Advertisement

Blog

Security Concerns Throttling Telecom OEMs

For the last several months, the Indian government had imposed restrictions on imported Chinese telecom equipment, due to security concerns. Indian security agencies have long worried that installing Chinese telecom equipment in Indian networks may lead to security breaches, asserting there may be a chance for foreign government monitoring of domestic communications via spyware.

However due to relentless pressure from telecom providers and the implementation of 3G and 3.5G networks, the government has lifted some of the restrictions temporarily. Telecom gear vendors have also met with Indian government officials recently to discuss network security. The recent deals among {complink 5399|Tata Teleservices Ltd.}, China's {complink 2430|Huawei Technologies Co. Ltd.}, Bharat Sanchar Nigam Ltd., (BSNL), and ZTE Corp. seem to indicate thawing of relations between India and China on the telecom equipment front.

Tata Teleservices has signed a deal with Huawei to implement a rapid rollout in five regions, enabling the Indian telecom company to offer customers multimedia voice and data services and other 3G services, which include the installation of thousands of Huawei’s LTE-ready radios. Growing commerce in telecom equipment between the regional rivals has prompted some observers to conclude that the de facto ban on Chinese telecom equipment has been lifted.

Meanwhile ZTE announced sales in India rose about 50 percent to $1.5 billion from the previous year. Both Huawei and ZTE have major R&D facilities in India, and they are expanding. Still, concerns persist about the future relationship between the two countries in the area of telecommunications.

The Indian government has insisted that all equipment vendors must transfer technology to Indian manufacturers within three years of selling equipment or services in India. It also requires inspection of manufacturing centers anywhere in the world. India's Department of Telecommunications has asked service providers to ensure that their networks are operated and maintained only by Indian engineers.

Earlier this year, Huawei executives said they had not received any “official guidance from the Indian government” about restrictions on telecommunications equipment made in China. “Nevertheless, we have read media reports and are deeply concerned and surprised to know about this development.” The Chinese company added that its Indian operation “is currently evaluating and understanding the latest development and seeking clarifications from the concerned authorities.”

According to market researcher Voice and Data, the Indian telecom equipment market is worth about $28.8 billion annually. Nokia is the market leader with sales of over $3 billion, followed by Huawei with nearly $2.5 billion. The Indian government is not only concerned about the equipment market, though. It is also planning to bring search and software companies like {complink 2294|Google} under its security umbrella by asking the search giant to submit periodic reports. And it is pressing {complink 4644|Research In Motion Ltd. (RIM)} to set up an Indian datacenter so the government could monitor encrypted information on customers' BlackBerry handsets. The government also wants to ensure the security of Skype voice-over-IP services.

In order to boost manufacturing of indigenous equipment, the government may extend preferential status to “Made in India” products in its new telecom policy. Broader telecom policy will include measures appropriate to encourage domestic telecom manufacturing. Some aspects of this have been considered by the expert committee of secretaries, and preferential status for domestic manufacturers is one of them. The Department of Telecom meanwhile is waiting for recommendations from the Telecom Regulatory Authority of India on manufacturing and expects to receive these by April. The push for preferential treatment for “Made in India” products is part of the Government's agenda to reduce the widening trade deficit created by imports.

Citing the rising import bill of IT and telecom products, a task force has recommended that the government develop an ecosystem for boosting indigenous manufacturing. Estimates show that India's demand for electronics products, including telecom equipment, will be $400 billion by 2020. At the existing rate of growth, the domestic production of electronics hardware is likely to grow to only $104 billion by 2020, creating a supply-and-demand gap of $296 billion, which would have to be met through imports.

18 comments on “Security Concerns Throttling Telecom OEMs

  1. DataCrunch
    April 1, 2011

    Hi Abey, interesting article.  It reminds me of the stories about Microsoft when the company initially was attempting to penetrate the country with their OS and how the Chinese government wanted access to the source code to add their own cryptography when used in sensitive settings.  Microsoft finally agreed and now enjoys a robust business in China. 

    At his point, do you think China would jeopardize its standing as a leader in outsourced manufacturing by adding spyware to telecom equipment?    

