Under direction of Union Power and New & Renewable Energy Minister Shri R K Singhthe Central Electricity Authority, Ministry of Power has prepared the guideline for the Cyber Security in Power Sector and it has been released today.
CEAunder the provision of Section 3(10) on Cyber Security in the “Central Electricity Authority (Technical Standards for Connectivity to the Grid) (Amendment) Regulations, 2019” has framedGuideline on Cyber Security in Power Sector to be adhered by all Power Sector utilities to create cyber secure eco system.This is the first time that a comprehensive guideline has been formulatedon cyber security in power sector. The guidelinelays down required actionsfor cyber security preparedness across various utilities in power sector so as to raise the level of cyber security preparedness for power sector.
The Guideline has been prepared after intensive deliberations with stakeholder and inputs from expert agencies in the field of cyber security, such as CERT-In, NCIIPC, NSCS, IIT Kanpur and subsequent deliberations in Ministry of Power as well.
The Guidelinehave been issued with the objective of creating a cyber secure ecosystem. It lays down a cyber assurance framework, the strengthens the regulatory framework, puts in place mechanisms for security threat early warning, vulnerability management and response to security threats, securing remote operations and services, protection and resilience of critical information infrastructure, reducing cyber supply chain risks, encouraging use of open standards, promotion of research and development in cyber security, human resource development in the domain of Cyber Security, Developing effective public private partnerships and information sharing and cooperation.
Guideline are applicable to all Responsible Entities as well as System Integrators, Equipment Manufacturers, Suppliers/Vendors, Service Providers, IT Hardware and Software OEMs engaged in the Indian Power Supply System for protection of Control Systems for System Operation and Operation Management, Communication System and SecondaryAutomation and Tele control technologies.
These Guideline are mandatory requirements to be met by all stakeholders and lay emphasis on establishing cyber hygiene, training of all IT as well OT Personnel on Cyber Security, designating of Cyber Security Training Institutes as well as Cyber Testing labs in the Country. The Guideline mandates ICT based procurement from identified “Trusted Sources” and identified “Trusted Products” or else the product has to be tested for Malware/Hardware Trojan before deployment for use in power supply system network when system for trusted product and service is in place. It will promote research and development in cyber security and open up market for setting up Cyber Testing Infra in Public as well as Private Sector in the country.
CEA is also working on cyber security regulations. This Cyber Security guideline is precursor to the same.
The guideline is available the website of CEA for downloading (https://cea.nic.in/wp-content/uploads/notification/2021/10/Guidelines_on_Cyber_Security_in_Power_Sector_2021-2.pdf)