Markets watchdog Sebi has proposed a consolidated cyber security and cyber resilience framework wherein all regulated entities need to put in place an up-to-date cyber crisis management plan.
The framework has been mooted to further strengthen cyber-risks, incidents prevention, preparedness, and response capacities of the entities. Sebi has issued a consultation paper on ‘Consolidated Cyber Security and Cyber Resilience Framework (CSCRF) for Sebi Regulated Entities’ looks at providing a common structure for multiple approaches to cyber security to prevent any cyber-risks/incidents. Comments have been sought on the consultation paper till July 25.
Also read: Silicon Valley-based startup raise USD 10 million to launch disruptive 5G and automotive solutions
The Securities and Exchange Board of India (Sebi) said the framework is based on five concurrent and continuous functions of cyber security as defined by NIST — Identify, Protect, Detect, Respond, and Recover. NIST refers to the National Institute of Standards and Technology. According to Sebi, the framework will continue to be updated and improved as technology and the securities market evolves as different REs (Regulated Entities) provide their feedback. “All REs shall formulate an up-to-date Cyber Crisis Management Plan (CCMP),” the consultation paper issued on Tuesday said. They would also have to put in place a comprehensive incident response management plan and respective Standard Operating Procedures (SOPs).
“Alerts generated from monitoring and detection systems shall be suitably investigated for Root Cause Analysis (RCA),” it noted. With technological developments in the securities market, Sebi said that maintaining robust cyber security and cyber resilience to protect the organisations operating in the securities market from cyber risks/ incidents has become indispensable. The regulator has been issuing targeted cyber security and cyber resilience frameworks for various regulated entities since 2015.