CEA issues guidelines for cyber security in power systems to prevent intrusion attempts

CEA issues guidelines for cyber security in power systems to prevent intrusion attempts

Sanjay JogUpdated: Friday, October 08, 2021, 12:35 PM IST
article-image
Photo Credit: Pexels

The Central Electricity Authority (CEA) has issued guidelines for Cyber Security in power systems especially against the backdrop of cyber intrusion attempts and cyber-attacks in any critical sector are carried out with a malicious intent. The guidelines are aimed at creating cyber security awareness, a secure cyber ecosystem and creating a cyber-assurance framework, strengthening the regulatory framework and creating mechanisms for security threat early warning, vulnerability management and response to security threats.

Further, it also focuses on securing remote operations and services, protection and resilience of critical information infrastructure, reducing cyber supply chain risks and operationalization of the National Cyber Security Policy. CEA said the guidelines were needed to further strengthen cyber security as the gain of sensitive operational data through intrusions may help the Nation/State sponsored or non-sponsored adversaries and cyber attackers to design more sinister and advanced cyber-attacks.

CEA in the guidelines has proposed a formulation of Cyber Crisis Management Plan for dealing with cyber related incidents for a coordinated, multi-disciplinary and broad-based approach for rapid identification, information exchange, swift response and remedial actions to mitigate and recover from malicious cyber related incidents impacting critical processes. It has also proposed Security Architecture which is a framework and guidance to implement and operate a system using the appropriate security controls with the goal to maintain the system's quality attributes like confidentiality, integrity, availability, accountability and assurance.

As the life cycle of the power system equipment/system is longer than that of IT Systems deployed therein, the Responsible Entity (RE) shall ensure that all IT technologies in the Power System Equipment/System should have the ability to be upgraded. The RS shall ensure that the Information Security Division shall draw the list of all communicable equipment/systems nearing end life or are left without support from OEM. Thereafter CISO shall identify equipment/systems to be phased out from the list drawn, firm up their replacement plan and put up the replacement plan for approval before the Board of Directors. This is aimed at hardening cyber security.

RECENT STORIES

With 1,59,000 Cases, Maharashtra, India's Richest State Has The Highest Number Of Bank Frauds:...

With 1,59,000 Cases, Maharashtra, India's Richest State Has The Highest Number Of Bank Frauds:...

Deepinder Goyal Net Worth: Zomato Boss Net Worth About ₹2,570 Cr, Check Out His Fleet Of Luxury...

Deepinder Goyal Net Worth: Zomato Boss Net Worth About ₹2,570 Cr, Check Out His Fleet Of Luxury...

Lamborghini Unveils First Logo Redesign In 20 Years

Lamborghini Unveils First Logo Redesign In 20 Years

King Of Crypto In Jail: Sam Bankman-Fried Imprisoned For 25 Years

King Of Crypto In Jail: Sam Bankman-Fried Imprisoned For 25 Years

Skoda Superb Poised For Return To India – Speculated Launch On April 3!

Skoda Superb Poised For Return To India – Speculated Launch On April 3!