed to undergo third party audit
of their operations.
To another query, Pilot said BSNL has also been allowed to
import such equipment from any country including China.
"We are open to all countries. We have no prejudices and
we only want secure equipment for the country," he said.
The third party audit of networks of foreign vendors
includes network forensics - for identifying existing unwanted
malwares (malicious software) - on all networks.
The audit also involves network hardening - for mapping
all network elements and network penetration test - for
assuring system durability against any kind of attack.
The audit also consists of risk assessment for
understanding what actions should be taken to minimise future
damage to a carrier and what risks are inevitable.