...
...
Next Story

Govt plans cyber security system for financial sector

In one of the biggest cyber attacks, the data of 3.2 million debit cards used in India was stolen after a malware was injected in a back-end banking system in 2016.

Updated on: Aug 18, 2020 03:05 AM IST
Hindustan Times, New Delhi | By
Prefer HTon Google
Advertisement

The government is in the process of setting up a system to secure the country’s financial sector from cyber attacks after agencies pointed to its vulnerability due to the increase in number of digital transactions over the past few months on account of Covid-19, and threats from hostile countries such as China and Pakistan, three officials aware of the plans said on condition of anonymity.

The security of the financial system has been accorded high priority (Getty Images/iStockphoto)
The security of the financial system has been accorded high priority (Getty Images/iStockphoto)

At present, the Indian Computer Emergency Response Team (CERT-In) deals with all types of cyber security threats but officials in the administration have been discussing the need for a specialised agency, which could be called Cert-Fin, the officials said, asking not to be identified.

“This is a work in progress. Several rounds of discussions have been held at the Financial Stability and Development Council (FSDC) on the matter of securing the financial sector from cyber attacks,” one of the officials said.

FSDC is an apex body for coordination between the various regulators of the financial sector, and is chaired by the finance minister. Its members include top bureaucrats and heads of financial sector regulators such as the Reserve Bank of India (RBI), the Securities and Exchange Board of India (Sebi), the Pension Fund Regulatory and Development Authority of India (PFRDA), the Insurance Regulatory and Development Authority (IRDA) and the Forward Markets Commission (FMC).

Banking and ATM networks have been the target of cyber criminals for several years, with attackers often disrupting operations and attempting to steal sensitive data. In one of the biggest attacks of this kind, the data of 3.2 million debit cards used in India was stolen after a malware was injected in a back-end banking system in 2016.

A third official said cyber security, in general, tops the government’s agenda since it can disrupt social and political harmony and dislocate financial systems. Based on inputs from agencies such CERT-In and complaints received by agencies, the government recently decided to ban 59 mobile applications mostly of Chinese origin over what it said was concerns that they may be jeopardising user data.

The security of the financial system has been accorded high priority ; Prime Minister Narendra Modi raised the matter in his Independence Day speech on Saturday. CERT-In functions under the ministry of electronics and information technology (MeitY).

The finance ministry and MeitY did not respond to queries on this matter.

The PM announced on Saturday that a draft of new cyber security policy would be unveiled soon. He said that the government was aware of cyber threats “to the social fabric” and the “economy”.

According to the proposal under consideration, Cert-Fin will draw expertise from various financial sector agencies such as the ministry of corporate affairs (MCA), the Employees Provident Fund Organization (EPFO), the Serious Fraud Investigation Office (SFIO), the Security Printing and Minting Corporation of India Limited (SPMCIL) and the Goods and Service Tax Network (GSTN).

RBI’s latest Financial Stability Report also flagged the issue of cyber threats to the financial sector. “Cyber security preparedness requires continuous and synchronous efforts from multiple stakeholders with varied levels of cyber security preparedness,” it said.

Quoting a report by VMware Carbon Black, Shree Parthasarathy, partner and national leader- Cyber Risk Services at Deloitte India said that hackers from various countries attempted over 40,000 cyber attacks on India’s Information Technology infrastructure and banking sector over five days in the last week of June. Cyber attacks against banks and financial institutions globally have increased 238% amid the Covid-19 crisis between February and April 2020. Ransomware attacks increased by nine times during the same period.

“Cyber threats are fast evolving and the threat landscape is dynamic. It will be foolhardy to assume current set of controls are adequate,” he said adding that “the CERT-Fin is necessary though it may not be adequate.”

“The combination of a sudden pandemic, quarantine and unconventional work from home situations has exacerbated this security threat,” said GV Anand Bhushan, partner at law firm Shardul Amarchand Mangaldas & Co.

“India was ranked 23rd in the UN Cyber security Index amongst 165 nations. We need to view India as a ‘maturing’ and ‘evolving’ category of countries which are continually trying to improve cyber security measures,” he added.

Bhushan described CERT-Fin as a grand vision. Unfortunately till date there has been no budgetary allocation for setting up such a body, he said, adding that it was however clear that CERT-In alone would not be able to meet the emerging challenges in the space.

 
Check India news real-time updates, latest news on Hindustan Times and more across India.
SHARE THIS ARTICLE ON
Hindustantimes wants to start sending you push notifications. Click allow to subscribe