GOVERNMENT OF INDIA
MINISTRY OF FINANCE
DEPARTMENT OF FINANCIAL SERVICES
UNSTARRED QUESTION NO. 727
TO BE ANSWERED ON THE 22nd November, 2016/ Agrahayana 1, 1938 (SAKA)
Cyber attack on ATM system of public and private banks
SHRI DHARMAPURI SRINIVAS:
SHRI RAJEEV CHANDRASEKHAR:
Will the Minister of FINANCE be pleased to state:
The Minister of State in the Ministry of Finance
(SHRI SANTOSH KUMAR GANGWAR)
(a)to (e): Reserve Bank of India (RBI) has informed that an incident of data breach with respect to cards was reported and the matter is under investigation. Independent investigation by a forensic auditor approved under Payment Card Industry Data Security Standard (PCI-DSS) framework is under process.
RBI has set up a Cyber Security and IT Examination (CSITE) Cell within its Department of Banking Supervision in 2015. The Bank issued a comprehensive circular on Cyber Security Framework in Banks on June2, 2016 covering best practices pertaining to various aspect of cyber security. The circular requires banks to have among other things, a cyber-security policy, cyber crisis management plan, a gap assessment vis-à-vis the baseline requirements indicates in the circular, monitoring certain risk indicators in this area, report unusual cyber security incidents within 2 to 6 hours.
RBI has been carrying out IT Examination of banks from last year. RBI has also set up a Cyber Crisis Management Group to address any major incidents reported including suggesting ways to respond and recover to/from the incidents. Department of Banking Supervision also conducts cyber security preparedness testing among banks on the basis of hypothetical scenarios with the help of CERT-In. RBI has also set up an IT Subsidiary, which would focus, among other things, on cyber security within RBI as well as in regulated entities.