To create a secure cyber ecosystem, the Power Ministry and the Central Electricity Authority (CEA) have released guidelines for cybersecurity, which outline the actions required to raise the level of cybersecurity preparedness for the power sector. The norms have been prepared after deliberations with stakeholders and inputs from cybersecurity expert agencies. These include the Indian Computer Emergency Response Team (CERT-In), National Critical Information Infrastructure (NCIIPC), National Society of Collegiate Scholars (NSCS), and the Institute of Information Technology-Kanpur (IIT-Kanpur), and also subsequent deliberations in the Power Ministry.
The CEA, under provisions in the ‘Central Electricity Authority (Technical Standards for Connectivity to the Grid) (Amendment) Regulations, 2019’, framed the guidelines and all power sector utilities must comply with the regulations. According to a news report by The Federal, this is the first time that guidelines have been formulated on cybersecurity in the sector. It lays down a cyber assurance framework, strengthens the regulatory framework, and puts in place mechanisms for security threat early warning, vulnerability management, and response to security threats. It also secures remote operations and services.
The norms apply to all responsible entities and system integrators, equipment manufacturers, suppliers and vendors, service providers, and IT hardware and software OEMs (original equipment manufacturers) in the Indian power supply system. The guidelines mandate ICT-based procurement from identified ‘trusted sources’ and ‘trusted products’, or else the product has to be tested for malware and hardware trojan before is it used in the power supply system network. This step will promote research and development in cybersecurity and open up the market for setting up cyber testing infrastructure in the public and private sectors in the country.
Cybersecurity measures need to be strengthened, given that the power sector has been deploying emerging technologies in its core operations. In August, the government approved the Revamped Distribution Sector Scheme to improve all power distributions companies and department (DISCOMs) operations by boosting the supply infrastructure using artificial intelligence (AI)-based solutions. With the help of AI, the government aims to analyse data generated through IT/OT devices such as system metres, demand forecasting, Time of Day (ToD) tariff, renewable energy (RE) integration, and other predictive analyses. Also, for prepaid smart metres to prepare system-generated energy accounting reports every month, enabling DISCOMs to make informed decisions on loss reduction. Funds under the scheme would also be used for the development of AI-driven applications. The government expects this to promote the development of start-ups in the distribution sector across the country.
As OpenGov Asia had reported, the implementation of the scheme would be based on the action plan worked out for each state rather than a one-size-fits-all approach for the country. Funds are available for the identified projects under IPDS and the approved ongoing projects under the Prime Minister’s development programme (PMDP) for the union territories in Jammu, Kashmir, and Ladakh till 31 March 2023. The scheme’s objectives are to enhance the overall efficiencies and financial sustainability of DISCOMs. Under this, there are multiple objectives like reducing aggregate technical and commercial (AT&C) losses to pan-India levels by 12-15% over the next four years.