With the telecom sector becoming a potential security threat due to use of imported equipment, the government has proposed that service providers employ only Indian nationals in sensitive positions like chief technical officer and chief information security officer.
The licensee shall employ only Indian National as Chief Technical officer, Chief Information Security Officer, Nodal executives for handling interception and monitoring cases and system administrators.
In the draft amendment of licences related to security concerns, the Telecom Ministry has also said that a penalty of Rs 50 crore (Rs 500 million) will be levied for any security breach which has been caused due to inadvertent inadequacy in precaution on the part of the telecom firm.
"The Licensee should build their own capability and capacity to maintain and operate the network, preferably through local maintenance personnel, albeit in a phased manner, because the telecom network is security sensitive infrastructure, government can mandate it when it feels it necessary to do so breach, penalty amount will be Rs 50 crore per breach.
"The Licensee shall deposit the penalty amount with the Licensor within 30 days of the issue of notice," according to draft proposal of the department of telecommunication.
The department has also proposed an amendment to the Unified Access service License Agreement for security related concerns for expansion of telecom services in various zones of the country.
The Licensee
shall be completely and totally responsible for security of their networks.
They shall have organisational policy on security and security management of their networks. Network forensics, network hardening, network penetration test, risk assessment, actions to fix problems and to prevent such problems from reoccurring acts should be part of the policy and they should take all measures in respect of these activities.
The licensee shall induct only those network elements into his telecom network, which have been tested as per relevant contemporary Indian or International security standards.
The draft suggested steps, which help in increasing the security of the telecom network includes engage the service of International accredited network audit and certification agencies to perform network hardening, network penetration test.
Operators may sign a suitable agreement with hardware or software vendors and suppliers of services to ensure that the equipment they supply are safe to connect in the network.
The Licensees should endeavour to create a forum, say Telecom Security Council of India, on a voluntary basis to increase the security assurance levels and share common issues.
The licensee shall also provide location details of mobile customers in the Licence service area.