The Securities and Exchange Board of India has called for proactive measures to prevent cyber attacks asking for rigorous threat analysis. Market infrastructure institutes have been directed to set up a dedicated security analysis team for a cyber security operation centre that would work round the clock to identify and respond to cyber attacks and recover data. This step follows right after the issuance of a comprehensive guideline not long ago on cyber security aimed at stock brokers and depository participants.
The C-SOC or the cyber security operation centre of market infrastructure institutions (MIIs) which includes “clearing operations, depositories and exchanges” is tasked to prevent these attacks by incorporating a regular threat analysis. SEBI has specified the inclusion of an all-inclusive dashboard and the need for tracking key security metrics that will provide a cyber threat scorecard as part of the alert mechanism. As per the new regime, the centre will be headed by the MIIs chief information security officer working closely with the network, cybersecurity and the IT team, along with various other departments. The officers heading these departments will be reporting to the MD and the CEO of the MII.
As per the details provided in the SEBI circular, for real time detection of security incidents, there will be 24-hour monitoring and analysis of all the relevant logs done on MIIs network devices, and the sourcing of cyber intelligent feed from reliable vendors. Data traffic and inputs will be received from other MIIs as well as external agencies like CERT-In. Bourses, clearing corporations and depositories have been given six months time to take the necessary actions to put in place the appropriate processes for the implementation of this new rule.
For MIIs that have an already established cyber security operation centre in place but have different norms listed down SEBI, there will have to be an adoption of one of the models within a year. The four models that “MIIs can choose from include -MIIs own C-SOC that is managed primarily by its own staff, MIIs own C-SOC that is supervised by their full-time staff but staffed by a service provider”; and two other models that include “C-SOC that can be shared by the MII with its group entities” and “C-SOC that may be shared by the MII with other SEBI recognized MIIs”.
