In a recent announcement by the Chinese Communist Party Central Office, that the government will replace all computers running non-Chinese software and Operating Systems within the next 3 years, this also includes dumping all the Foreign Hardware that is in use within China. This initiative has been code-worded “3-5-2”. Should India also tow-the-line to ensure its Digital Sovereignty. In India, efforts for indigenous in the IT sector, has been minimal and over 90 percent of India uses Foreign Hardware and Software. Smartphone and Laptop in India are mostly using Android, iOS, Linux, Windows and Mac OS. The Hardware for these devices is all imported and has been sourced mostly from China.
The Chinese have been using many of the foreign Hardware and Software since the advent of the IT revolution. Beijing has ordered the offices for all government agencies and public institutions to remove foreign computer equipment and software from their offices within three years. The present orders is a tit-for-tat reaction and also because of the fear that the US might be snooping into the Chinese Network. In specific, the move to force China to replace Windows PCs comes in response to increasing pressure by US on Chinese technology companies like Huawei which restricted their access to Western software, operating systems and markets, and pressure by the US government on US and European networking companies not to use Chinese technology. The US has also been trying to exclude Chinese players, including Huawei and its rival ZTE, from the country’s telecommunications market citing national security risks. Now in China due to its latest orders, it is estimated that around 20 million to 30 million pieces of hardware will need to be replaced to ensure only “secure and controllable” technology is used as directed by China’s 2017 Cyber Security Law, and now to be implementable by year 2020.
What is the “3-5-2” Plan of Action to Phase out Foreign Hardware and Software from China
The Chinese government services have been ordered to replace 30 per cent of their devices in the year 2020, 50 per cent in 2021, and 20 per cent by the year 2022. It is understood that this target is a difficult one, as many of the components that are used even on the localised IT Chinese finished Products in China are from Korea and America. However, this order being from the Government will be forced down the throat by the Communist regime.
Present Chinese Hardware and Software Profile
Presently, China uses a variety of products, both home-grown and foreign. The Hardware was mostly from companies like HP and Dell, the other networking components were products manufactured in China, under license from Japan, US, etc. China, had earlier acquired Lenovo (an erstwhile US company), and the hardware were slowing being switched to Lenovo. Here again it is seen that the Processors were from Intel (American) and the Memory (Samsung, Korean) were imported. It seems unclear how comprehensive the implementation of the directive will be, for a complete replacement of the hardware by 2020.
The Chinese have been using a large number of Software on its different products, and most of them were based on its own development. However the basic PC Operating System (OS) was Microsoft based. Present the Government Offices use a version or customised version of Kylin OS, a DOS distro of Microsoft. Microsoft has also in the past tried to hold on to its Chinese customer base by offering a Chinese Government Edition of Windows 10 back in 2017, and the same is in use even today. The OS on many of the other components have been based on Chinese IPR. The Apple (iOS) is the most popular Smartphones apart from Android. Huawei, is also said to have its own Mobile OS and has also been able to capture market share within China.
The Chinese Plan
The move is a part of broader efforts from Beijing to push for reliance on homegrown technologies and mobilise public and private sectors to support domestic tech companies. This is also a better revenue earning strategy, especially when the US is on to ban Chinese Products from its market. China, had in 2017 initiated the project to develop an OS for PCs, Kylin Linux based on Linux distro which is supposedly ready and usable. The software aspect, can still be addressed by the Chinese, however, the problem is with regard to Application and related Software that were designed to run on Microsoft Software need to run on Kylin Linux.
Can India also take a stand?
Should India also go the Chinese way? It is important for India to switch from foreign products to locally manufactured products especially in the IT Critical and Government Infrastructure. India is presently the largest importer of IT Hardware and also Software. However, we see that the Application Software on these devised is mostly indigenous and many of the development for foreign giants are been undertake or coded by Indian Brains. The Hardware aspect may still be a problem, but the home-grown software industry can sustain a switch.
Threats to India from use of foreign Hardware and Software in the IT industry
Today, India ranks third in the list of countries where the highest number of cyber threats is detected. Most of these can be attributed to vulnerabilities in the Hardware and also in the Software. Embedded malicious code in many of the IT assets, used especially in the components of ‘Critical Infrastructure’ is always a threat. The exploitation of Hardware and Software weaknesses that may have been deliberately left by foreign vendors cannot be ruled out. The cost of purchase/license/support for Foreign Hardware and Software is exorbitant, and are a drain on the enterprise/institution that procures them. The factor of dependency and shelf-life management of these foreign products are in the hands of external elements and hence India is at the mercy of such vendors. All this and more should drive India to also switch to indigenous products, especially for use in Government and Critical Infrastructure agencies.
Present Status of Indian Software
India does have its own PC and Server Operating System, but it is not a very popular one. Bharat Operating System Solutions (BOSS) is an Indian Linux distribution derived from Debian. The project for an Indian OS was initiated in year 2002. BOSS is an Indian GNU/Linux distribution developed by CDAC and is customised to suit Indian’s digital environment. It supports most of the Indian languages. BOSS Linux has been officially released in four editions: BOSS Desktop, EduBOSS, BOSS Advanced Server and BOSS MOOL. The latest stable version 8.0 was released on 11 July 2019. However this product though being a free distribution product, has not gained popularity as also is not encouraged by many of the other App developers, thus many utilities and drivers for this OS is not available.
With regard to the Mobile OS, it was in the year 2015 that a few Indian entrepreneur from IIT, Mumbai, had got together to bring out a Smart OS for the Indian environment. The Indus OS was developed and was based on Android. This was later introduced in many of the smartphones like iTel, Micromax Informatics, Intex Technologies, Karbonn Mobiles, Celkon, Swipe, Elite, Trio, etc; that were assembled in India. It is currently available in English and 23 Indian regional languages spoken by over 95% of the Indian population and has an active user base of over 10 million. The service provider also has an adequate app marketplace with over 4,00,000 apps.
The Indian Hardware is still an Industry that needs a start. India is yet to identify the ‘silica’ that is required to manufacture the critical components like processor and memory. The Network Components used in India also need to be indigenised, as the proliferation of it needs to be well addressed to wad away attacks by foreign elements who target India’s National Security.
We at Cyber Secure India are aware of the constraints and also the restrictions and compliances aspect with regard to “International Trade Laws”; however, the need is felt for a phase localisation of the IT components, especially when India is in the rapid migration to e-Governance. The cyber-attack on TN’s Kudankulam nuclear plant and the ISRO cyber intrusion is also an eye-opener, especially when such critical and costly projects have to using foreign products. The Capability within India should be sincerely motivated and encourages achieving the needful. It is also challenging to define “domestically made” hardware and software, but is not an impossible target for a country with the second largest population, and youngest in age profile. Also the talent that exists in India is well appreciated by the Globe and even if 50 percent of the Brain-Drain that happens, is made available in India, the dream can be achieved.