The Department of Telecommunications (DoT) is ready to ask telecommunications companies to perform an “information security audit” of their networks and submit the report by the end of October.
What is an information security audit for telecommunications networks?
- As the name suggests, an information security audit is a step-by-step assessment of the entire network infrastructure that checks the installed equipment and the latest updates performed to prevent data leaks. The auditors also verify the security and data storage policies of the company and check whether all sections of the company comply with the standards set by the company itself.
- Apart from this, some auditing agencies also run a controlled bug on the corporate network to check for vulnerabilities and see which systems are affected.
- The purpose of the audit is also to check for “backdoor” and “cheat” vulnerabilities.
- A “back door” or “trap” is a bug installed in telecommunications equipment that allows businesses to eavesdrop on or collect data shared over the network.
Why does the Department of Transport want telecommunications companies to do this audit?
- One of the main reasons the DoT is asking telecom companies to perform this external audit by an agency linked to the India IT Emergency Response Team (Cert-IN) is to check for errors “backdoor”or “trap” installed in their networks.
- Although he did not specifically mention the threat from any company, DoT officials hinted that this audit was necessary, as there were reports from other parts of the world installing such bugs in telecommunications networks.
- The audit is likely to increase control over Chinese suppliers Huawei Telecommunication Company and ZTE, which are said to be spying on the Chinese government.
- For example, in January 2020, the United States released a report saying that Huawei had inserted “back doors” into the telecommunications networks it had helped build in mobile phone networks in the United States and in the United States.
- whole world. world. Besides the United States, other countries like the United Kingdom and Australia have also banned the two Chinese companies on “national security” grounds under the same charges.
- Almost all of the countries that have banned the operations of these companies have cited the same law that requires Chinese companies to cooperate with Chinese intelligence agencies no matter where they are in the world.
Who will perform the audit? How will this help you?
- In its guidelines, the DoT is likely to suggest to companies that the external audit should only be carried out by an agency associated with Cert-IN.
- This means that the audit will no longer remain a commercial compliance standard for the company, but will also examine the national security aspects of the telecommunications network.
- Although these internal and external audits are conducted by companies every three to four years, this will be the first time that the audit will be carried out by an agency appointed by the DoT.
- The audit report is likely to help the DoT to develop a concrete plan to exclude Chinese suppliers from the Indian telecom market if something goes wrong.