The interconnectedness of operational and informational systems, coupled with the increasing adoption of smart solutions and availability of real-time data on cloud-based technologies, poses a risk of cyberattacks, hacking and system malfunctions, potentially disrupting operations. With the increasing penetration of internet and IT advancements, cybersecurity has become a key area of concern for authorities. Cyberattacks, or intrusions, often perpetrated with malicious intent, can put the power supply system at risk or compromise the grid system. Therefore, it is important to deploy impenetrable security systems that can overcome these challenges and handle the increasing size, scale and complexities of the power sector.
Hackers can exploit vulnerabilities in the IT and operational technology systems of transmission and distribution operators to manipulate power flows, disable critical infrastructure, or trigger widespread outages. Cybersecurity strategies cannot remain static. With attackers constantly deploying diverse threats like malware, ransomware, phishing and social engineering, defences must adapt to and adopt a multi layered approach. It is crucial to cover all potential attack vectors, not just the most common ones, and analyse each threat individually to understand its likelihood and impact, prioritising them accordingly. Continuous monitoring of threats through detection and response systems is also essential. Moreover, it is important to empower security professionals with the right tools and knowledge to interpret detections, make informed decisions and respond effectively. Automation can handle routine tasks, allowing human experts to focus on complex situations.
Government initiatives
The Central Electricity Authority (CEA) introduced guidelines on cybersecurity in the power sector in 2021. It is a comprehensive cybersecurity framework for all stakeholders and safeguards potential attack surfaces. It underlines the cardinal principles for mandatory compliance by responsible entities. The primary objectives of these guidelines include creating cybersecurity awareness, securing the cyber ecosystem, cyberassurance framework and implementing mechanisms for early warning of security threats to enhance vulnerability management.
Post this, the Central Electricity Regulatory Commission (CERC) notified the Indian Electricity Grid Code [IEGC] Regulations, 2023, effective from October 1, 2023. Chapter 8, Regulations 50-53, outline a robust cybersecurity framework for the national grid. These regulations cover protection against spyware, malware, cyberattacks, network hacking, assessment and vulnerability identification, latest technologies and infrastructure, and evolving cyberthreats and best practices. In line with Regulation 53 of the IEGC, a comprehensive procedure for the Cyber Security Coordination Forum (CSCF) has been established at both national and regional levels within the CERT-GO sector. The CSCF serves as a central hub for real-time threat intelligence, best practices and incident response strategies, fostering collaboration among critical infrastructure operators and cybersecurity experts. Regular drills and simulations conducted through the CSCF prepare member organisations for potential cyberattacks, enabling more rapid and effective incident response.
Apart from this, in April 2023, the Ministry of Power set up the Computer Security Incident Response Team [CSIRT]-Power at the CEA. CSIRT-Power will assist utilities in handling cyber incidents and enhancing cybersecurity preparedness. An empowered committee chaired by secretary (power) and a standing committee chaired by additional secretary (power) periodically review the cybersecurity preparedness of the power sector.
Under the Information Technology Act, 2000, the National Critical Information Infrastructure Protection Centre and the Indian Computer Emergency Response Team (CERT-In) were established to provide incident response and operational assistance, with a focus on safeguarding critical infrastructure from cyberthreats. The Ministry of Power created six sectoral CERT-In teams for thermal, hydro, transmission, grid operations, renewables and distribution. The teams oversee compliance, cybersecurity standards, incidents, response and guidance. Furthermore, the establishment of an Information Sharing and Analysis Centre (ISAC-Power) provides a unified platform for the six CERTs, facilitating information exchange and serving as a centralised data repository.
Security solutions
India’s increasing adoption of smart grids underscores the need for a robust cybersecurity system to safeguard critical infrastructure. This includes the deployment of firewalls for filtering incoming and outgoing traffic and restricting unauthorised access and malicious activity. Intrusion detection and prevention systems (IDPS) are also essential for monitoring network traffic, detecting anomalies and promptly alerting system administrators to potential threats. IDPS are designed for monitoring and alerting, rather than blocking attacks, necessitating their integration with complementary security measures. Utilising virtual private networks can create secure tunnels for encrypted communication between authorised devices. Installing cryptic hardware products or hardware security modules can secure the environment for key management, storing encryption keys in tamper-resistant hardware to prevent unauthorised access and protect against cyberthreats.
Public key infrastructure (PKI) plays a critical role in ensuring cybersecurity by providing authentication, encryption and digital signatures. It verifies the identities of devices and users seeking access to the smart grid network. This prevents unauthorised access and allows only legitimate participants to communicate and exchange data. Digital certificates issued by trusted authorities act as electronic passports, verifying the authenticity of entities on the network.
PKI enables secure communication between smart grid devices and systems by encrypting data transmission, and safeguarding sensitive information such as metering data or control commands from interception and tampering by malicious actors. Depending on the specific application needs, symmetric and asymmetric encryption methods are employed. PKI can enhance data integrity, protect revenue streams, and ensure service continuity.
Incident management is a crucial process for operations and IT teams to identify, contain and resolve unplanned disruptions, restoring services to their intended functionality in cases of security breach or malfunction. It prepares organisations to deal with unforeseen cyber incidents and reduce downtime. This involves creating a comprehensive plan, outlining roles, responsibilities and procedures for handling cyber incidents, and further aligning it with national frameworks and standards. The procedure should define clear incident severity levels and corresponding escalation procedures and conduct regular tabletop exercises and simulations to test the plan’s effectiveness. The incident response plan will first detect the compromised systems, collect evidences and enforce backup or alternate systems to replace compromised ones. Further, on the basis of the analysis of the evidences, it will identify the root cause of the incident, implement basic security measures and scan for malware. The affected systems should be rebuilt and restored from clean backup.
The way forward
Building on the strong foundation laid by government initiatives and existing security solutions, a strategic roadmap is required to secure India’s smart grid by adopting technological advancements. For instance, integrating innovative solutions such as AI-powered threat detection, blockchain for tamper-proof data, and quantum-resistant cryptography can help stay ahead of evolving threats. The adoption of standardised security protocols and interoperable solutions across the entire grid ecosystem can facilitate seamless information exchange and incident response. Active participation in international forums and adoption of global best practices in cybersecurity standards and policies, coupled with continuous updates to regulatory frameworks, can help adapt to the evolving threat landscape and technological advancements. Further, investing in skill development, collaboration and knowledge sharing, integrating physical security with cyber defence and securing the supply chain for smart grid can prevent vulnerabilities introduced through third-party vendors.