Because most of these services are currently being rolled out on non-licensed spectrum, India's telecom industry believes that a delay in defining critical services in the machine-to-machine (M2M) segment could have security implications.
According to a senior executive at one of the telecom companies, many critical M2M services, including those in the power and infrastructure sectors, are operating on unlicensed spectrum with no testing, monitoring, or compliance. "This makes the services much more vulnerable to vulnerabilities, threats, and cyber-attacks, which can even disrupt critical public infrastructure operations," said the executive, who did not want to be identified.
The operators have been in regular contact with the Department of Telecommunications (DoT) about the issue of defining critical M2M services. Once the critical services have been defined, they must be provided using licenced spectrum and in accordance with all quality of service (QoS) and other security conditions.
Another executive stated that services such as self-driving cars, remote surgeries, financial transactions, and so on require top-level security, which can only be provided when all parameters are tracked and accounted for. "The government has administrative control over licenced telecommunications companies, and we adhere to all security parameters and guidelines." Devices using unlicensed spectrum, on the other hand, have limited security," the executive explained.
In 2017, the Telecom Regulatory Authority of India (Trai) issued recommendations on spectrum, roaming, and QoS requirements in M2M communications. According to the proposals, the DoT should identify critical services in the M2M segment and require these services to be provided only by connectivity providers using licenced spectrum.