What is Cert-Fin? Discuss its role and impact on India's cybersecurity architecture.

Cert-Fin will be an umbrella Cert for the financial sector and report to Indian Computer Emergency Response Team (Cert-In) at the national level, in accordance with the information technology Act and rules.
Features of Cert-Fin

  • Cert-Fin will work closely with all financial-sector regulators and stakeholders on issues of cyber security.
  • Cert-Fin will be an independent body, to be set up as a company under Section 8 of the Companies Act, 2013, with a governing board.
  • It will have an advisory board for providing direction, reviewing performance and recommendations, and allocation of resources.
  • It has also been recommended that each financial-sector regulator will have a separate entity that will provide information in real time to Cert-Fin.
  • There would be a bank-Cert (which would be the Reserve Bank of India), a securities-cert, insurance-cert and pension-cert; all of which will directly report to Cert-Fin.
  • Cert-Fin will then report to the National Critical Information Infrastructure Protection Centre (NCIIPC), which monitors and coordinates protected systems of critical national infrastructure.

Impact on cyber security and architecture
Cert-Fin will collect, analyse and disseminate information on cyber incidents across financial sectors. It will forecast and send alerts on cyber security incidents. Cert-Fin will contribute to strengthening of the cyber security of the country.

  • It will also take emergency measures on cyber security incidents.
  • It will coordinate responses and activities for cyber incidents and issue guidelines, advisories, and white papers relating to vulnerabilities and information security.
  • It will monitor efforts in the financial sector towards maintaining modern cyber security architecture, developing awareness among regulated entities and the public in general.
  • Cert-Fin will also create awareness on security issues through dissemination of information on its website and operate a 24×7 incidence response help desk.
  • It will also provide incident prevention and response services as well as quality management services and will carry out functions similar to Cert-In, which operates at the national level, for priority cyber security in financial sector.
  • Cert-Fin will offer policy suggestions for strengthening financial sector cyber security to all the stakeholders, including regulators and the government.
Originally written on April 4, 2023 and last modified on October 27, 2024.

Leave a Reply

Your email address will not be published. Required fields are marked *