In Short:
The Department of Telecommunications (DoT) is frustrated with telecom equipment makers like Cisco and Nokia for not applying for security certifications for Wi-Fi equipment. The deadline has been extended to avoid supply issues, despite many accommodations made for the industry. Very few applications have been received, prompting concerns over the importance of security testing, which is essential but seen as costly.
New Delhi: The Department of Telecommunications (DoT) has expressed frustration over the “unsatisfactory effort” displayed by telecom equipment manufacturers, including Cisco, Nokia, Ericsson, and HPE, regarding the security certification of Wi-Fi consumer premises equipment (CPEs) and IP routers. This sentiment comes despite the DoT’s attempts to accommodate various concerns raised by the industry, as noted by officials speaking to ET.
Extended Deadline for Certification
The implementation of the new security mandate, originally set for October 1, has been delayed. Since only a limited number of firms have submitted applications for certification, the government has granted an additional one-month extension to enable companies to ensure continuity in supplies.
To further assist applicants, the DoT will issue a “pro tem certificate,” valid for six months, allowing companies to maintain product supply until formal certification is achieved.
OEM Compliance and Concerns
According to Hemendra Kumar Sharma, Deputy Director General (Media) and official spokesperson for the DoT, the department has been urging original equipment manufacturers (OEMs) to submit applications for security testing for over a year. Despite thorough communication and repeated deadlines, which were originally set for July 1, 2023, OEMs have shown reluctance to complete the necessary testing.
The DoT has made significant accommodations, extending deadlines multiple times to help industry players prepare for certification. Various industry concerns have also been addressed—most notably, the acceptance of internal test reports for certification instead of requiring source code. Additionally, companies can now share reports with the National Centre for Communication Security (NCCS), a unit under the DoT, to mitigate concerns regarding possible leakage when submitting to external test labs.
Lack of Applications and Industry Responsibility
Despite these efforts, the volume of applications for security clearance remains low. The DoT spokesperson emphasized that while security must not be compromised, the department has been lenient with OEMs concerning timelines and requirements, highlighting the lack of satisfactory effort from these manufacturers.
The NCCS has been designated the authority to grant security certificates for Wi-Fi CPEs and routers as part of the Mandatory Testing and Certification of Telecommunication Equipment scheme initiated in 2019. The DoT has asserted that it has made every effort to address industry concerns and now expects OEMs to comply with the mandatory security testing requirements.
Testing Costs and Product Grouping
The department has also dismissed claims from manufacturers regarding high testing costs in India, asserting that the security testing process is both resource-intensive and complex. The DoT spokesperson noted that the costs associated with similar testing abroad could be three times higher than those instituted by Indian test labs.
Furthermore, the DoT clarified that many products requiring testing can be grouped together based on shared characteristics, predicting that the total number of security testing applications would not exceed fifty. The spokesperson reiterated the critical importance of ensuring product security without compromise.
