Markets regulator, the Securities and Exchange Board of India (SEBI), has introduced guidelines to further boost the cyber security and cyber resilience framework for stock markets along with market infrastructure institutions (MIIs).
The guidelines, which were issued on August 29, 2023, will come into immediate effect, as per SEBI.
These guidelines have been introduced to add muscle to the existing MII frameworks, including stock exchanges, clearing corporations, and repositories.
As per the guidelines, MIIs will be required to maintain offline, encrypted data backups. Besides, they would be required to test these backups regularly, at least quarterly, to take stock of confidentiality, integrity, and availability.
In addition, MIIs need to explore the possibility of retaining spare hardware in an isolated environment to rebuild systems to beat scenarios where starting their operations from both the Primary Data Centre (PDC) and Disaster Recovery Site (DRS) is not likely possible.
Furthermore, they must conduct business continuity drills on a regular basis. This is aimed at ensuring the organisation’s readiness and keeping a tab on the effectiveness of existing security controls at the ground level to tackle ransomware attacks.
MIIs are directed to conduct vulnerability scanning to identify and address vulnerabilities on a regular basis, especially for those on internet-facing devices, to curtail the attack surface.
Generally, MIIs are systemically crucial institutions, considering they support the infrastructure required for the smooth and uninterrupted functioning of the securities market.
In this regard, the market regulator has stated that they should employ multi-factor authentication for all services, secure domain controllers, and secure dark web monitoring services to monitor any brand abuse.
As per SEBI, for an effective operational-risk management strategy, MIIs are required to have in place a robust cyber security framework to extend crucial facilities and perform systemically critical functions associated with trading, clearing, and settlement in the securities market.
Rajiv is an independent editorial consultant for the last decade. Prior to this, he worked as a full-time journalist associated with various prominent print media houses. In his spare time, he loves to paint on canvas.