  2. Anand
    April 3, 2011

    Toms Jacob,

      Great article. The decision by the Indian government to impose restrictions on Chinese telecom equipments, is understandable. Both China and India are both emerging nations. Unfortunately there is little mutual trust between these two asian giants. Moreover its been rumoured Chinese agents have been hacking into India's top secret documents. So its obvious that Indian govt is not trusting chinese telecom companies.

  3. Hardcore
    April 4, 2011

    Hi Dave,

    To answer your question about them risking damaging the market., to a greater extend they do not care about the Foreign business market, specifically because China is a massive market.

    My own personal experience with China telicoms companies, includes them trying to gain direct access to the Computer systems   of foregn enterprises, and they are not at all shy about it.

    There is one initiative currently underway since 2008-2009 that requires ALL foreign businesses to install a 'China government' firewall inside the corporate networks, now interestingly enough this 'equipment' bridges ANY and ALL corporate firewalls, in that when installed the 'box' has access to ALL traffic from individual computers/servers, AND also the final feed out of the company, the box is specifically designed as a firewall 'bridge'.

    You get a password for 'user' level access, but full admin rights are not granted to anyone other than the local Telicom company and the police/government department.

    By various means i managed to get one of these boxes installed so that it did not bridge our corporate firewall but was instead  in a sandbox with dummy feeds.

    I can safely say i did not like what I saw, the box is also designed so that any sort of external tampering or opening triggers a visit from the security department. 

    The equipment was capable of 'packet capture' which ultimatly geve it access to ALL passwords and internet data that was not HTTPS encrypted(or even this with currently available de-cryption technology), indeed if you did not use heavy encryption between your own internal computers and internal servers INSIDE your own office then there would be a problem with security.

    If they are so blatant about installing backdoors into foreign businesses operating inside of China, do you really think they will not do the same on external equipment?

    Even worse such equipment gives any potential hacker a backdoor around ANY and all corporate security, they a hacker only needs to crack one of these boxes, then all the boxes are targetable.

     

    HC.

  4. Mydesign
    April 4, 2011

       Dave, I don’t think like that. Microsoft or even Google they are business units, they want to do the business and earn profit. Nothing more than that and they are not bothered any other issues than business. But India and china are two neighboring countries and more over both are among the front runners of global economy. China always needs an eye on the internal happening of the neighbors and for this; they would try for all measures.

       So, obviously there are some sort of cold war and each wants to be the better than other. It’s always suspected that china is trying to spy confidential details from other countries. Telecom equipments can be one source for spying or tapping the confidential conversations, especially in military and diplomatic forefronts. So the best part for safe guarding are preferring self made equipments and deploying different security measures.

  5. Mydesign
    April 4, 2011

       Anandvy, you are right. Since India and china are neighbors, obviously there should be some sort of mutual trust in diplomatic level and the same may reflect in business level also. When considering the internal market and requirements; India had to import large quantity of electronic equipments and many of the companies prefer importing from china because of low cost and accessibility. Now it’s the e-world and china is trying to add spy ware with the gadgets, for spying purposes.

        But again due to the current requirements from the internal market, government can’t ban the importing of equipments in a single day. So Government is trying to approach the goal by gradually. That means, increasing the internal production in step by step over coming days, for a complete ban of importing from china.

  6. Mydesign
    April 4, 2011

       HC, I would like to fully agree with your comment. Rather than bothering about foreign markets, they would like to do the spy work at any cost. More over, they would like to use each and every instance for spying rather than any sort of business.

  7. DataCrunch
    April 4, 2011

    Hi Hardcore, I wouldn’t have thought the meddling was so blatant.  I would have thought it was more covert and secretive.  Thanks for sharing your personal experience on this matter.

  8. DataCrunch
    April 4, 2011

    Hi Toms, based on Hardcore’s experience, it seems that foreign companies don’t get the choice to put in their own safeguards in place, but rather have to provide the Chinese government some sort of backdoor access. 

  9. stochastic excursion
    April 4, 2011

    Reports suggest China keeps its options open when it comes to data harvesting from networks it is interested in monitoring.  The unauthorized access into Google's networks during that company's stay in China could not explicitly be declared as government policy, and so was surreptitious.  OTOH as long as the access is official policy they are free to be heavy-handed about it.

