A suggestion by the Home Ministry that mobile operators should buy SIM (subscriber identity module) cards only from companies that have been screened has been rejected by the Department of Telecommunications (DoT). This could be a setback to the Home Ministry’s plans to secure the country against any misuse of its vast telecommunication network by terrorists.
The ministry had suggested the Security Accreditation Scheme (SAS) which is managed by the GSM Association, the global body of GSM mobile service operators. SAS is a voluntary scheme under which suppliers open up their production sites and processes to a comprehensive security audit.
DoT has pointed out that that there are only 20 SIM card plants accredited by GSMA across the world. Out of this 6 are in China. However, there is only one supplier at present in India which is SAS compliant. DoT has pointed out that by mandating the SAS certification may lead to a monopolistic situation or restrictive competition in the market. Moreover, it may not be desirable to mandate anything which is voluntary in nature. Also, mandating SAS may not yield a foolproof solution, it felt.
The move by the Home Ministry was a part of growing concern about security issues in the telecommunication sector, especially after the terror attacks on Mumbai in November last year. DoT had recently called a meeting of all private operators to discuss a proposal to ban Chinese equipment manufacturers from 20 out of the 29 states in the country, which will virtually put them out of business. It has also, at the insistence of the Home Ministry, refused to give its assent to an order placed by state-owned BSNL to Chinese vendor Huawei in western India which is under security threat.
The Home Ministry has also suggested that every network operator must obtain a certificate from all suppliers of SIM cards that security keys generated at the time of personalisation are safe and secure in the country, and are held in custody and control of the Indian company.
There are numerous security risks faced by every network operator. Suppliers of materials could introduce certain risks, the impact of which might have to be borne by the operator. Network operators are dependent on their suppliers to control security risks.
Though it has not found favour with DoT, SAS is advantageous to operators as they will no longer have to invest a lot of money in undertaking an audit of each of their suppliers. It offers them peace of mind that they have implemented appropriate security measures.