Sebi to chart out long term cyber security plan amid data breach scare

Regulator to discuss issue in detail in a meeting slated for Sept 18

Sebi will deliberate with its board members next month on putting in place a long term cyber security framework for markets amid concerns over malicious software script targeting systems and possible data breaches.

With technology-based platforms and high-speed algorithmic systems becoming key fulcrums for trading activities, the regulatory focus is on bolstering the existing framework and ensure a robust firewall is in place to thwart possible cyber attacks.

The Securities and Exchange Board of India's (Sebi) efforts to put in place long term plans for cyber security of the market place also come against the backdrop of exchanges facing technical glitches and spate of suspected cyber attack cases globally, including in India.

In recent months, a raft of dreaded ransomware attacks like WannaCry and Petya have impacted the computer systems worldwide.

Sources said a detailed discussion on cyber security issues are expected during the meeting of the Sebi board, which is scheduled for September 18.

The meeting would deliberate on measures that can be initiated for a long term cyber security plan, they added.

On July 10, a technical glitch at the country's largest stock exchange NSE had resulted in halting of trading activities for over three hours.

Already, the regulator has decided to undertake a comprehensive review of technology and systems at all market institutions, including stock exchanges, to safeguard the marketplace from cyber threats and technical glitches.

The watchdog has also asked the exchanges and other institutions to keep a constant vigil on cyber threats globally and take lessons to put in place necessary safeguards.

"It was emphasised that there should be prompt and diligent reporting of any technical issues, including cyber attacks, to relevant agencies including CERT-In and Sebi," the regulator had said after a meeting with stock exchanges, clearing corporations and depositories in late July.

According to the watchdog, Market Infrastructure Institutions (MIIs) should have well laid out change management and standard operating procedures that should encompass all areas related to technology and operations.

Besides the stock exchanges, major MIIs include depositories and clearing corporations.

Among others, Sebi has been stressing on the importance of sharing information on instances of technology-related disruptions, cyber threats and attacks among MIIs so as to enhance their situational awareness.

In May, Sebi had set up a high level panel on cyber security to suggest measures to safeguard the capital markets from such attacks.

The committee would advise Sebi in developing and maintaining cyber security and cyber resilience requirements aligned with global best practices and industry standards in accordance with the need of Indian capital market structure.

Earlier this month, the NSE and the BSE alerted market entities to guard against a malicious software script that targets critical sectors like energy and finance to steal information from personal computers and passes them on to adversaries outside the country.

The alert came after a communique from National Cyber Security Coordinator regarding a highly suspicious communication being observed on the internet in the country.