Sebi wants exchanges, others to have robust cyber security net

The move is aimed at protecting against various forms of cyber attacks such as Denial of Service, phishing, hacking, sniffing, spoofing, key-logging and malware

To safeguard capital markets from cyber attacks, regulator Sebi plans to put in place detailed guidelines to be followed by stock exchanges and other market infrastructure institutions to secure their IT systems.

"The move is aimed at securing the data, applications, database, operating systems and network layers of Financial Market Infrastructures (FMIs) from various forms of cyber attacks such as Denial of Service (DoS) attacks, phishing, hacking, man-in-the-middle attack, sniffing, spoofing, key-logging and malware attacks," a senior official said.

The Securities and Exchange Board of India (Sebi), which is mandated to regulate the entire gamut of capital markets in the country, has discussed the issue with its Technical Advisory Committee (TAC) and with various FMIs to assess the adequacy of their technology risk management framework.

"Sebi intends to lay down the broad principles that FMIs would be required to comply with while designing and implementing their IT and cyber security policy," the official added.

In Indian markets, various FMIs such as stock exchanges, clearing corporations and depositories have taken various steps and measures to secure their systems, networks and information from such risks and threats.

The area of information systems security and cyber security is an important part of IT risk management framework and primarily comprises identification, assessment and protection of systems, networks and information from risks and threats of attack, damage or unauthorised access.

However, the ever-changing technology calls for a proper and uniform policy to be followed to ensure safety of the markets from any kind of cyber attacks.

Sebi, itself, is planning to beef up its team of officers by hiring IT experts to develop data mining and intelligence tools, as also to check cyber attacks.

These officers will develop data analytics and business intelligence tools, and also manage internal IT security and audit systems to guard against data loss and theft.

Besides, they would also analyse various technology- related needs of Sebi and help implement the projects following issuance of new guidelines including from the government, CVC and the regulator itself.

Sebi has identified technology as a key area of focus for its policy initiatives during the current fiscal 2015-16.

The role of the new officers, to be part of Information Systems team at Sebi, would also include application development and database administration.

They would also work towards protection against "loss, theft, cyber attack" on Sebi's services, applications, databases and strengthening the investigation team with technical capability.