BSE, NSE readying mechanism to mitigate cyber attack risks: Sebi chief

BENGALURU: A mechanism is being put in place in the National Stock Exchange and the Bombay Stock Exchange to mitigate the risks of cyber attacks, with the new system expected to go live in March next year, Sebi chairperson Madhabi Puri Buch said on Friday.
Everyone is worried about cyber security, and want to ensure that stock exchanges and depositories in the country have good disaster recovery (DR) plans in place, she said.
Buch noted that standard archetypal disaster recover plans only account for location downtime and hardware and network breakdowns, and not software breakdown and contamination.
“In a cyber attack, it’s your software that will get attacked; so through transmission, your DR site will also get contaminated. So, we worry a lot about this,” she said.
In this regard, the capital market regulator has gotten the country’s two biggest exchanges–NSE and BSE–to have in place a mechanism.
“This is work in progress now. I think we will go live about March next year where now you are mitigating against software risk”, Buch said.
Under the proposed mechanism, she explained, all the data of every client’s positions and collaterals which is there in exchange ‘A’ is online and “going and sitting in a storage box next to exchange ‘B’, in its data centre.
“If exchange ‘A’ goes down and if Sebi determines that this is on account software attack–meaning cyber attack–and it’s not going to be possible for their DR site to come up in time, Sebi will press the button for that data to be uploaded into exchange ‘B”s system, their software.
And now every participant in the market can operate on exchange ‘B’ as though he was operating on exchange ‘A’.
Buch added in an interaction after her lecture on ‘data and technology in the capital market’ at the Indian Institute of Management Bangalore: “This has never been done in the world. And we will be the first to do this.”
“When the cyber attack happens, and it will happen one day, we all know that. And when this system kicks in, we would have prevented something. No body will see it as something (cyber attack) happened. (But see that) it didn’t happen”, Buch said.