Further tightening its grip over telecom equipment vendors and service providers in view of national security concerns, the Department of Telecommunications on Wednesday amended telecom licence agreements asking equipment suppliers to share all codes and design details, besides making provision of hefty penalties against defaulters. In a communication to all telecom licence holders, including state-owned BSNL and MTNL, DoT said equipment suppliers would have to share all codes and design details.
"The licensor (DoT) shall have the power to allow inspection, analysis and use by the competent experts designated by the government, the hardware and software designs/codes deposited in the escrow accounts to prevent/detect any security hazards, malware and traps at any time or for any criminal investigation purpose," it said.
Stating that all changes and amendments in the licence agreement will become applicable with immediate affect, DoT further said in case of any security breach after deployment of equipment, licensee would have to pay Rs.50 crore penalty, while another penalty of 100 per cent of the contract value would be levied by telecom equipment suppliers.
DoT also said that the information like source code (password) and design details would be kept in the escrow account in the encrypted form and would be used only in case of security emergency. The fresh amendment comes in the wake of concerns being raised by the Indian security agencies regarding the core telecom equipment imported from China. However, the penalty clause regarding equipment would be applicable to all suppliers, whether Chinese or of any other nationality.
Amended licence agreements also said operators would have to engage services of international accredited network audit and certification agencies in consultation with licensor (DoT) to perform network auditing and their testing.
The third party audit and certification initially limits to core equipment such as routers, switches and firewall, and the software associated with all the telecom operations and services.
No comments:
Post a Comment