    Certain non-sensitive traffic the Indian government probably doesn't mind the Chinese snooping into.  Indeed like some countries they may even pay China for the intelligence they've collected on their own people.

  10. Mydesign
    April 5, 2011

        Dave, many times vendors provides choices for security measurements. But these Chinese equipments are coming with inbuilt dynamic data collection & monitoring software, irrespective of any safe guard measurements from the user side. More over the vendors are putting some restrictions for installing user software as a part of warranty. Since most of the telecom equipments are online in 24×7, they can tap the traffic data’s at any point of time through some simple codes. As of now government have a plan to restrict or limit the use of Chinese equipments.

  11. Mydesign
    April 5, 2011

        Stochastic excursion, you are right. They may always open the option for data mining and monitoring, more over many of times government is not much bothered about such thinks because of lack of knowledge, non sensitivity and ignorance.  But when it comes to national security and military forefront, government is much concerned, especially after wiki leaks incidents. China has always an eye over the happenings and developments in neighborhood countries, especially over India due to various reasons.

  12. Hardcore
    April 5, 2011

    Hi Dave,

    You are actually completely free to put in any security you want… on two conditions:

    1. The 'magic' box MUST bridge the internet to your private network at a position where it can see the internal user traffic and can be accessed by the public security department.

    2. You cannot add in a sandbox/protection to prevent the device from performing the function it was intended for.(see linked article)

    You can get a fairly shrewed Idea from the legal analysis here:

    http://www.lehmanlaw.com/resource-centre/laws-and-regulations/information-technology/provisions-on-the-technical-measures-for-the-protection-of-the-security-of-the-internet-2006.html

    Read around about article 13, I have the full chinese article on another computer system, along with some pictures of the equipment and a list of 'authorized' equipment suppliers.

    If it were my choice I would not allow any sort of this supplied telecom infrastructure anywhere near a counties digital backbone, especially as this level of equipment usually contains multiple FPGA's, and with the FPGA you CANNOT analyze its functionality or de-cript the programming functions. It is why the FPGA device is so often used in Military applications or places where high security protection of designs are required, even with the binary file of an FPGA you cannot de-compile it into any sort of meaningful structure to allow analysis, basically it is the original Black-box, even more of a problem , is that the FPGA device is completely re-programable over any communication medium it may implement, as such its functionality can be re-targeted at any time with very little chance of detection.

     

    HC

  13. Mr. Roques
    April 16, 2011

    I've read a lot of articles about how the Chinese telecom vendors are not trust-worthy but what can companies do? Huawei, ZTE and others are becoming the biggest telecom vendors, can a company afford to skip on their products and services?

  14. ibeno
    April 21, 2011

    There's never been a case in the past decade of these companies of ever committing any crime.  It is interesting that Indian companies like Tata's IT group have began to partner with these Chinese companies to get contracts in other countries so there has been a growing mutual benefit.

  15. itguyphil
    April 21, 2011

    What are the main causes of the trust concerns?

  16. Mydesign
    April 25, 2011

       while considering the national security, especially after reports of global network of Chinese hackers breaking into sensitive installations worldwide, includes the military and telecom networks. It further cites recent UK reports that have raised concerns over importing a Chinese telecom major’s equipment for use in Britain’s telecom network, which may lead to espionage or a shut down during a war. Govt. hopes this will ward off the rising threat of espionage into strategic segments and more over government is also concerned about future availability of foreign chip technologies.

  17. Mydesign
    April 25, 2011

       Ibeno, all such things may happens when competition becomes tighter. Normally Chinese companies are looking others with a different eye. Since both countries are technologically rivals and keen to know the internal happenings of others, this is one of the advance ways of spying. Regularly it will monitor the statics and send periodic reports to the intentor.

  18. Mr. Roques
    May 28, 2011

    Well, the Chinese gvmnt has a great amount of influence over those companies (ZTE, Huawei, etc) and they have been accused of using that influence to get them to release user-specific info.

    The US Gvmnt is very scared of that, of course.

    Srpint being “owned” by one of them might mean that the Chinese Gvmnt could do the same. And Sprint does a LOT of work for the USG.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.