7 hours Ago
India is considering a proposal to replace older mobile phone SIMs after an investigation by the nation’s top cybersecurity agency found samples of chipsets of Chinese origin in some of the cards that store subscriber identity information, said two officials in the know. The ongoing probe by the National Cyber Security Coordinator (NCSC) and the home ministry has raised national security concerns, the officials said on the condition of anonymity. The first step could be replacing the older SIM (subscriber identity module) cards in mobile phones, they said, adding that the feasibility of such an exercise is being evaluated given the techno-legal challenges.
The NCSC has held meetings with executives of Vodafone Idea Ltd, Bharti Airtel Ltd, Reliance Jio Ltd, and officials from the department of telecommunications to plug security loopholes in the procurement of telecom resources such as SIM cards and find a framework to replace the SIMs. Queries emailed to the NCSC, the home ministry, DoT, and the telecom operators did not elicit a response until press time. India has 1.
15 billion mobile subscribers and even a small percentage of SIM cards with China-origin chips raises concerns about data security. More so when the government has barred Chinese equipment makers such as Huawei and ZTE because of national security concerns. The procurement of SIM chipsets from China without the government’s approval puts sourcing and continuous audits by telecom operators in the spotlight.
“Some SIM card vendors of telecom operators misused the trusted source certification," said one of the officials cited earlier. “Initially, they took the certification, showing SIM card chip procurement from trusted sources. However, later it was found that some chips were of Chinese origin.
" The official refused to share details of SIM card vendors, citing the sensitivity of the issue. Trusted sourcing The NCSC works under the National Security Council Secretariat, which advises the Prime Minister’s Office on matters of national security and strategic interest. The NCSC coordinates with other national agencies on cybersecurity and approves trusted sources.
Telecom operators outsource procurement of SIM cards to vendors approved as trusted companies. These vendors procure the chips from countries like Vietnam and Taiwan, and assemble, package and serialize the cards in the country before supplying them to mobile services providers. “The investigation is being done collectively under NCSC involving DoT, MHA, and other stakeholders to identify the entry of such chips in the market and the extent of SIM cards with chips of Chinese origin.
It seems even telcos were not aware of the procurement by their vendors," said another official. The government plans to strengthen the process for trusted source approvals and conduct continuous testing of telecom equipment entering the country, the official said. Telecom equipment requires mandatory testing and certification before being imported, sold or used in India, according to security regulations.
This ensures the gear meets national and international standards for safety, radio frequency emissions, network performance, and national security. The National Centre for Communication Security (NCCS), under DoT, looks after the testing and certification process. The Telecommunication Engineering Centre (TEC) also certifies the equipment.
Additional cost to operators “It seems that there are loopholes in the approval process and no continuous testing is being done by authorities. There are instances where equipment of Chinese origin enters India from countries which are trusted," an industry executive said. The replacement of SIM cards will involve techno-legal challenges and will also lead to an additional cost for telecom operators, the executive said, speaking on the condition of anonymity, citing security and regulatory reasons.
In March 2021, the DoT amended the Unified Access Service licence to prevent telecom operators from obtaining equipment from untrusted vendors. The NCSC was authorised to approve trusted sources and companies that can supply equipment. Under the Telecom Act 2023, the government can issue directions to procure telecommunication equipment and services only from trusted sources.
.
