The Indian government is coming up with an initiative wherein it will identify one’s handset and provide customised security and privacy-related recommendations pertaining to that specific communication device to citizens, Lt Gen (Dr) Rajesh Pant (retd), the National Cybersecurity Coordinator, said at the India Mobile Congress (IMC) 2021.
“The objective is to build an integrated system which can collate all the mobile security related information and provide customised and actionable knowledge to Indian citizens to secure their mobile devices. This information will be provided in the language he or she understands” — Lt Gen (Dr) Rajesh Pant
Pant also said that this initiative will not only inform but also answer questions in the language that citizens understand. “Questions like: what specific changes do I need to take to protect myself from cyber crimes and so on…,” he added.
How will it work? “There will be a system that whatever model of the handset you have got, whatever apps you have got, we will be verifying that and sending you a message that you will be aware of the vulnerabilities,” Pant said.
It is important to point out that the Indian government is yet to come out with the National Cybersecurity Policy. Moreover, the Indian government’s plan to verify and accrue device information from citizens in the absence of robust data security legislation seems concerning.
IAMAI, one of the key players behind the project
In order to create this platform, the NSCS has approached the ministries of IT, Home Affairs, and Finance, and is also trying to rope in private players with the help of the Internet and Mobile Association of India (IAMAI), the Economic Times reported.
“There will be a central database in the middle and the information will be available as an API. In case users want specific information, they can use the app. It will detect the phone and apps being used and will offer curated information for the app regarding vulnerabilities,” Satyendra Verma, head of I-CAMPs and IAMAI advisor was quoted as saying in the ET report. The project will not be mandatory and could take 6-8 months to launch, he added.
Vulnerability in any of the ‘five stages’ of a communication device can lead to compromise
While giving a reason for taking up the project, General Pant said that the life cycle of a communication device has to be considered. He said that, from the security point of view, the following stages in a communication device’s life cycle has to be considered —
- Design and development
- Distribution and acquisition
- Configuration and deployment
- Usage and maintenagnce
- Disposing of device
“These communication devices can be exploited if there are vulnerabilities if any of the five stages,” Pant added. “Now a device vulnerability can be associated with all sorts of devices, it can result in insecure network services.”
Indian government on the lookout for spying tech
The IT Ministry sent notices to OnePlus, Xiaomi, Vivo, and Oppo last month seeking details about their phones and components. This notice came after an ET report revealed that the government was considering passing a regulation to mandate teardown of handsets to check for snooping. Beyond hardware, the government is also reportedly looking into the practice of pre-installing apps on new smartphones sold by Chinese manufacturers.
With respect to telecom equipment, the government has already set up a portal with a list of ‘trusted sources’ from which Indian manufacturers can buy materials. This was built on top of a National Security Directive that was passed in December 2020, essentially to prevent the use of Chinese tech in telecom equipment.
Also read:
- CDSL data breach: Sensitive investor information exposed in attack
- In Parliament, Defence Ministry reveals Defence Cyber Agency now functional
- India looks to scale up electronics exports in next couple of years
Have something to add? Post your comment and gift someone a MediaNama subscription.
Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India
