Cybersecurity for Power Systems: New Regulations

New Delhi, Aug 11 (PTI) To protect India's power systems from cyber attacks, the government is in process of finalising regulations to ensure that energy-related information is not compromised, Parliament was informed on Monday.

The Central Electricity Authority is in the process of finalizing the Central Electricity Authority (Cyber Security in Power Sector) Regulations, the Minister of State (MoS) for Power Shripad Naik said in a reply to the Rajya Sabha.

These regulations will ensure that the control and operation of power system elements including solar inverters, as well as the exchange of related information, including real-time data, will remain within national boundaries, he said.

In addition to this, Naik said, his ministry has also mandated that IT equipment and services, as may be identified in due course, to be used in the power sector shall be cleared through the Trusted Telecom Portal operated by National Security Council Secretariat (NSCS) prior to their supply, with effect from January 1, 2026.

In the power sector, periodic third-party cybersecurity audits have been advised vide the Central Electricity Authority (Cyber Security in Power Sector) Guidelines, 2021.

As per the provisions laid down in the guidelines, power sector utilities have been advised to conduct annual audit of their Operational Technology (OT) infrastructure and biannual audit of their Information Technology (IT) infrastructure through auditors empaneled by the Indian Computer Emergency Response Team (CERT-In).

Naik further said that to enhance the effectiveness of these audits, Computer Security Incident Response Team (CSIRT-Power) has issued guidelines on "Scope of Cyber Security Audit in the Power Sector" defining the areas to be covered during such audits.