Enhancing Cybersecurity in India’s Power Sector: Central Electricity Authority’s New Regulations

India Strengthens Cybersecurity Measures in Power Sector to Counter Rising Threats

The Central Electricity Authority (CEA) of India has taken proactive steps to bolster the cybersecurity of the country’s power sector in light of escalating cyberattacks on critical infrastructure globally. The newly proposed Central Electricity Authority (Cyber Security in Power Sector) Regulations, 2024, represent a comprehensive approach to fortifying India’s energy infrastructure against digital threats.

Under these regulations, which are set to be enforced six months after their publication in the Official Gazette, stringent cybersecurity measures will be mandated across all segments of the electricity industry. This includes generating firms, transmission and distribution licensees, and other relevant entities.

One of the key provisions of the regulations is the establishment of a specialized Computer Security Incident Response Team (CSIRT) dedicated to the power sector. This team will play a pivotal role in developing security frameworks, coordinating defense strategies, and managing incident responses and recovery efforts. Additionally, the regulations mandate the appointment of Chief Information Security Officers (CISO) and alternate CISOs within all organizations in the power sector to ensure leadership in cybersecurity initiatives.

Furthermore, the regulations emphasize the importance of Cyber Crisis Management Plans (CCMPs) for effective response to cyber incidents, as well as the adoption of sophisticated security technologies and mandatory cybersecurity training for personnel involved in IT and operational technology systems.

The draft regulations are currently open for public consultation and feedback until September 10, 2024. Following this period, the regulations will come into effect, marking a significant milestone in India’s efforts to safeguard its critical energy infrastructure from cyber threats.