Central Develops Guidelines to Prevent Cyber Attacks in Power Centres

New Delhi; 18 October, 2021: The Central Government has finally formulated guidelines for prevention of cyber attacks in the power stations of the nation. The Central Electricity Authority (Technical Standards for Connectivity to the Grid) Amendment Regulations, have framed a couple of guidelines that are to be followed by all the power utility sectors of the country in order to keep themselves within the cyber security ecosystem.

This set of guidelines clearly states and specifies the activity that has to be carried out to ensure cyber security preparation across the utility sectors. As per the announcement, extensive discussions were conducted with the stakeholders and the experts like CERT-In, IIT Kanpur, NSCS and NCIIPC to bring all the inputs into a common ground for the cyber security framework.

This complete process is believed to establish an assured cyber framework, enhance regulatory framework, manage vulnerability, push methods of early warning threats, secure remote operation and services, etc.

These guidelines are to be followed by all the established bodies of the power supply system in India like System Integrators, Equipment Manufacturers, Vendors, Service Providers, etc. It is believed that this would encourage the growth of cyber security research and establish cyber security testing centres in both commercial and public sectors of the nation.

The guidelines consist of several articles:

• Article 1: The Responsible entity would strictly adhere to the cardinal principles of cyber security.
• Article 2: Appointment of Chief Information Security Office.
• Article 3: Identification of Critical Information Infrastructure.
• Article 4: Appointment of Electronic Security Perimeter.
• Article 5: The Cyber Security ISD has to be functional 24*7*365.
• Article 6: Creating a plan of Cyber Security Assessment Risks and Mitigation.
• Article 7: Phasing out of Legacy System.
• Article 8: Creating a Cyber Supply Risk Change Management.
• Article 9: Creating a Cyber Security Incident Report and Response Plan.
• Article 10: Creating a Cyber Crisis Management Plan.
• Article 11: Sabotage Reporting.
• Article 12: Security and Testing of Cyber Assets.
• Article 13: Cyber Security Audit Report

The guideline is downloadable from the website of CEA for downloading: https://cea.nic.in/wp-content/uploads/notification/2021/10/Guidelines_on_Cyber_Security_in_Power_Sector_2021-2.pdf.