Reporting cyberattacks on India's financial sector might soon become easier
What's the story
The Indian government is working on a unified system for reporting and responding to cyberattacks across the financial sector, Moneycontrol has reported. The move comes amid fears that disruptions in one segment could quickly affect banking, securities markets, and payment systems. The proposed strategy aims to align the banks, securities markets, and other financial institutions with common reporting standards and globally recognized cybersecurity practices.
Strategy development
Unified system part of larger cybersecurity strategy
The proposed unified system is part of a larger financial sector cybersecurity strategy being drafted by an inter-ministerial group led by the Department of Economic Affairs. This group includes representatives from the Department of Financial Services, Ministry of Electronics and Information Technology, Department of Telecommunications, Ministry of Home Affairs, regulators, and cybersecurity agencies. A government source told Moneycontrol that "there is currently no single platform for reporting cyber incidents across the financial sector."
Risk mitigation
Addressing interconnected risks in financial systems
The proposed strategy also aims to tackle the "spillover risk," where disruptions in one part of the financial system quickly spread to others due to deep operational interdependence. For example, an outage in banking can impact the securities market, and a disruption in clearing corporations can affect multiple sectors. The interconnected risk makes cross-sector stress testing and coordinated response critical.
Standardization efforts
Standardizing cybersecurity language across sectors
The proposed strategy envisions banks, securities markets, and other institutions following common definitions, reporting standards, and internationally recognized frameworks. The idea is to ensure that all entities speak the same language when it comes to cybersecurity. This standardization effort is part of a broader move by the government to prepare for AI-driven attacks which are expected to be faster and more sophisticated than ever before.
AI threat
AI-driven attacks and vulnerabilities
The Indian Computer Emergency Response Team (CERT-In) has already warned corporations, individuals, as well as micro, small and medium enterprises about potential cyber vulnerabilities. The advisory states that these vulnerabilities may have to be addressed in hours rather than weeks or months.