Sebi Strengthens Cybersecurity Framework for Stock Exchanges and MIIs

August 30, 2023

India’s capital markets regulator, Sebi, has introduced new guidelines to strengthen the cybersecurity and cyber resilience framework for market infrastructure institutions (MIIs) such as stock exchanges, clearing corporations, and repositories. These guidelines come into immediate effect and address the interconnectedness and interdependency of MIIs, expanding the scope of cyber risk beyond their controlled systems. MIIs are required to maintain encrypted offline data backups and regularly test them to ensure confidentiality, integrity, and availability.

The guidelines also suggest exploring options for retaining spare hardware to facilitate system rebuilding in case of disruptions. Business continuity drills, vulnerability scanning, multi-factor authentication, and secure domain controllers are among the measures recommended to enhance cybersecurity and operational risk management for these systemically important institutions.

What steps has Sebi taken to strengthen cybersecurity for stock exchanges and MIIs?

Sebi has issued guidelines mandating MIIs to maintain encrypted offline data backups and test them regularly. These institutions are required to explore the possibility of retaining spare hardware for system recovery. Additionally, business continuity drills, vulnerability scanning, multi-factor authentication, and secure domain controllers have been recommended to enhance cybersecurity and operational readiness.

How does Sebi view the interconnectedness of MIIs in terms of cybersecurity risk?

Sebi acknowledges the interconnectedness and interdependency of MIIs and notes that their cyber risk is no longer confined to their controlled systems. As a result, the new guidelines are aimed at strengthening the cybersecurity and cyber resilience framework for these institutions.

What is the significance of MIIs in the securities market?

MIIs, including stock exchanges, clearing corporations, and repositories, are systemically important institutions that provide the essential infrastructure for the smooth functioning of the securities market. This necessitates robust cybersecurity measures to ensure the uninterrupted operation of the market.

What are the key requirements outlined in the new guidelines for MIIs?

The guidelines require MIIs to maintain encrypted offline backups of data and regularly test these backups. They also suggest exploring options for retaining spare hardware for system recovery. Business continuity drills, vulnerability scanning, multi-factor authentication, secure domain controllers, and secure dark web monitoring services are among the recommended measures.

How do the guidelines address the readiness of MIIs against cyber threats?

The guidelines mandate business continuity drills to assess the readiness of MIIs and the effectiveness of existing security controls in dealing with cyber threats. These drills ensure that MIIs can effectively respond to ransomware attacks and other cybersecurity incidents.

Why is multi-factor authentication considered important for MIIs?

Multi-factor authentication enhances security by requiring users to provide multiple forms of verification before accessing services. Implementing multi-factor authentication helps protect MIIs from unauthorized access and cyber threats, thereby safeguarding critical operations and information.

« Previous Post Next Post »