Just a day after Huawei Technologies, China’s most recognizable company in India, aided Idea Cellular with its first commercial MNP (mobile number portability) solution, the Indian Institute of Science (IISc) signed a deal with Huawei for a project to develop a safety certification regime for all imported telecom equipment. The testing lab which will be housed at IISc, Bangalore will be used to test imported telecom gear for spyware and malware. It is being modelled after the China Information Technology Certification Centre that operates and maintains manufacturing plants and logistics centres.
While the deal has raised alarm bells, with people blaming New Delhi for appointing Huawei, the MOU signed between IISc and Huawei states “In order for IISc to perform certain studies in respect of telecom equipments, IISc shall be requiring detailed understanding about various features, standards and related documentation. Huawei…agrees to share some information, knowledge, software, hardware and equipments with IISc for its studies”. India was compelled to take the help of the Chinese company because no Indian firm makes telecom gear and no other foreign company was willing to assist because of worries about intellectual property rights. Huawei is the world’s second largest telecom equipment manufacturer after Ericsson, with 2010 revenues of US$28 billion (Rs 1.27 lakh crore).
The deal however is not exclusive to Huawei and will be applicable to all mobile handset suppliers. “It is a non-disclosure agreement which is being negotiated with equipment suppliers. Under the agreement the manufacturers will have to pledge resources and give us data on the security of the equipment,” associate director of IISc, N Balakrishnan who is heading the country’s telecom security research initiative, told the Indian Express.
The basic premise of the agreement is that Huawei, who are the largest suppliers of low cost telecommunication equipment — from towers to routers — in India, will assist Indian agencies in scrutinising their equipment by providing data starting from manuals and extending to source codes. “There is no question of allowing Huawei a backdoor entry through the agreement. The information flow is going to be one way — them to us. No security information is being provided. We are only looking at the equipment,” added Balakrishnan.
In the past, New Delhi has blamed Huawei for a national security breach, has discouraged service providers from buying Chinese telecom equipment which is our-fourth the cost, and has been scrutinizing suspicions malware tucked away into equipment supplied in India.
The Indian telecom equipment safety certification lab is expected to work on the lines of similar labs in the US and China, to ensure that security vulnerabilities are not built into telecom equipment supplies. The lab will offer certificates known as Evaluation Assurance Level, starting from a basic EAL1 through to the most advanced EAL7, following the completion of a security evaluation on the basis of an international standard.
The government imposed a nearly three month clampdown on the import of telecom equipment in early 2010, still Huawei managed to sell US$1.2 billion worth of handsets in India last year as soon as ban was annulled after it gave its embedded source code. New DElhi has now allowed imports carrying safety certification from designated international certification agencies. The high cost for an EAL 4 certificate, has deterred equipment suppliers from applying for them.