De-jargoned: Cert-Fin of financial sector2 min read . Updated: 10 Jul 2017, 11:01 AM IST
Cert-Fin will work closely with all financial-sector regulators and stakeholders on issues of cyber security
Last week, the government released a report of the working group for setting up the Computer Emergency Response Team in Financial Sector (Cert-Fin) in the country. During the FY2017-18 Union Budget speech, the finance minister had proposed to establish a Cert-Fin. We tell you what it is and why it is important for you:
What is it?
Cert-Fin will act as an umbrella Cert for the financial sector and report to Indian Computer Emergency Response Team (Cert-In) at the national level, in accordance with the information technology Act and rules. Cert-Fin will work closely with all financial-sector regulators and stakeholders on issues of cyber security. Cert-Fin is recommended as an independent body, to be set up as a company under Section 8 of the Companies Act, 2013, with a governing board. It will have an advisory board for providing direction, reviewing performance and recommendations, and allocation of resources. It has also been recommended that each financial-sector regulator will have a separate entity that will provide information in real time to Cert-Fin. So, there would a bank-Cert (which would be the Reserve Bank of India), a securities-cert, insurance-cert and pension-cert; all of which will directly report to Cert-Fin. Cert-Fin will then report to the National Critical Information Infrastructure Protection Centre (NCIIPC), which monitors and coordinates protected systems of critical national infrastructure.
RBI will act as the lead regulator till Cert-Fin is set up and becomes fully functional.
Role of Cert-Fin
Cert-Fin will collect, analyse and disseminate information on cyber incidents across financial sectors. It will forecast and send alerts on cyber security incidents. It will also take emergency measures on cyber security incidents. It will coordinate responses and activities for cyber incidents and issue guidelines, advisories, and white papers relating to vulnerabilities and information security. It will monitor efforts in the financial sector towards maintaining modern cyber security architecture, developing awareness among regulated entities and the public in general. Cert-Fin will also create awareness on security issues through dissemination of information on its website and operate a 24x7 incidence response help desk. It will also provide incident prevention and response services as well as quality management services and will carry out functions similar to Cert-In, which operates at the national level, for priority cyber security in financial sector. Cert-Fin will offer policy suggestions for strengthening financial sector cyber security to all the stakeholders, including regulators and the government.
How it impacts you
Since the country is on a digital drive, it becomes even more important to protect the users from any cyber incidents. Therefore, a national body to monitor cyber security in the financial services sector is a good idea.
However, we will have to see how much time it takes for the government to implement this idea and also how well it will be executed.
The working paper about it open to the public for comments till 31 July.