Indian Banks – Center for Analysis of Risks and Threats (IB-CART)
The Reserve Bank of India’s Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds stated that “there is a need for a system of information sharing akin to the functions performed by Financial Services Information Sharing Agency (FS-ISAC) in the US” and recommended that IDRBT set up a body like the FS-ISAC that can enable sharing of security events amongst banks. Simultaneously, the National Security Council Secretariat also wanted such centres to be set up in various critical sectors. As banks were well ahead in implementing information security and IDRBT had already set up a CISO Forum for banks, the task of setting up this body for information sharing was entrusted to IDRBT.
Accordingly, IDRBT set up the Indian Banks – Center for Analysis of Risks and Threats (IB-CART) in March 2014. This is a first for the country and has become a model for other critical sectors. The key objectives of the IB-CART are:
- to disseminate and foster sharing of relevant and actionable threat information among members to ensure the continued public confidence in the banking sector. IB-CART will share and disseminate information associated with physical and cyber events (incidents / threats / vulnerabilities) and resolution or solutions associated with the bank’s critical infrastructures and technologies.
- Utilise the sectors’ resources (people, process, and technology) to aid the entire sector with situational awareness and advance warning of new physical and cyber security events and challenges.
- enable infrastructure that enables anonymity and security while capturing and disseminating information.
- conduct research and intelligence gathering to alert the members of evolving or existing events
- support the development of content that is posted to the IB-CART database, advice on mitigation steps or best practices to members
- facilitate cross sector information exchange.
Since its establishment, the IB-CART has played a pivotal role in creating a platform to develop safety nets to contain cyber attacks. It has been constantly engaging with the IT executives of banks to resolve security concerns of the banking sector.
The IB-CART team also performs cyber drills regularly to help banks strengthen their incident management process. The latest cyber drill was conducted in February 2023 and around 60 banks participated.
The IB-CART now has more than 90 users from over 60 public, private and foreign banks in India The IB-CART advisory council has 9 members with representation from public and private sector banks and CERT-IN. The IB-CART functions under the aegis of the Institute’s Centre for Cyber Security and Data Privacy and is coordinated by Dr. B.M. Mehtre, Dr. Rajarshi Pal, and Dr. Dipanjan Roy, Faculty, IDRBT.