NSE Operations Disrupted… Is there a Cyber Attack?

At around 9.15 am today as soon as the markets opened, after the first few ticks, the NSE system developed a glitch and its cash market rates stopped getting updated.

Probably the contracts also did not get executed. However the F&O continued to operate and BSE continued to operate smoothly.

The system is expected to come online back at 10.45 am.

The exact reasons are being analyzed. Let’s wait and watch.

If the dislocation of NSE is a result of any malicious attack, this needs to be considered as a case of Cyber Terrorism and handled as such irrespective of the reputation of NSE.

Naavi

Update 1:

The obvious question is whether the systems had a crash because of some technical glitch such as balance loading failed or such other network related issues.

There is a possibility that there was a cyber attack also which may not be immediately be revealed.

The BCP however has taken around 75 minutes to pull back the system into operation.

SEBI needs to check the cause and then determine if it has to take any further action to prevent such happenings in future.

Over the last few days, there is an online movement to boycott Chinese products in India and according to one report the sales of Chinese products in India has come down by 60% during this period.

I see a distinct possibility that  China may be flexing its muscle in the Indian Cyber Space which could be a reason for the NSE glitch. CERT IN should conduct a special investigation keeping this angle in mind.

We may have to be careful on the NPCI infrastructure being targeted next and then the Aadhar.

I urge CERT In to create a special gateway to prevent Chinese intrusion into any of our critical information infrastructure.

Update 2:

The re-opening has now been further deferred and it is not able to re-open at 10.45 am.

Update 3:

The markets re-opened at 11.15 am. But the F&O is still frozen. It is probably because they have moved some of the servers from Futures to Cash handling.  After a while both servers have been stopped at around 11.18.

I suppose both will re-open simultaneously after a few more minutes.

Update 4:

NSE to re start operations at 12.30 pm.

Update 5:

NSE seems to have come back to normal operations after 12.30 pm. Analysis of the cause etc are awaited.

Update 6:

Finance Ministry is expecting SEBI to submit a report on the incident by the end of the day. I think CERT IN should also seek a report from NSE and SEBI and prepare its own report.

Final Take

This incident is a “Denial of Access” incident in a nationally important system and it requires reporting to CERT-IN under Section 70B. If NSE does not report and CERT-In does not assert its rights, it will encourage other private sector entities also to avoid reporting security incidents to CERT-IN.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.