Eaten: Financial Sector Cert-Fin

Last week, the government released the report of the task force on setting up a Computer Emergency Response Team in the Financial Sector (Cert-Fin) in the country. During the Union Budget speech for the fiscal year 2017-18, the finance minister proposed setting up a Cert-Fin. We tell you what it is and why it is important to you:

What is this?

Cert-Fin will act as an umbrella Cert for the financial sector and will report to the Indian Computer Emergency Response Team (Cert-In) at the national level, as per the Information Technology Act and regulations. Cert-Fin will work closely with all financial sector regulators and stakeholders on cybersecurity issues. Cert-Fin is recommended as an independent body to be established as a company under Section 8 of the Companies Act, 2013 with a board of directors. It will have an advisory board to provide direction, review performance and recommendations and allocate resources. It has also been recommended that each financial sector regulator should have a separate entity that will provide real-time information to Cert-Fin. Thus, there would be a bank-Cert (which would be the Reserve Bank of India), a securities certificate, an insurance certificate and a pension certificate; all of them will be directly under Cert-Fin. Then, Cert-Fin will report to the National Critical Information Infrastructure Protection Centre (NCIIPC), which monitors and coordinates the protected critical national infrastructure systems.

The RBI will remain the primary regulator until Cert-Fin is established and fully operational.

The role of Cert-Fin

Cert-Fin will collect, analyze and disseminate information on cyber incidents in the financial sectors. It will forecast and issue alerts on cyber incidents. It will also take emergency measures in the event of cyber incidents. It will coordinate responses and actions regarding cyber incidents and issue guidelines, advisories and documents on vulnerabilities and information security. It will monitor the efforts in the financial sector to maintain a modern cybersecurity architecture, developing awareness among regulated entities and the general public. Cert-Fin will also raise awareness of security issues by disseminating information on its website and operate a 24/7 incident response help desk. It will also provide incident prevention and response services, as well as quality management services and will perform functions similar to Cert-In, which operates at the national level, in the area of ​​priority cybersecurity in the financial sector. Cert-Fin will offer policy suggestions to strengthen the cybersecurity of the financial sector to all stakeholders, including regulators and the government.

How does this affect you?

As the country is on a digital disk, protecting users from any cyber incidents becomes even more important. That is why a national body monitoring cybersecurity in the financial services sector is a good idea.

However, it remains to be seen how long it will take the government to implement this idea and how well it will be executed.

The working document on this topic is open to public comment until 31 July.