industry

Telecom gear makers seek 2-year extension for security testing of customers' WiFi



Telecom gear makers have pushed back on the July 1 deadline for mandatory security testing of WiFi customer premises equipment (CPE) and IP routers, demanding an extension of a minimum of two years and requesting the government to keep security certification on a voluntary basis for now.They have highlighted that there are only three labs accredited by the National Centre for Communication Security (NCCS) to perform security testing on WiFI CPE. Due to the limited labs, the cost of security testing is very high (₹40-60 lakh per model), the Manufacturer’s Association of Information Technology (MAIT) said in a submission to the Department of Telecommunications (DoT).

The call for extension comes after the DoT in December 2023 extended the start date for accepting applications from July 1, 2023 to January 1, 2024, later extending it to July 1, 2024 for models that have not undergone mandatory testing and certification of telecom equipment (MTCTE) certification, and October 1, 2024 for models that have already got MTCTE certificates.

MAIT said that as per NCCS procedure, the time required for security testing and certification is 6-7 months, which is further accentuated by activities such as contractual agreement time, time slot availability, logistics for equipment and competent resource availability, increasing the time frame to 10-12 months. “Under such circumstances, industry fears the July 1, 2024 enforcement date is very aggressive and unrealistic to meet,” MAIT said.

The industry body has also highlighted several ambiguities in the Indian Telecommunication Security Assurance Requirements (ITSAR) document released by DoT in 2022, requesting the department to not mandate security testing and certification until the issues highlighted are resolved.

Readers Also Like:  Jet Airways CEO Sanjiv Kapoor quits

The ITSAR document is a set of security testing guidelines and standards established by the NCCS under the MTCTE regime to ensure the security and integrity of telecom networks in India.As per MAIT, the testing of different hardware models using the same software, as mandated by ITSAR, is a redundant exercise, leading to a multifold increase in compliance cost for gear makers and significant delays in product certification due to repeated retesting.The industry body also called out the ITSAR mandate of cryptographic algorithm modules to be compliant with FIPS 140.x, which is a certification needed for defence or military deployment, stating that crypto algorithms in telecom products are sourced from open source and having it FIPS-140 certified will require considerable amount of effort, causing delays in product roll out.

“Based on the experience of MTCTE, industry strongly urges DoT to give a minimum of two years to comply with the security testing requirements. We request DoT to keep security certification on a voluntary basis until then,” MAIT said.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.