Gear makers' poor response to WiFi security mandate irks DoT

The Department of Telecommunications (DoT) is peeved at the “unsatisfactory effort” of telecom equipment makers such as Cisco, Nokia, Ericsson and HPE concerning security certification of Wi-Fi consumer premises equipment (CPEs) and IP routers, despite the department accommodating various industry concerns, officials told ET.

The new security mandate was scheduled to be implemented from October 1 but since only a handful of companies have applied, the government has given another one-month extension for companies to apply to avoid any disruption in supplies.

Besides, applicants will be issued a “pro tem certificate” that will be valid for six months to facilitate continuous supply of products, till they are certified.


“DoT has been insisting on all OEMs (original equipment manufacturers) for submission of applications for security testing of Wi-Fi CPEs and IP routers for more than a year now… However, they have been hesitant to apply for the testing,” Hemendra Kumar Sharma, deputy director general (media) and official spokesperson for the DoT, told ET.

He said the OEMs were informed well in advance and the deadline has been extended several times from the originally planned July 1, 2023. Since then, mandatory testing dates have been postponed many times to help the industry gear up and obtain necessary certification.

Apart from the extensions, several issues raised by the industry have been addressed. For instance, the DoT accepted that internal test reports should be accepted for certification in lieu of source code. In addition, firms can share the reports with the National Centre for Communication Security (NCCS), a unit under the DoT, instead of test labs if companies fear leakage.

But despite these, very few applications for security clearance have been received by the government. “While there should be no compromise on this, DoT has been extremely accommodative on the concerns of the OEMs by way of timelines and requirements. Unfortunately, there has been unsatisfactory effort in this regard from the OEMs,” the DoT spokesperson said.

The NCCS has been tasked with the responsibility to grant security certificates to the companies for the Wi-Fi CPEs and routers. The government insists that security testing is part of the Mandatory Testing and Certification of Telecommunication Equipment scheme launched in 2019. “It is quite clear that DoT has accommodated industry concerns to the extent possible and now expects industry to come forward and adopt the mandatory requirement of security testing of telecom equipment,” the DoT said.

The department also rejected industry claims about the testing cost being too high in India. As per the government, security testing is resource intensive and a lengthy process involving specialised tools. “Cost of similar testing elsewhere in the world would cost almost three times compared to the fee being charged by test labs in India,” the DoT spokesperson said.

Further, regarding the high number of products requiring testing, the DoT said that several products can be clubbed together as they belong to the same group. “Hence, the anticipated number of applications for security testing may not exceed 50,” the spokesperson said, adding that the need for secure products cannot be overstated and cannot be compromised in any way.