To tackle cyber threats to India’s financial institutions, the central government is mulling to establish a financial Computer Emergency Response Team (CERT).
Addressing the 15th Asia Pacific Computer Emergency Response Team (APCERT) Open Conference in New Delhi on November 15, 2017, IT Secretary Ajay Prakash Sawhney said, “right now, the one which is directly being worked on is the financial CERT. We are getting the framework in place and once that is there, we will look at other sectors. It will oversee the entire financial sector including banks and financial institutions.”
In March this year, the power ministry had announced to create four sectoral CERTs for cybersecurity in power systems: CERT (Transmission), CERT (Thermal), CERT (Hydro), and CERT (Distribution).
Udbhav Tiwari, program manager at the Centre for Internet and Society, a Bengaluru-based think tank, highlighted the responsibilities of the financial CERT in a conversation with Live Mint. “The biggest task of sectoral CERT is to share information with the others in the industry. For example, if a bank undergoes an attack, normally the bank will perform all the necessary actions to limit the attack and to prevent it from happening in the future. But the obligation of sharing how the attack happened with all the other banks in India to make sure that they can protect their respective systems from such an attack, can be carried out by a financial CERT,” he said.
Cybersecurity Chief Gulshan Rai, who was also present at the event, said “from April to October 2017, around 50,000 cyber security incidents have been handled by CERT-In; including phishing, malware attacks, attacks on digital payments and targeted attacks on some of the critical industries.”
On August 1, 2017, MoS home affairs Hansraj Gangaram Ahir had said “as per the information by the Indian computer emergency response team (CERT-In), 50 incidents affecting 19 financial organizations have been reported during the period of November, 2016 to June, 2017.”