Mumbai: To protect securities markets from cyber threats, regulator Sebi is looking to further beef up its policy framework on this front and plans to appoint a chief IT security officer to head these initiatives.
While Sebi has already asked stock exchanges and other market entities to put in place necessary framework to safeguard their systems, networks and databases from cyber attacks, the regulator is now looking at ways to further strengthen these mechanisms, a senior official said.
Sebi will appoint a Chief Information Technology Security Officer, who will be responsible for strengthening its regulatory policy framework in the area of cyber security.
The Officer would oversee implementation of these regulatory policies across security markets and also help enhance capacity building at Sebi and various market participants with respect to cyber security.
Sebi would also develop stress testing mechanism to mitigate risk arising out of cyber-attacks, while necessary framework would be put in place for taking corrective measures and prudent response in case of cyber attacks at the regulator or market participants.
Sebi has invited applications from eligible persons for the post of Chief IT Security Officer, who will need at least 10 years of experience in IT industry, preferably in cyber security and IT systems audit, and a minimum five years as head of a large unit of an IT company or IT unit of a bank, financial institution or market infrastructure institution.
The Officer would also observe developments in cyber technology and security space and prepare inputs for regulatory policy development.
In a recent interaction, Sebi Chairman U K Sinha raised concerns about growing cyber security threat for markets.
"We have some guidelines in place but there is a need to revamp them. We are working with experts to address the gaps and appropriate action would be taken soon.
"There are some government agencies also looking into the aspects of cyber security from the perspective of national security and they have also given us some inputs," he said.
Earlier, Sinha had said cyber attacks are now occurring in a more sophisticated manner, while he had also raised concerns about state-sponsored cyber attacks from abroad.
"We are worried over state-sponsored cyber attacks. There are worries that the vulnerability in markets are increasing. We need to create a framework for future plan of action on securities market resilience," he had said.
Last year, Sebi had asked all exchanges, clearing corporations and depositories to put in place a robust cyber security framework for systemically critical functions of trading, clearing and settlement in securities market.
Sebi has also asked Market Infrastructure Institutions (MIIs) to restrict access controls, whenever necessary. "No person by virtue of rank or position should have any intrinsic right to access confidential data, applications, system resources or facilities.
"MIIs should deploy additional controls and security measures to supervise staff with elevated system access entitlements (such as admin or privileged users)," Sebi said.