The Indian government’s investigation into an alleged hack on the state-run telecoms carrier Bharat Sanchar Nigam Limited (BSNL) by Huawei is set to bring about regulatory changes, whether proved true or not.
A government official in communications and information technology confirmed allegations are being investigated.
In a written reply to a question from a member of parliament, Killi Kruparani, junior minister for communications and information technology, said: "An incident about the alleged hacking of BSNL network by Huawei has come to notice.” She added this is being investigated.
Huawei has struggled to grow in the US amid rumours the company has links with the Chinese state government – Huawei's founder Ren Zhengfei is a former major of the People's Liberation Army of China.
A US government committee even went as far to say Huawei’s equipment posed a risk to national security and businesses across the country should not use it, or any kit from fellow Chinese firm ZTE.
Manatosh Das, security analyst at Forrester Research India, said whether the allegations are proved true or not, the event could lead to regulatory changes and a speeding up of parts of the government’s national cyber security policy.
“Proved or not proved, the government of India might seek mandatory compliance to the Universal Access Service Licensees (UASL) amendment from all telecoms service providers, with failure to comply potentially costing operating licenses, expediting the process of setting up security testing lab for ICT and strengthening and mandating a scrutiny process for all ICT products before being approved feasible for use in India.”
He added if it is proven Huawei did hack BSNL, the Government of India might “mandate all telecom service providers (TSP) to remove Chinese telecom gears from their network.”
Das also said a hefty penalty might get imposed on Huawei India and the incident will have a strong negative impact on expansion plans of all Chinese telecom and ICT vendors in India and her countries.
The government is working to improve security in India, where physical security is seen as being insufficient. Last year it revealed a target of having 500,000 professionals skilled in cyber security in the next five years through capacity building, skill development and training.
In July, as part of the National Cyber Security Policy Notification, the government said: “In the light of the growth of the IT sector in [India], ambitious plans for rapid social transformation and inclusion growth, and India’s prominent role in the IT global market, providing the right kind of focus for creating a secure computing environment and adequate trust and confidence in electronic transactions, software, services, devices and networks has become one of the compelling priorities for the country.”
According to the Computer Emergency Response Team – India (CERT-In), an estimated 14,392 websites in the country were hacked in 2012.