Central Electricity Authority (CEA) has amended the CEA (Cyber Security in Power Sector) Guidelines, 2021.
The amendment has been notified to address the issue of frequency of operational technology (OT) audit for compliance by all entities in clause 2.3 of the guidelines. Article 14 (b) of CEA (Cyber Security in Power Sector) Guidelines, 2021 has been amended and states that the responsible entity shall through a CERT-In (the Indian Computer Emergency Response Team) empanelled cyber security OT auditor shall get their information technology (IT) system audited at least once in every six months and OT system audited at least once in a year. The responsible entity shall close all critical and high vulnerabilities within a period of one month and medium as well as low non-conformity before the next audit. Effective closure of all non-conformities shall be verified during the next audit.