India’s Department of Telecom has asked telecom operators to play a role in ensuring the security of telecom networks in the country.
The DoT, in a recent draft of security policy, says operators will be asked to put robust access systems in place according to government guidelines. This would mean that the operators will have to be careful while dealing with telecom equipment manufacturers.
Some of the guidelines stated in the draft policy include:
–The policy stresses on the need to “build in” security features into the systems, services, technologies, equipments, devices and software, rather than being an add-on feature.
–A “Safe to Connect” policy will be enacted, in which all the core telecom network elements will be put into the network only after it has been certified to safe to connect to the network by a Standard Testing Organization.
–There will be round-the-clock monitoring of the telecom network for intrusions, attacks and frauds for analysis and mitigation. Necessary facilities will be set up by the telecom service providers and government wherever necessary.
–A periodic test of the telecom network will be carried out to ensure that no threat or vulnerability has crept into the network.
–Network hardening will be carried out by the telecom network operators, as prescribed either by the independent body looking after the network security or by the government.
–Products including both hardware and software will be sourced from trusted sources. A policy of safe software will be followed.
–A conducive environment will be created that will help the vendors in setting up their remote access in the country.
The draft security policy also includes points to be considered during crisis situations, both natural and man-made.
“The draft security policy stipulates that in times of pressing exigencies, actions such as resource pooling, sharing, transferring and takeover will be considered as ‘legitimate’ tools to achieve the desired communication during distress,” it says.
A Disaster Communication Plan will also be prepared in consultation with the National Disaster Management Authority and private- and public-sector telecom service providers.