A test bed is a restricted ecosystem where various experiments can be conducted without affecting the entire set up/
Moving closer to mitigate security vulnerabilities of power equipment and systems, the Central Electricity Authority (CEA) has set up a task force that will formulate testing standards and procedures, and identify requirement of infrastructure upgradation, by creating a separate test bed for cyber security in power sector.
A test bed is a restricted ecosystem where various experiments can be conducted without affecting the entire set up. “This test bed is being created for cyber security compliance testing. We will also do periodic testing to mitigate security vulnerabilities of power equipment and systems,” said a senior government official, on the condition of anonymity. The CEA, which is the apex policy advisory body in the electricity sector, established the task force on December 28, 2017.
According to the official, the government is yet to allocate a budget for the test bed as the whole process is still in preliminary stage. “This task force consists of an official each from Central Power Research Institute, Bureau of Indian Standards, NTPC Ltd, Power Grid Corporation of India Limited, Standardisation Testing and Quality Certification, National Critical Information Infrastructure Protection Centre and
Power System Operation Corporation Limited,” he added.
In the wake of the Wannacry ransomware attacks last year, the CEA had warned of threats to smart grid systems in the country and an “urgent” need to develop a cyber security framework to address security needs in the country’s power sector. The Wannacry ransomware attack in May 2017 had affected computers and systems in 150 countries, including India after which, the Ministry of Power had tasked the CEA with constituting a committee to discuss various issues like “cyber security issues in the power sector”. The Central Electricity Authority committee submitted its report on July 19, 2017.
The CEA’s report recommended new “testing standards” for power utilities, the creation of a “test bed” at Central Power Research Institute (CPRI), modified procurement guidelines for equipment used in power utilities and security audits of all Supervisory Control and Data Acquisition (SCADA) systems and Energy Management Systems (EMS).
“Though India in past few years has developed technical standards for evaluating cyber security/ cyber-attacks, there is a perceived lack of security built into the smart grid systems. Further, the mechanism for information sharing on cyber security incidents need to be developed. Given the vulnerabilities in the operations of the power system devices, including present practices followed, developing a multiple-threat intrusion detection system is the need of the hour,” stated the CEA’s report, titled ‘Cyber Security in Power System’.
“Cyber and physical security threats pose a significant and growing challenge to electric utilities. Unlike traditional threats to electric grid reliability, such as extreme weather, cyber threats are less predictable and therefore more difficult to anticipate and address. This calls for an urgent need to develop a cyber security framework and regulatory response to address the specific security needs of the power sector in India,” the CEA’s report stated.
After submitting the report, the CEA, on August 11 last year, also gave the power ministry a presentation on cyber security. Through its report, the CEA informed the Power ministry that two sub-committees at the Bureau of Indian Standards (BIS) have been working on “draft standards” to enhance cyber security.
“One group is working on the manual on cyber security of power systems so auditing of organisations (power utilities) based on the standard can be achieved. The second group aims to bring in draft IEC 62443, which are specifications as part of the standard wherein the compliance requirements for products of Industrial Control Systems is being dealt with,” the Central Electricity Authority’s report stated.
A chapter in the CEA’s report specifically analyses whether it is possible to limit tendering to only domestic firms for better cyber security since India is bound by international treaty commitments. The report recommended a “modification” in procurement guidelines for equipment used in power utilities.
“Widespread connection of smart control mechanism for power equipment, smart appliances and other energy control devices will increase digital complexity and shall invite more attack points, and therefore require more intensive cyber security protection…Considering that cyber security risks are evolving, and cyber-security is not a point in time activity, it needs to be further reviewed and enhanced from time-to-time,” the Central Electricity Authority’s report stated.
For all the latest Technology News, download Indian Express App
Get assembly election result LIVE updates from each constituency in Tripura, Nagaland and Meghalaya
