With the import of telecom equipment increasing — it rose to Rs 53,971 crore during 2012-13 from Rs 52,441 crore the previous year — the home ministry asked Indian Institute of Science (IISc) in 2011 to come up with a framework to set up a central testing and certification lab. The framework was provided and IISc trained DoT engineers but the government is still to establish testing and certification facilities, creating the fear that malware encrypted in foreign equipment might sabotage the Indian communication network.
IISc associate director N Balakrishnan spoke to Johnson T A on the importance of and progress in creating telecom equipment testing facilities in the country.
What has the IISc role been in creating a national-level telecom equipment-testing lab?
The IISc role was to create a proof of concept lab, which we have done. We brought equipment from the market and showed it can be done. We cannot do routine testing because there will be 200 different types of equipment. We cannot run a facility like that. The other thing is, there are certain inputs from vendors, such as detailed design diagram, that they will give only to a mandated testing lab.
Why the delay in creation of a formal lab despite IISc providing proof of concept nearly two years ago?
A cabinet note was issued in 2011 for creation of testing and certification labs. Money was also identified. With manpower and all, the process of setting up takes time in the government. This is something no one anticipated. I know they are serious, otherwise they would not have appointed a DDG for this purpose.
Even if it is not mandated to have testing done by a government lab, it is important that as a country we have this capability for which we have made enormous efforts. DoT has been fully into it as well. It has been done as a joint venture between DoT and IISc. But I think right now, this topic is not being discussed by the ministry concerned.
Why is an Indian laboratory necessary to test foreign telecom equipment? Aren’t there valid international certifications?
You can rely on international agencies but there is a possibility certain things may be missed. At evaluation assurance levels 3 and 4 there is no standard definition of what are vulnerability analysis and penetration testing systems (VAPT). There are limits to which international agencies will test, you have to watch out for a