Network infrastructure vendors such as Huawei Technologies, Nokia Siemens Networks (NSN) and Ericsson, can expect more government regulation as they peddle their wares across the globe. But while this is expected, given the increased importance of telecommunications to economic growth and national infrastructure, governments can do more to simplify compliance frameworks to reduce the complexity for companies looking to enter multiple markets.
According to Paul Tyler, head of Asia-Pacific region at Nokia Siemens Network, information and communications technology are increasingly important to a country's economic prosperity and vital national infrastructure.
"The increased government scrutiny is just a consequence of this growing strategic reliance of governments on the networks we all rely on. [These networks] are vital assets that need to be secure and reliable," Tyler said.
Frank Levering, research manager at IDC Asia-Pacific, also noted that there is a clear, heightened level of awareness worldwide and fear related to security breaches, following the high-profile attacks on companies such as Sony as well as governments, security vendors and international agencies such as the International Monetary Fund.
As such, almost any private or public organization could become the next target and this is spurring greater regulatory policing and scrutiny on network vendors, Levering explained.
"There's simply a much greater sense of urgency around the security needed for all the equipment governments rely on to deal with critical and highly sensitive information…[and] it is possible and even likely that some vendors feel more scrutiny than others," the analyst said.
Both Tyler and Levering were commenting on a Reuters report earlier this month stating that six U.S. lawmakers had called for the investigation of Chinese telecoms equipment maker, Huawei, for allegedly violating a 2010 sanctions law by supplying sensitive technology to Iran.
The Chinese company in December announced it would scale back its Iran business, in which it provides services to government-controlled telecom operators. This move came after reports revealefd the Iranian police were using mobile network technology to track down and arrest dissidents, according to a Wall Street Journal report.
In November, the U.S. House Permanent Select Committee on Intelligence launched an investigation to assess potential threats to national security posed by the presence and expansion plans of China's networking vendors in the country.
Building up trust
Levering also pointed out that the level of trust between the regulating country and the vendor's country of origin plays an important role. If there is a lack of trust to begin with, then this same distrust will be applied to the vendor's equipment, he stated.
That said, he believes this is not necessarily a "great obstacle", but simply an issue that needs to be addressed in order to do business in certain countries.
The vendor may be asked to supply more documentation, share more information on the equipment being used and disclose the source code before implementation. Should it be willing to go the extra mile, the scrutiny and regulations applied will not affect its ability to do business, the IDC analyst explained.
He added that security for government projects such as network deployments should always have a very high priority, and all vendors will be required to undergo scrutiny and comply with regulations.
Levering said: "It is not a negative trend that the regulations get more elaborate and the scrutiny gets increased across the board. These, however, can add significant levels of complexity."
For Nokia Siemens Network, the increased scrutiny presents opportunity as the vendor has an "international reputation for reliability and compliance, with national and international regulations and standards", Tyler said. "Security is built into our innovation engine and we are able to demonstrate that to governments," he asserted.
Standardizing regulatory frameworks
According to Levering, though, the different frameworks currently adopted by various countries add complexity to the governance, risk management and compliance (GRC) for network infrastructure vendors, putting these companies in a difficult position.
"Currently, there are many challenges for the people in charge of scrutiny and regulations, the people handling the implementation as well as the vendors," he said, noting that the increased scrutiny was not sustainable.
To help improve the situation, Levering urged governments and vendors to invest the time and money needed to reach some level of uniformity in their GRC networks, in order to reduce the complexity and heighten the ability to stay compliant.
Doing so would also increase the level of security, as there is significantly less risk of vendors selling equipment with wrong encryption setting, for example, he added.