As cyberthreats rise, Sebi to expand scope of security initiatives for MIIs

Regulator Sebi is planning to broaden the scope of cybersecurity initiatives for the market infrastructure institutions (MIIs) and look into the operational modalities of their implementation in order to deal with the cyber challenges.

Enhancement of cybersecurity has been one of the priorities of the Securities and Exchange Board of India (Sebi) during the financial year 2017-18.

"Taking cognizance of the threat posed by technological developments in the Indian capital markets and the rise of cyber threats in the financial domain across the globe, Sebi had laid down a detailed framework with regard to cyber security and cyber resilience that stock exchanges, clearing corporations and depositories are required to adopt," the regulator said in its annual report for 2017-18.

Additionally, a high powered steering committee on cybersecurity was constituted which was chaired by a Whole Time Member of Sebi and created a cybersecurity cell to actively address cybersecurity issues.

"In 2017-18, Sebi had actively issued three advisories in the wake of ransomware attacks. Additionally, advisories were also issued based on inputs from the National Cyber Security Coordinator (NSCS)," the report said.

Last year, multiple incidents of ransomware attacks like WannaCry, Petya and Locky were reported globally.

As per the report, Sebi had compiled a list of cyber threat vectors and cyberattack scenarios, which was shared with the MIIs to aid them in dealing with the risks.

"As a pre-emptive measure to further enhance the safeguards placed to protect the systems of the Indian MIIs, Sebi had advised MIIs to put in controls based on its list of cyber threat vectors and cyberattack scenarios," the report added.

The regulator has also advised MIIs to conduct a half-yearly comprehensive review of cybersecurity. It aims to check the level and adequacy of the controls put in place by the MII to comply with the various circulars and advisories issued by Sebi pertaining to cybersecurity along with the safeguards put in place by them to mitigate the cyberthreat vectors and cyberattack scenarios.

"Todays, cyber security breaches pose a major challenge to market participants across the globe. To deal with this challenge, Sebi plans to expand the scope for cyber security initiatives for MIIs and also look into the operational modalities of implementation.

"In this direction, a full cyber security review of MIIs is planned that includes all the cyber security advisories issued by Sebi and full list of cyber security threat vectors," Sebi said.

Besides, a cyber-capability index is being developed to assess the cybersecurity preparedness and resilience of the MIIs to ascertain their level of preparedness.

In November 2017, Sebi had facilitated a cyber-training programme conducted by scientists of CERT-In. It was attended by officials of all the MIIs and intermediaries such as brokers, depository participants, asset management companies and registrar and transfer agents.