Cyber security is an area in which India has still to cover a long gap. India is not only late in this regard but also needs to make its efforts holistic. The National Cyber Security Policy of India 2013 has been declared by Indian government but it is deficient on many counts.
However, the policy is also good on many counts and ensuring malware free software and hardware for Indian use is one such good objective. The cyber security awareness brochures in India have also been prescribed by Indian government.
Companies like Huawei and ZTE have already faced telecom security issues in India. Similarly, India is also considering making the norms for import of telecom equipments in India more stringent. The security agencies of India have gone to the extent of even suggesting for the developing indigenously manufactured cyber security software.
India experts have also suggested starting India’s own social media platforms. India has also proposed a new policy that would give preferential market access (PMA) to domestic telecom manufacturers for government contracts. Clearly, the Indian mood is to support and encourage indigenously manufactured hardware and software components.
The telecom security related issues have also assumed great importance in India. Proposals for testing of hardware and software for imbedded malware have also been mooted in India from time to time. For the time being, the imported software and hardware testing for embedded malware has been postponed till 1st April 2014 by India.
This deadline may not be extended further as India has been granted the status of “Authorising Nation” under the international common criteria recognition arrangement (CCRA) to test and certify electronics and IT products with respect to cyber security. This means that India can now test electronics and IT products and issue globally-valid certificates with respect to cyber security.
Till now, India was having the status of “Consuming Nation” with respect to certification of electronics and IT products. Consuming members in the CCRA cannot issue internationally recognised certificates, but they are free to issue national certificates.
The Standardisation Testing and Quality Certification (STQC) Directorate of Department of Electronics and Information Technology has been operating common criteria certification scheme in the country for the last 5-6 years. Under it STQC undertakes certification of Electronics and IT products after evaluation of the products at its lab in Kolkata. The certificates issued by STQC directorate shall now be acceptable internationally by all CCRA member countries.