Cybersecurity For Power Sector in Focus in India, Worldwide

The Ministry of Power (MoP) has prepared guidelines for cybersecurity in the Indian power sector, which were released yesterday.

Cybersecurity is a key disruptive force facing companies in the coming years. Companies that excel and invest in these areas now are thought to be better prepared for the future business landscape and better equipped to survive unforeseen challenges.

Even as India moves to secure its power sector, the proportion of power industry operations and technologies companies hiring for cybersecurity related positions worldwide rose in August 2021 to 44.4% of the companies analysed by GlobalData, a data analytics and consulting company, headquartered in London.

MoP Launches Regulatory Compliance Division to Monitor Discoms

Also Read

This latest figure was higher than the 42.1% of companies who were hiring for cybersecurity related jobs in July 2021 and an increase compared to the figure of 37.7% for the equivalent month last year.

MoP’s new guidelines are to be adhered by all the power sector utilities to create cyber secure eco system. This is the first time that comprehensive guidelines has been formulated on cyber security in the power sector.

“The Guideline has been prepared after intensive deliberations with stakeholder and inputs from expert agencies in the field of cyber security, such as CERT-In, NCIIPC, NSCS, IIT Kanpur and subsequent deliberations in Ministry of Power as well,” said MoP.

MoP Issues Draft Electricity Rules 2021 for Green Energy

Also Read

The guideline lays down a cyber assurance framework and a strong regulatory framework, putting in place mechanisms for security threat early warning, vulnerability management and response to security threats, securing remote operations and services, protection and resilience of critical information infrastructure, reducing cyber supply chain risks, encouraging use of open standards, promotion of research and development in cyber security, human resource development in the domain of cyber security, developing effective public private partnerships and information sharing and cooperation.

The guidelines are applicable to all responsible entities: system integrators, equipment manufacturers, suppliers/vendors, service providers, IT hardware and software OEMs engaged in the Indian power supply system for the protection of control systems for system operation and management, communication system, secondary automation and tele control technologies.

These guidelines are mandatory requirements to be met by all the stakeholders and lay emphasis on establishing cyber hygiene, training all IT as well as OT personnel on cyber security, and designating cyber security training institutes as well as cyber testing labs in the country.

“The guidelines mandate ICT-based procurement from identified “trusted sources” and identified “trusted products” or else the product would have to be tested for malware/hardware trojan before deployment for use in the power supply system network when system for trusted product and service is in place. It will promote research and development in cyber security and open up market for setting up Cyber Testing Infra in Public as well as Private Sector in the country. CEA is also working on cyber security regulations. This Cyber Security guideline is precursor to the same,” said MoP.