The Government of India has set up four Sectoral Computer Emergency Response Teams to address Cyber Security Threats in Power Systems. Piyush Goyal, Power Minister, said that these are for addressing four power sectors: Transmission, Thermal, Hydro and Distribution, each of which have their own CERT, in order to co-ordinate with power utilities.
In that context, according to Goyal, “The relevant stakeholders of Smart Grid have been advised to identify critical infrastructure and use end to end encryption for data security”…”All utilities have been asked to identify a nodal senior executive as its Chief Information Security Officer (CISO) to lead the process of strengthening organizational systems with respect to cyber security and implement an Information Security Management System as recommended by rules framed under the Information Technology (IT) Act 2008”, according to the statement from the government.
A few points:
– This becomes especially important since a smart grid uses connected systems for monitoring and controlling power flows from manufacturers to distribution utilities and consumers, and attacks that lead to the shut-down of the grid can disrupt the supply of power to the country.
– A sectoral split between the power sector itself is interesting: it means that there will specific focus for specific issues. In the past, India has had a single CERT-IN for the Internet and telecom sectors, so perhaps it is time that Deity set up separate teams to look into separate sub-sectors. Payments, for example, will require a significant amount of focus going forward.