The government of India earlier said that it might seek source code of every network equipment deployed in the country as a part of security assurance testing initiative. However, Swedish telecom gear maker Ericsson addressed its concern and stated that the result of checking source code would be diplomatic and it will not be possible virtually to free the software from unknown vulnerabilities. As reported by ET Telecom, Ericsson wrote a two-page letter to DoT and stated that review of the source code for the purpose of verifying supplier’s software would be virtually an impossible task. Ericsson’s CTO Erik Ekudden also indicated that it is not possible to produce software virtually that is free from all the vulnerabilities.
Source Code Review Will Have Disadvantages
Ekudden stated that there are many disadvantages in reviewing the source code of every network equipment deployed in the country. Scanning source code of Ericsson equipment specifically would require domain-specific knowledge and understanding. In order to do a meaningful review, a knowledgeable workforce will be required who will do the review in the best and meaningful way. However, a proper review of the source code of Ericsson would take substantial time and effort.
Source Code Review Was Not Important in Past
Cellular Operators Association of India (COAI) stated that the source code review was not asked by the telecom department security testing arm in the past. The need for source code review has been developed in the past two months. COAI also stated that the discussions regarding Indian Telecom Security Assurance Requirements (ITSAR) with DoT has been in loop from one year and the requirement to submit source code was not asked by the telecom department.
India-China Border Tensions Might Affect Telecom Industry
The on-going geopolitical situations might put external pressure of the telecom industry. The government of India is already planning to ban Chinese telecom gear makers from supplying network equipment to state-owned telecom operators. Not only this, but private telcos might also get in the loop. If the Chinese telecom gear makers are banned in the Indian market, telecom operators will have to incur massive payouts if the deal is revoked before maturity.