Govt releases guidelines to ensure cybersecurity in power sector

author-image
New Update
Govt releases guidelines to ensure cybersecurity in power sector

​BY A STAFF REPORTER 

The power ministry on Thursday issued guidelines to ensure cybersecurity across various utilities in the power sector.



The Central Electricity Authority prepared the guidelines under the direction of the Ministry of Power and New & Renewable Energy Minister R.K. Singh, the power ministry said in a statement.



According to the release, these guidelines are applicable to all responsible entities such as transmission utilities, load despatch centres, generation utilities, distribution utilities, as well as equipment manufacturers, suppliers, service providers, software original and equipment manufacturers, among others engaged in the power supply system.



As per the guidelines, the information and communications technology-based procurements should either be products from identified trusted sources, or have to be tested for malware/hardware Trojan before deployment for use in the power supply system network.



Further, the guidelines also make it mandatory for companies to download or upload any data or information from trusted sources on the Internet. While framing the cybersecurity policy, the companies need to adhere to the list of whitelisted Internet protocol addresses for each firewall to ensure safety from cyber-attacks.



In order to manage their cybersecurity policies, the companies also have to appoint a chief information security officer, according to the guidelines.



Among other guidelines, the power sector utilities need to prepare a Cyber Risk Assessment and Mitigation Plan, ensure reporting of sabotage in their cybersecurity policy within 30 days of issuing guidelines, test cyber assets, and audit cybersecurity.



The norms have been prepared after intensive deliberations with stakeholders and inputs from expert agencies in the field of cybersecurity, such as the Computer Emergency Response Team – India, National Critical Information Infrastructure Protection Centre, National Society of Collegiate Scholars and Indian Institute of Technology-Kanpur, and subsequent deliberations in the power ministry, it said.



The Central Electricity Authority is also working on cybersecurity regulations. These guidelines are a precursor to the same, it added.




Source : Eureka