Cherian Samuel replies: Communication networks are a part of our critical information infrastructure which was defined in the IT Act, 2000 as “the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.” Communications networks are crucial to the connectivity of other critical infrastructure, viz. civil aviation, shipping, railways, power, nuclear, oil and gas, finance, banking, communication, information technology, law enforcement, intelligence agencies, space, defence, and government networks. Therefore, threats can be both through the networks as well as to the networks.
Securing the networks is complicated by a number of factors. In the first instance, much of the hardware and software that make up the communications ecosystem is sourced externally; as a case in point, Chinese manufacturers such as Huawei and ZTE have supplied about 20 per cent of telecommunications equipment while Indian manufacturers have about 3 per cent of the market. As recent incidents have shown, foreign governments are not above taking advantage of the market penetration and dominance of their companies to infiltrate and compromise telecommunications networks. This is a potent combination of expertise and resources.
The task of securing the networks is also complicated by the fact that much of the infrastructure is in the hands of private companies who see measures such as security auditing and other regulations and frameworks as adding to their costs. The government in the National Telecom Policy of 2012 has set a target for domestic production of telecom equipment to meet the Indian telecom sector’s demand to the extent of 60 to 80 per cent by 2020. The Ministry of Communications and Information Technology has also repeatedly urged telecom companies to take note of vulnerabilities in their equipment and told them they would be held responsible and subject to penalties if the vulnerabilities are not addressed. A number of other measures, such as making local certification mandatory, have been announced, but there is a need for a more integrated and strategic approach to securing the networks since they are so crucial to the economic, social and political wellbeing of the country.
The Information Technology (IT) Rules, 2021
The IT Rules 2021 seek to address cyber security concerns of the citizens without infringing on their privacy and personal liberties, while maintaining digital sovereignty at the same time.