Section 177 of the Electricity Act of 2003 by CEA stipulates the newly proposed regulations, which need strong cyber security measures in all areas of the electricity industry.
The Central Electricity Authority (CEA) has published a draft of the Central Electricity Authority’s Cyber Security in Power Sector Regulations in an aggressive attempt to protect India’s power industry from growing cyber threats. These laws, which will be enforced six months after they are published in the Official Gazette, aim to improve the cyber resilience of the country’s electricity system. By September 10, 2024, stakeholders and the general public are requested to provide feedback on these recommendations.
Section 177 of the Electricity Act of 2003 stipulates the newly proposed regulations, which need strong cyber security measures in all areas of the electricity industry. Generating firms, licensees for transmission and distribution, and other related entities fall under this category. These strict procedures are set to create a safe operating environment as a reaction to the increasing number of cyberattacks that target critical infrastructure around the world.
The establishment of a dedicated Computer Security Incident Response Team (CSIRT) for the power industry is a key component of the proposed legislation. This group will be in charge of establishing security frameworks, coordinating a sector-wide cyber defense plan, and serving as the main incident response and recovery organization. It is required of organizations operating in the power sector to designate a Chief Information Security Officer (CISO) and a backup CISO. This guarantees that Indian nationals working in top management positions hold these crucial roles. The regulations underscore the crucial role that these officers play in protecting the nation’s energy assets by requiring them to report directly to the top executives of their respective enterprises.
Additionally, the document outlines the mandatory Cyber Crisis Management Plans (CCMPs) that every organization needs to create and update. These plans, which are crucial for the coordination and handling of cyber incidents, need to be authorized by the organization’s top management level. Technically speaking, the regulations outline thorough security procedures. These include putting in place sophisticated firewalls, intrusion prevention systems (IPS), and intrusion detection systems (IDS) that can recognize abnormal behavior. Additionally, a lot of focus is placed on training, with mandatory cyber security training being required for all staff members involved in the operation and maintenance of both IT and operational technology (OT) systems.
A ‘Trusted Vendor System,’ which requires that all ICT-based equipment and services be purchased from verified and trustworthy sources, is another new feature of the CEA’s draft regulations. This precaution is meant to protect the integrity of the power supply system and stop malware from infecting other components.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
