Strengthening Cybersecurity in Power Sector

The POWERGRID Centre of Excellence (CoE) in Cybersecurity at the Indian Institute of Science (IISc), Bengaluru has been established to promote research and development in cybersecurity, particularly for power grid operations and transmission systems.

Central Electricity Authority (CEA) issued the Cyber Security in Power Sector Guidelines, 2021 to ensure a cyber-secure power ecosystem. These guidelines provide a comprehensive cyber assurance framework and strengthen the cybersecurity governance structure across all entities in the power sector. Further, the Draft Central Electricity Authority (Cyber Security in Power Sector) Regulations, 2025 are under finalization to establish a detailed cybersecurity framework for the power sector.

Ministry of Power (MoP) established the Computer Security Incident Response Team - Power (CSIRT-Power) at CEA on 5^th April, 2023 as an extended arm of CERT-In. CSIRT-Power supports utilities in detecting, responding to, managing cyber incidents, and in improving overall cybersecurity preparedness. In addition, MoP has constituted six sub-sectoral Computer Emergency Response Teams (CERTs): (Thermal, Hydro, Transmission, Grid Operation, Renewable Energy, and Distribution). Each sub-sectoral CERT has been mandated to prepare a sub-sector-specific model Cyber Crisis Management Plan (C-CMP) for coordinated response and mitigation in the event of cyber-attacks.

As per the information submitted by Gujarat Energy Transmission Corporation Limited (GETCO), in the State of Gujarat, a comprehensive cybersecurity framework has been implemented, including stricter access controls, endpoint protection, reduced system exposure, secure encrypted communication, deployment of next-generation firewalls between Remote Control Centres and the State Load Despatch Centre (SLDC), and installation of required antivirus solutions for malware protection.

In the past five years, no cyber-security breaches or successful cyber-attacks have been reported in the operational systems of the National Load Despatch Centre.

Cyber-security audits are conducted periodically across the power sector in accordance with the Central Electricity Authority (Cyber Security in Power Sector) Guidelines, 2021. These audits are carried out by third-party cyber-security auditors empaneled by CERT-In. In the past five years, 9 assessments of the Information Technology infrastructure (IT) and 5 assessments of the Operational Technology (OT) infrastructure have been carried out at the National Load Despatch Centre. Details are enclosed at Annexure.

Similarly, cybersecurity audits are periodically conducted by CERT-In empaneled auditors across all SLDCs, covering both IT and OT infrastructure, including Supervisory Control and Data Acquisition (SCADA) systems, the Unified Real-Time Dynamic State Measurement (URTDSM) system, and other critical assets.

National Load Despatch Centre

This Information was given by the Minister of State for Power, Shri Shripad Yesso Naik, in a written reply in the Lok Sabha today.

*********

NR/MD