Securing India’s Networks: ITSAR and the Telecom Cybersecurity Push

  • Last Updated on

Context: The Ministry of Electronics and Information Technology (MeitY) clarified that the Government of India has not mandated smartphone manufacturers to disclose proprietary source code under the Indian Telecom Security Assurance Requirements (ITSAR).

This clarification followed public concern that telecom security rules could compel blanket source-code disclosure, raising issues of intellectual property protection and compliance burden. At the same time, the episode highlights India’s broader push to harden telecom infrastructure against cyber threats.

What is ITSAR?

The Indian Telecom Security Assurance Requirements (ITSAR) are technical security standards for telecom equipment designed to safeguard network integrity and national security.

They aim to prevent vulnerabilities such as hidden backdoors, malware insertion, or supply-chain compromise in telecom systems.

Authority: ITSAR is issued by the National Centre for Communication Security (NCCS) under the Department of Telecommunications (DoT).
Applicability: ITSAR applies to designated telecom equipment sold, imported, or deployed in India that connects to telecom networks.

Coverage: The requirements are legally binding on:

  • Original Equipment Manufacturers (OEMs),
  • importers/dealers, and
  • telecom service providers.

Why Telecom Security Matters

Telecom infrastructure supports critical domains including:

  • digital payments and banking,
  • government communications,
  • emergency response systems,
  • defence connectivity, and
  • power and transport networks.

Therefore, vulnerabilities in telecom equipment can enable espionage, disruption, sabotage, or mass surveillance. As cyber threats become more sophisticated and cross-border, telecom security has become a core element of national security policy.

Key ITSAR Provisions

  1. Security Assurance: Equipment must be free from undisclosed backdoors and malware, ensuring trust in telecom networks.
  2. Testing Requirement: Telecom network elements must undergo security evaluation in Telecom Security Test Laboratories before deployment.
  3. Crypto Control: Equipment must use only NCCS-approved cryptographic algorithms and protocols, reducing risks linked to weak encryption or compromised standards.

Proposed Security Measures for Mobile Devices

Policy discussions have considered extending security requirements to consumer devices due to their growing role as entry points into networks. Proposed provisions include:

  • Source code access for testing: Manufacturers may be asked to share code only with government-approved labs for security testing (MeitY clarified no blanket disclosure mandate currently exists).
  • App removal: Users should be able to uninstall non-essential pre-installed apps to reduce attack surfaces.
  • Log retention: Devices may store key security logs (system events, login records) for one year.
  • Malware scanning: Periodic OS-level malware scans.
  • Update reporting: Firms may inform NCCS before major updates/patch releases.

Policy Challenge

India must balance two priorities:

  • strong cybersecurity and trusted networks, and
  • innovation, privacy, and protection of proprietary intellectual property.

A calibrated approach—limited access in secure labs, confidentiality safeguards, and targeted testing—can strengthen security without harming competitiveness.

Tags
Share this with friends ->

Explore more current affairs

Leave a Reply

Your email address will not be published. Required fields are marked *

The maximum upload file size: 20 MB. You can upload: image, document, archive. Drop files here

Trending now

SC Directions on Online Content Regulation
PM Jan Vikas Karyakram (PMJVK): Strengthening Inclusive Area Development
IMF Rating on India’s GDP Data
India to Open Civil Nuclear Power Sector to Private Firms

Discover more from Compass by Rau's IAS

Subscribe now to keep reading and get access to the full archive.

Continue reading