Government comes up with cybersecurity guidelines in power sector
For the first time in the power sector the government has released guidelines for cybersecurity. This is a step towards creating a secure cyber ecosystem. In a press statement it is said that under the supervision of Union Power and New & Renewable Energy Minister R K Singh, the Central Electricity Authority (CEA) has framed the guidelines for cybersecurity in the power sector.
The CEA under the provision of Section 3(10) on cybersecurity in the 'Central Electricity Authority (Technical Standards for Connectivity to the Grid) (Amendment) Regulations, 2019' has framed the guidelines on cybersecurity in the power sector to be adhered to by all power sector utilities to create a secure cyber ecosystem.
The ministry said that in the power sector it is the first time that the comprehensive guidelines have been formulated on cybersecurity.
The guidelines lay down actions required to raise the level of cybersecurity preparedness for the power sector. The norms have been prepared after intensive deliberations with stakeholders and inputs from expert agencies in the field of cybersecurity, such as CERT-In, NCIIPC, NSCS and IIT-Kanpur, and subsequent deliberations in the power ministry also.
It lays down a cyber assurance framework, strengthens the regulatory framework, puts in place mechanisms for security threat early warning, vulnerability management and response to security threats, and secures remote operations and services, among others, it added.
The norms applies for all the responsible entities as well as system integrators, equipment manufacturers, suppliers/ vendors, service providers, and IT hardware and software OEMs (original equipment manufacturers) engaged in the Indian power supply system.
The statement also revealed that the guidelines mandate the ICT-based procurement from identified 'trusted sources' and 'trusted products' otherwise the product has to be tested for malware/ hardware trojan before deployment for use in the power supply system network, it stated.
The CEA is also working on cybersecurity regulations. These cybersecurity guidelines are a precursor to the same, the ministry said.
