Central Electricity Authority (CEA) has proposed to notify draft regulations related to cybersecurity in the power sector.
The regulations proposed to be called “Draft Central Electricity Authority (Cybersecurity in Power Sector) Regulations 2024,” have been prepared and CEA is seeking public comments to the same.
CSRIT
Among other things, these draft regulations propose to create a new entity called “Computer Security Incident Response Team (CSRIT) – Power” under the CEA. This entity shall collect traffic data, generated, transmitted, or stored in computer resources of all “responsible entities” in power sector, to enhance cyber security and for identification, analysis and prevention of cyber intrusion or spread of computer contaminant or any other work, as directed by the Authority through a separate order. CSIRT-Power shall have roles and responsibilities including laying down the cybersecurity framework and protocol for the power sector.
It is also proposed that all responsible entities in the power sector shall establish an Information Security Division (ISD) headed by the Chief Information Security Officer (CISO), dedicated to ensuring cybersecurity. This ISD shall remain operational round the clock, ensuring sufficient workforce and infrastructure support is provided for the ISD.
For vendors
The draft regulations also propose that vendors shall provide documented and tested procedures and recovery plan for restoration of the system from potential cyber crisis scenarios. Vendors shall ensure that the security patches and updates are made available for all system components, supplied by them throughout the entire contractually stipulated operating time.
Responsible entities
The term “responsible entities” shall mean power sector entities deploying operational technologies (OT) with or without IT systems, including generating companies including captive plants, renewable energy sources , energy storage system, transmission licensees including deemed transmission licensee, distribution licensees, National Load Dispatch Centre (NLDC), Regional Load Dispatch Centers (RLDC), State Load Dispatch Centers (SLDC), control centers of distribution licensee, Central Transmission Utility, state transmission utilities, and renewable energy management centers, forecasting service provider, traders, power exchanges, qualified coordinating agencies.
Featured photograph (source: Siemens) is for representation only.
