Sebi expands committees on cyber security and information systems

The Securities and Exchange Board of India (Sebi) has expanded two of its committees–High Powered Steering Committee on Cyber Security (HPSC-CS) and Information Systems Security Committee (ISSC)–in a bid to strengthen cyber security frameworks and cyber resilience requirements.

The committee on cyber security has been expanded to eight members from six earlier . It will continue to be chaired by Navin Kumar Singh, DG at National Critical Information Infrastructure Protection Centre (NCIIPC). G Padmanabhan, ex-executive director, Reserve Bank of India, and Sushil Kumar Nehra, Additional Director, Cyber Security Division, MeitY are its new members.

The eight-member committee oversees and provides guidance on cyber security initiatives, and advises Sebi in developing and maintaining cyber security and cyber resilience requirements aligned with global best practices and industry standards in accordance with the need of Indian capital market structure.

The panel has also been entrusted to periodically review the mandate and functioning of security operations centres, provide recommendations for cyber security audit, study major cyber-attack incidents, and identify gaps in the existing framework. It also works on identifying measures to improve business continuity and disaster recovery process in the Indian securities market.

The other members on the panel includes Sanjay Bahl, Director General, CERT-In and Prof H Krishnamurthy, Chief Research Scientist (Retired), IISC Bangalore, apart from representations from various IITs.

The last rejig of the HPSC-CS panel was done in September.

The capital markets regulator also expanded its panel on Information Systems Security Committee (ISSC) to seven members, chaired by Prof Krishnamurthy. According to the Sebi website, this panel approves Information Security Policies, suggests amendments in the existing ones, and provides inputs and suggestions to take urgent actions on cyber security incidents of Sebi regulated entities.

The move comes at a time when Central Depository Services (India) (CDSL), the largest depository in India by number of accounts, faced cyber security issues in November which impacted settlement activities.