With cyber threats getting virulent by the day, the country will soon have an exclusive Cyber Emergency Response Team (CERT) to deal with the cyber challenges faced by the financial sector.

“CERT-In has prepared a detailed report on the establishment of a financial CERT. The proposal is at an advanced stage now. It will look into the cyber challenges faced by banking, financial and insurance institutions in the country,” Ajay Sawhney, Secretary, Ministry of Electronics and Information Technology, told BusinessLine here on Friday.

Set up in 2004, CERT-India is the country’s response mechanism for cyber emergencies. It acts as a central nodal agency with regard to dealing with cyber threats and other issues.

Sawhney was here to take part in the Academic Research Summit 2018 organised by Microsoft and International Institute of Information Technology (IIIT-Hyderabad).

“Till the time we have an exclusive financial CERT, the existing CERT-In will take care of the emergency response in the cyber security threat landscape.”

He said going forward, there was a possibility to have geographical and sectoral CERTs. “It will be easier for response teams focussed on a city, a specific geography or a sector to respond to the issues related to them.”

However, the Centre will look at a hierarchy to ensure coordination among the various CERTs.

GDPR

With regard to the General Data Protection Regime (GDPR) that’s being mandated by the European Union from May, the Secretary said the government has studied the GDPR and data protection frameworks across the world.

“We have set up an expert panel headed by former Supreme Court Judge BN Srikrishna that has come out with a white paper. The first round of consultations in cities such as New Delhi, Mumbai, Bengaluru and Hyderabad are over. The panel will receive suggestions till January 31. After that, it will take the feedbacks into consideration and come out with suggestions,” he said.

GDPR assigns unprecedented rights to individuals on their data. Restrictions on how to to use data would require IT firms to conform to the regulations. Violations would attract severe financial penalties.