Govt releases guidelines for cybersecurity in power sector
The CEA under the provision of Section 3(10) on cybersecurity in the ‘Central Electricity Authority (Technical Standards for Connectivity to the Grid) (Amendment) Regulations, 2019’ has framed the guidelines on cybersecurity in the power sector to be adhered to by all power sector utilities to create a secure cyber ecosystem.
The ministry said this is the first time that comprehensive guidelines have been formulated on cybersecurity in the power sector.
The guidelines lay down actions required to raise the level of cybersecurity preparedness for the power sector. The norms have been prepared after intensive deliberations with stakeholders and inputs from expert agencies in the field of cybersecurity, such as CERT-In, NCIIPC, NSCS and IIT-Kanpur, and subsequent deliberations in the power ministry also.
It lays down a cyber assurance framework, strengthens the regulatory framework, puts in place mechanisms for security threat early warning, vulnerability management and response to security threats, and secures remote operations and services, among others, it added.
The norms are applicable to all responsible entities as well as system integrators, equipment manufacturers, suppliers/ vendors, service providers, and IT hardware and software OEMs (original equipment manufacturers) engaged in the Indian power supply system.
The guidelines mandate ICT-based procurement from identified ‘trusted sources’ and ‘trusted products’ or else the product has to be tested for malware/ hardware trojan before deployment for use in the power supply system network, it stated.
It will promote research and development in cybersecurity and open up the market for setting up cyber testing infra in public as well as private sectors in the country.
The CEA is also working on cybersecurity regulations. These cybersecurity guidelines are a precursor to the same, the ministry said.