All the responsible need to comply with the new norms
The Government of India issued a set of guidelines for cybersecurity in the power sector. The move aims to create a secure power cyber ecosystem. The Ministry of Power in an official statement said, “Central Electricity Authority (Technical Standards for Connectivity to the Grid) Amendment Regulations, 2019, has framed Guidelines on Cyber Security in Power Sector to be adhered by all Power Sector utilities to create the cyber secure ecosystem.”
Furthermore, the statement read, “This is the first time that a comprehensive guideline has been formulated on cybersecurity in the power sector. The guideline lays down required actions for cyber security preparedness across various utilities.”
The Centre has formulated the new norms following intensive deliberations with stakeholders. Also, inputs from cybersecurity experts like CERT-In, NCIIPC, NSCS and IIT-Kanpur and subsequent deliberations in the power ministry.
The Centre’s guidelines lay down a cybersecurity assurance framework strengthening the regulatory framework that puts in place mechanisms for security threat early warning, vulnerability management and response to security threats and secures remote operations and services among others.
All the responsible entities including system integrators, equipment manufacturers, vendors, suppliers, service providers, and original equipment manufacturers (OEMs) for IT hardware and software need to comply with the new norms. As per the guidelines, emphasis has been given on mandating ICT-based procurement from identified ‘trusted sources’ and ‘trusted products’. Otherwise, the product has to be tested for malware/ hardware trojan ahead of deployment for use in the power supply system.
Further, the Ministry’s statement said that the move will boost research and development in the cybersecurity domain and will open up the market for setting up cyber testing infrastructure in the public as well as private sectors. Moreover, the CEA is working on a cybersecurity regulatory framework too. The guidelines are a precursor to the same.