India may emerge as hub for low-cost security-sensitive IT products

KOLKATA: India could emerge as a hub for low-cost testing security-sensitive IT products used in telephone and other critical infrastructure networks with the country being recently given the “authorising member nation” status in the Common Criteria Recognition Arrangement (CCRA), said top officials in the telecom and IT industries.
CCRA, which counts the US, Canada , the UK, Germany, France and Japan as among its 26 members, is the top international agency that defines common processes to certify IT products used in infrastructure networks in telecom, power, aviation and defence sectors.

On Monday, its governing consortium cleared India’s application for “authorising nation” status, which means the country can now issue clearances to companies to set up CCRA-accredited private test labs in the country itself. Laboratories in India could offer testing services at much lower costs compared to other CCRA labs in western markets, said Rajan Mathews, director-general of the Cellular Operators Association of India (COAI) — the industry body representing GSM operators.

He said the lower cost structures would stem from “lower operating costs, reduced labour charges arising from the surfeit of trained and qualified engineers required for such testing”. “Since this is also a manual intensive process, Indian labs will have distinct cost advantages,” he added. Till date, India was a “consuming member” and depended on CCRA approved test labs overseas for certification of IT products used in critical infrastructure networks.

But from now on, labs set up in India and authorised by India’s Standardisation Testing & Quality Certification Directorate, which is under the Department of Electronics & IT, will be equipped to certify IT systems supplied by local and global vendors as safe to connect to the country’s core infrastructure networks. Software companies Tech Mahindra and Wipro have already evinced an interest to set up test labs in India.

Pune-based Tech Mahindra said it is closely studying the feasibility, business and financial aspects of setting such large infrastructure in the coming months.

“Authorising member status opens up the fast-growing Indian market to implement stringent test norms in the said infrastructure. And telecom amongst all is very susceptible to vulnerabilities,” said Sirisha Voruganti, head (device testing practice ) at Tech Mahindra. Voruganti, however, added that quality, apart from the low cost, was very important in deciding market shifts.

Bangalore-based Wipro declined to comment. A top executive of a leading European telecom gear maker said while there are “clear cost advantages” for IT products to be tested in India, those testing labs would need to have reciprocal arrangements with other CCRA labs so that certificates are mutually recognisable.

“Equipment certified by an overseas CCRA lab for deployment in Indian networks must not be subjected to fresh tests in a sister lab in India,” this official said. COAI’s Mathews believes challenges for Indian lab developers would be formidable.

“Given the sheer volume of new equipment expected to be developed and tested for things such as 3G, 4G LTE or cognitive radios being developed by Indian scientists, private CC-testing labs will have serious challenges in ensuring equipment is available to telecom operators on time for implementation,” said Mathews.

The telecom department had recently deferred its plans to locally test IT and telecom gear used in telecom networks to April 2014 from the earlier October 1, 2013, deadline in the absence of global standards for conducting such security tests.