India has come up with a comprehensive guideline to prevent cyber attacks in the power sector and directed all power companies to prepare themselves against cyber attacks.

This is for the first time that Central Electricity Authority (CEA) has formulated a comprehensive guideline that intends to bring uniformity in cyber security preparedness across various utilities.

The guidelines were formulated on the instruction of the Union Power Minister R K Singh by the CEA under the provision of Section 3(10) on Cyber Security in the “Central Electricity Authority (Technical Standards for Connectivity to the Grid) (Amendment) Regulations, 2019”, said a senior officer of the Power Ministry.

The Guideline was prepared with the objective of creating cyber security awareness, secure cyber ecosystem, cyber-assurance framework, and Strengthening of the regulatory framework. It would also develop mechanisms for security threat early warning, vulnerability management and response to security threats to secure remote operations and services.

The CEA has also made guidelines for the Protection and resilience of critical information infrastructure and reducing cyber supply chain risks. CEA has prepared a roadmap to develop human resources in the domain of Cyber Security and to develop effective public-private partnerships.

The Ministry said the guideline is applicable to all Responsible Entities as well as System Integrators, Equipment Manufacturers, Suppliers/Vendors, Service Providers, IT Hardware and Software OEMs engaged in the Indian Power Supply System for protection of Control Systems for System Operation and Operation Management, Communication System and Secondary Automation and Tele control technologies.

“These Guidelines are Mandatory requirement to be met by all stakeholders and give emphasis on establishing cyber hygiene, training of all IT as well OT Personnel on Cyber Security, designating Cyber Security Training Institutes as well as Cyber Testing labs in the country,” the Ministry said.

The Guideline also mandates ICT based procurement from identified “Trusted Sources” and identified “Trusted Products” or else the product has to be tested for Malware/Hardware Trojan before deployment for use in the power supply system network when a system for trusted product and service is in place, the Ministry said.