The Central Electricity Authority (CEA) has released the guidelines for cybersecurity in the power sector for the first time.
The guidelines have to be adhered to by all power sector utilities. The guidelines lay down a cyber assurance framework, strengthens the regulatory framework, puts in place mechanisms for security threat early warning, vulnerability management and response to security threats, and secures remote operations and services, among others. The norms are applicable to all responsible entities as well as system integrators, equipment manufacturers, suppliers/ vendors, service providers, and IT hardware and software original equipment manufacturers engaged in the Indian power supply system. The guidelines mandate ICT-based procurement from identified trusted sources and trusted products or else the product has to be tested for malware/ hardware trojan before deployment for use in the power supply system network.