{"id":13400,"date":"2021-10-08T00:00:00","date_gmt":"2021-10-08T00:00:00","guid":{"rendered":"https:\/\/www.nextias.com\/current_affairs\/uncategorized\/08-10-2021\/cybersecurity-norms-for-power-sector\/"},"modified":"2021-10-08T00:00:00","modified_gmt":"2021-10-08T00:00:00","slug":"cybersecurity-norms-for-power-sector","status":"publish","type":"post","link":"https:\/\/www.nextias.com\/ca\/current-affairs\/08-10-2021\/cybersecurity-norms-for-power-sector","title":{"rendered":"Cybersecurity Norms for Power Sector"},"content":{"rendered":"<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><u>In News<\/u><\/strong><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Recently, the <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><em>Central Electricity Authority (Technical Standards for Connectivity to the Grid) (Amendment) Regulations, 2019<\/em><\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> has framed Guidelines on Cyber Security in Power Sector to be adhered by all Power Sector utilities.<\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><u>Background<\/u><\/strong><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>October 2020:\u00a0<\/strong><\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Mumbai faced major power outages that brought key services to a halt.\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">A US cybersecurity firm had said the failure was <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><em>due to a cyberattack by Red Echo<\/em><\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">, a hacker group allegedly affiliated with the Chinese government.<\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><u>About Guidelines<\/u><\/strong><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The guideline lays down <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><em>actions required<\/em><\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><em> <\/em><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><em>to ramp up security measures<\/em><\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong> <\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">across various utilities to raise preparedness in the power sector.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">This is the first time that a <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><em>comprehensive guideline<\/em><\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> has been formulated on cyber security in the power sector.\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Inputs from Various Agencies:<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> The government has said it has drafted the guidelines after taking inputs from cybersecurity agencies like CERT-In, NCIIPC, NSCS, IIT Kanpur.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Application:<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">\u00a0<\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The cybersecurity guidelines will apply to all \u201cresponsible entities\u201d including-<\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:square\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">power generation utilities,\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:square\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">distribution utilities,\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:square\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">transmission companies and\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:square\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">load dispatch centres among others.\u00a0<\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The guidelines are also applicable to system integrators, equipment makers, vendors, service providers, IT hardware and software OEMs engaged in power supply systems.<\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Chief Information Security Officer (CISO):<\/strong><\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Some of the key requirements include the appointment of a <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><em>Chief Information Security Officer (CISO) <\/em><\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">at each \u201cresponsible entity\u201d.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Setting up of an Information Security Division headed by the CISO.\u00a0<\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Procedure to Identify: <\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The entities will also be required to incorporate a procedure for identifying and reporting of any disturbances suspected or confirmed to be caused by sabotage and submit the report to the sectoral Computer Emergency Response Team (CERT) and the Indian CERT within 24 hours.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The guidelines mandates ICT (Information and Communication Technology)-based procurement from identified \u201cTrusted Sources\u201d and identified \u201cTrusted Products\u201d.\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">In case the procurement is not from a trusted source, the product needs to be tested for Malware\/Hardware Trojan before deployment for use in power supply systems.<\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><u>Significance<\/u><\/strong><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The guidelines for cybersecurity in the power sector will help to create a secure power cyber ecosystem.\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The guidelines will place mechanisms for security threat early warning, strengthen the protection and resilience of critical information infrastructure, and reduce cyber supply chain risks.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The rules will help promote cybersecurity research and development, and create a market for cyber testing infrastructure in both public and private sectors in the country.\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">It will promote research and development in cybersecurity and open up the market for setting up cyber testing infra in public as well as private sectors in the country.<\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><u>Cyber Security &#8211; Vulnerabilities<\/u><\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">\u00a0<\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Operational Security:<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> IoT basis services require continuity and high availability.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Privacy:<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> Valuable data required protection.\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Software Patching:<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> Many IoT devices like human users who can install security updates.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Identity of Things:<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> In the absence of universal standards, its implementation requires a unique approach to manage authentication in access.\u00a0<\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><u>Future Technology To Be Designed with Security<\/u><\/strong><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Smart: <\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Security innovation must deliver more capable solutions to keep pace with threats.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Open:<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> Platforms and security standards must be open to promote collaboration and accelerate adoption.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Trusted:<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> Technology and security providers must be trustworthy in the creation and operation of their products.\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Strong:<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> Products and services must be hardened to resist compromise and make security transparent to users.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Ubiquitous:<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> Security must protect data wherever it exists or is used, for all parties and devices across the computer landscape.<\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"text-align:center\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/zvnWGxm2SZxUeVJrEFYdnG84a9fcPt-9sRyT8y-zhKHuQXAF-M0Y6jb3wz4lxM4KM_8zNEK24P2OV1Ea8mygBG8FoBYO2yIw1A3o4uruPmXk71fBLJvDDMJOuLdic-EsXzqiKADQ=s0\" style=\"height:373px; width:519px\" \/><\/span><\/span><\/span><\/p>\n<p style=\"text-align:center\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Image Courtesy: <\/span><\/span><\/span><a href=\"https:\/\/www.niti.gov.in\/sites\/default\/files\/2019-07\/CyberSecurityConclaveAtVigyanBhavanDelhttps:\/\/www.niti.gov.in\/sites\/default\/files\/2019-07\/CyberSecurityConclaveAtVigyanBhavanDelhi_1.pdfhi_1.pdf\" style=\"text-decoration:none\" target=\"_blank\" rel=\"noopener\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#1155cc\"><u>niti.gov<\/u><\/span><\/span><\/span><\/a><\/p>\n<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><u>Conclusion<\/u><\/strong><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The ministry of power noted that these norms must be met by all stakeholders to maintain cyber hygiene.\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The guidelines are a precursor to cybersecurity regulations that the Central Electricity Authority (CEA) is working on.<\/span><\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Source<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">: <\/span><\/span><\/span><a href=\"https:\/\/indianexpress.com\/article\/business\/cybersecurity-norms-ciso-at-each-responsible-entity-7559122\/\" style=\"text-decoration:none\" target=\"_blank\" rel=\"noopener\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#1155cc\"><u>IE<\/u><\/span><\/span><\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In News Recently, the Central Electricity Authority (Technical Standards for Connectivity to the Grid) (Amendment) Regulations, 2019 has framed Guidelines on Cyber Security in Power Sector to be adhered by all Power Sector utilities. Background October 2020:\u00a0 Mumbai faced major power outages that brought key services to a halt.\u00a0 A US cybersecurity firm had said [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":13401,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[21],"tags":[114,26],"class_list":["post-13400","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-current-affairs","tag-cyber-crime-security","tag-gs-3"],"acf":[],"jetpack_featured_media_url":"https:\/\/wp-images.nextias.com\/cdn-cgi\/image\/format=auto\/ca\/uploads\/2023\/07\/6039047Screenshot.png","_links":{"self":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts\/13400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/comments?post=13400"}],"version-history":[{"count":0,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts\/13400\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/media\/13401"}],"wp:attachment":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/media?parent=13400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/categories?post=13400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/tags?post=13400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}