India plans specialized cyber unit to protect its power grid

• The growing threat of cyber attacks on India’s power grid has prompted the government to consider setting up a specialised computer security incident response team (CSIRT)
• The move comes amid increasing geopolitical uncertainties, and China’s attempts to target India’s critical infrastructure, such as the power grids and transportation systems, through malware attacks.

Computer Security Incident Response Team (CSIRT)

• It will comprise of trained professionals, including domain experts from the private sector
• It will be housed under India’s apex power sector planning body, Central Electricity Authority (CEA)
• The officers will be recruited through the Combined Engineering Services Examination conducted by the Union Public Service Commission
• It will be aimed at thwarting any attempt at crippling the critical power infrastructure
• It will perform functions pertaining to cyber security incidents, such as creating awareness, incident monitoring and response, and forensic analysis.
• It will act as an extended arm of CERT-IN

Critical Information Infrastructure (CII)

• It is defined as those computer resources, the destruction of which, shall have debilitating impact on national security, economy, public health or safety
• Critical sectors includes Power & Energy, Banking, Financial Services & Insurance, Telecom, Transport, Government ,Strategic & Public Enterprises

Indian Computer Emergency Response Team (CERT-In)

• It coordinates efforts on cybersecurity issues with the National Critical Information Infrastructure Protection Centre (NCIIPC) to oversee India’s cybersecurity operations in critical sectors
• The union power ministry on its part has set up six CERTs for grid operation, thermal, hydropower, electricity distribution, transmission and renewable energy.

Government initiatives to protect critical infrastructure from cyberattacks

• National Critical Information Infrastructure Protection Centre was constituted as the national nodal agency for Critical Information Infrastructure Protection in 2014.
• In addition, the government launched a National Mission on Interdisciplinary Cyber-Physical Systems in 2019. (NM-ICPS).
• The mission has been given a budget of Rs 3,660 crore for a five-year period to enhance Cyber-Physical Systems (CPS).
• In addition, the Bureau of Indian Standards (BIS) has released the Industrial Cybersecurity Standards (IEC62443).
• The goal of this standard was to address and mitigate present and future cybersecurity threats.

Suggestions for protection of critical infrastructure

• The BIS Industrial Cybersecurity Standards must be adopted by the government to improve cybersecurity.
• Aside from that, Ministries and Departments require increased budgetary support for cybersecurity.
• To increase cybersecurity, the government also needs a strong infrastructure, processes, and audit system.
• India needs strict supervision to strengthen the power sector .
• The North American Electric Reliability Critical Infrastructure Protection (NERC) regulation can be used as an example in India.
• The policy might serve as a roadmap for organisations in the electricity industry, assisting them in safeguarding their operational technology (OT) networks.

Conclusion

• So far, India has safeguarded vital networks such as the sensitive Aadhaar ecosystem, essential financial systems, and so on. To fortify it further, India might issue a new cybersecurity policy that addresses broader issues.