The Centre has released guidelines for cybersecurity in the power sector for the first time, to create a secure cyber ecosystem. Under the direction of Union Power Minister R.K. Singh, the Central Electricity Authority (CEA) has prepared the guidelines for cybersecurity in the power sector.
The guidelines lay down actions required to raise the level of cybersecurity preparedness for the power sector. The norms have been prepared after intensive deliberations with stakeholders and inputs from expert agencies in the field of cybersecurity, such as CERT-In, NCIIPC, NSCS and IIT-Kanpur, and also subsequent deliberations in the power ministry.
The CEA, under the provision of Section 3(10) on cybersecurity in the ‘Central Electricity Authority (Technical Standards for Connectivity to the Grid) (Amendment) Regulations, 2019’, has framed the guidelines on cybersecurity in the power sector, to be adhered to by all power sector utilities to create a secure cyber ecosystem.
This is the first time such comprehensive guidelines have been formulated on cybersecurity in the power sector. It lays down a cyber assurance framework, strengthens the regulatory framework, puts in place mechanisms for security threat early warning, vulnerability management and response to security threats, and secures remote operations and services, among others.
The norms are applicable to all responsible entities as well as system integrators, equipment manufacturers, suppliers and vendors, service providers, and IT hardware and software OEMs, (original equipment manufacturers) engaged in the Indian power supply system.
The guidelines mandate ICT-based procurement from identified ‘trusted sources’ and ‘trusted products’, or else the product has to be tested for malware and hardware trojan, before deployment for use in the power supply system network.
This step will promote research and development in cybersecurity, and open up the market for setting up cyber testing infra in public as well as private sectors in the country.