The government on Thursday released cybersecurity guidelines for the power sector, which will apply to all “responsible entities” including power generation utilities, distribution utilities, transmission companies and load dispatch centres among others. The guidelines are a precursor to cybersecurity regulations that the Central Electricity Authority is working on.
On October 12, 2020, Mumbai faced major power outages that brought key services to a halt. A US cybersecurity firm, Recorded Future, had said the failure was due to a cyberattack by Red Echo, a hacker group allegedly affiliated with the Chinese government.
Power Minister RK Singh has, however, said there was no proof that the failure was a result of a cyberattack. The minister has also said four of India’s five regional load dispatch centres have faced cyberattacks. Some of the key requirements include the appointment of a Chief Information Security Officer (CISO) at each “responsible entity” as well as the setting up of an Information Security Division headed by the CISO. The entities will also be required to incorporate a procedure for identifying and reporting of any disturbances suspected or confirmed to be caused by sabotage and submit the report to the sectoral Computer Emergency Response Team (CERT) and the Indian CERT within 24 hours.
The guidelines are also applicable to system integrators, equipment makers, vendors, service providers, IT hardware and software OEMs engaged in power supply system.