SEBI Tightens Cybersecurity Framework For Market Infrastructure Entities
The Securities and Exchange Board of India on Friday asked market infrastructure institutions to set up a round-the-clock cybersecurity operation centre manned by dedicated security analysts to identify, respond, recover and thwart cyberattacks.
The cybersecurity operation centre of market infrastructure institutions—clearing corporations, depositories and exchanges—need to prevent cyberattacks through proactive actions, including continuous threat analysis.
Appropriate alert mechanisms should be implemented, including a comprehensive dashboard, tracking of key security metrics and provide cyber threat scorecards, SEBI said in a circular.
In order to detect security incidents in real time, the market regulator said, the centre should go for 24X7 monitoring and analysis of relevant logs of market infrastructure institutions’ network devices, data traffic, cyber intelligence feeds sourced from reliable vendors, inputs received from other market infrastructure institutions as also from external agencies such as CERT-In, among others.
The cyber intelligence feeds should include cyber news feeds, signature updates, incident reports, threat briefs, and vulnerability alerts.
The latest framework comes after the market regulator, earlier this week, issued a detailed guidelines on cybersecurity for stock brokers and depository participants. The regulator has directed bourses, clearing corporations and depositories to take necessary steps to put in place appropriate systems and processes for implementation of the framework within six months.
According to SEBI, the centre should be headed by market infrastructure institutions’ chief information security officer, who will work closely with various departments, including network team, cybersecurity team and IT. Such officer will directly report to the managing director and chief executive officer of a market infrastructure institution.
The regulator said market infrastructure institutions can choose from one of the four models to set up their cybersecurity operation centre. The models include— market infrastructure institutions’ own C-SOC manned primarily by its internal staff; their own C-SOC staffed by a service provider but supervised by a full time staff.
The other two models to choose from are C-SOC that can be shared by the market infrastructure institutions with its group entities; and C-SOC that may be shared by the market infrastructure institutions with other SEBI-recognised market infrastructure institutions.
In case a market infrastructure institution already has a cybersecurity operation centre set-up that is different from that prescribed by SEBI, then such infrastructure institutions need “to adopt and transit to one of the models...within a period of one year”.
A report on the functioning of the centre, including details of cyberattacks faced by market infrastructure institutions, major cyber events warded off by market infrastructure institutions, cybersecurity breaches, data breaches need to be placed on a quarterly basis before the board of such infrastructure institutions.