The central government of India has released guidelines for cybersecurity in the power sector with an aim to create a secure power cyber ecosystem.
“Central Electricity Authority (Technical Standards for Connectivity to the Grid) (Amendment) Regulations, 2019 has framed guidelines on cybersecurity in power sector to be adhered by all power sector utilities to create the cyber secure ecosystem,” said the power ministry in an official statement.
“This is the first time that a comprehensive guideline has been formulated on cybersecurity in the power sector. The guideline lays down required actions for cybersecurity preparedness across various utilities,” it added.
According to the government notification, the norms have been prepared after intensive deliberations with stakeholders and inputs from expert agencies in the field of cybersecurity such as CERT-In, NCIIPC, NSCS and IIT-Kanpur and subsequent deliberations in the power ministry also, said the statement.
It lays down a cyber-assurance framework, strengthens the regulatory framework, puts in place mechanisms for security threat early warning, vulnerability management and response to security threats, and secures remote operations and services, among others, it added. The norms are applicable to all responsible entities as well as system integrators, equipment manufacturers, suppliers/ vendors, service providers, and IT hardware and software OEMs (original equipment manufacturers) engaged in the Indian power supply system.
The guidelines mandate ICT-based procurement from identified ‘trusted sources’ and ‘trusted products’ or else the product has to be tested for malware/ hardware trojan before deployment for use in the power supply system network, it stated.
It will promote research and development in cybersecurity and open up the market for setting up cyber testing infra in public as well as private sectors in the country. The CEA is also working on cybersecurity regulations. These cybersecurity guidelines are a precursor to the same, the ministry said.