NTRO to map telecom, power networks for identifying vulnerable points
The government has mooted a proposal for a mandatory 30 per cent offset clause in equipment orders for building the country’s fibre optic communication networks, considered crucial for security.
It means a foreign company which get a contract will have to procure 30 per cent of the order’s value from domestic suppliers, on the lines of what is currently undertaken in military contracts (where it is 50 per cent). This was mooted in a meeting a few days earlier of the National Information Board on Cyber Security.
It has representatives from the National Security Advisor’s office, the Planning Commission, the various wings of the defence forces, ministry of defence, department of telecommunications (***), cabinet secretariat and the National Technical Research Organisation (NTRO), among others.
The board has suggested there also needs to be an alternative tendering process to bar “rogue vendors” from underbidding and getting into critical national networks.
The came after at least one company made a presentation on a Chinese company bidding a very low price in the northern region for procurement of fibre optic networking equipment, it also being the highest bidder for supply of the same equipment in east India. The tender was floated by Power Grid Corporation.
It has also been suggested that all telecom providers be asked to make an inventory of all equipment imported for various networks and assess their vulnerability.
It was also decided that the protection of telecom and power networks, including mapping of all critical information infrastructure, would be undertaken by the NTRO, assisted by the Computer Emergency Response Team.
A core committee has been formed to examine the issues of indigenisation, research and development, competency building, involvement of Indian industry, creation of certificates and sanitisation of laboratories, plus related subjects.
Last year, Indian telecom service providers were not able to import equipment from outside due to security conditions imposed by the ***.
It had asked all vendors to give the source code. Some of the European vendors didn’t see why they should do so. *** is now working on some changes in the guidelines.
The board discussions noted that on cyber security, there are inherent risks in commercial transactions based on open tendering and security vetting of all expressions of interest should be mandatory.
Further, existing networks should be mapped and an assessment made of points which could be vulnerable to insertion of malicious software.
Offset clause mooted for fibre optic network equipment