Amid an increasing number of Cyber attacks, Cyber terrorism, and data leaks across the country, the Centre has prepared a comprehensive Cyber Crisis Management Plan (CCMP) exclusively for the power distribution sector which is the most critical link in the electricity market. This sector interfaces with the end customers and provides revenue for the entire value chain. The CCMP includes the framework for identification of various critical information infrastructure, cyber incident response coordination, and steps to be taken for its mitigation.
The Union Ministry of Power's move comes at a time when India has witnessed more than 27,000 cyber security threat incidents in the first half of 2017. Reported threats include phishing attacks, website intrusions, and defacements or damages to data as well as ransomware attacks.
CCMP envisages a layered security approach to strengthen cyber security posture of distribution sector. This will provide a redundancy in the system with respect to cyber security.
The power ministry officer told DNA, "Cyber threats to systems can take many forms such as failure of a system/element to act/react in designed way due to virus, software bugs, intrusion, and congestion in the underlying/supervising system. Dependence of normal system operation on ICT, so much so that, operators/ power system personnel are not aware of and not well versed in alternate method to control/operate the system.'' He informed that the impact of cyber attack on the Supervisory Control and Data Acquisition (SCADA) and distribution management system can lead to disruption of services to critical customers like hospitals and metros.
According to CCMP, the distribution utilities can build cyber resilience to anticipate and withstand cyber attacks as well as build the capability to contain, recover, and evolve to improved capabilities from any disruptive impact of such cyber attacks.
He explained that an attack on Smart meters and Smart appliances may lead to commercial loss apart from breach of privacy to individual consumers at distribution level.
Furthermore, distribution utilities are expected to conduct cyber security mock drills periodically to assess their preparedness and resilience in dealing with cyber crisis. '' Cyber security drill is a confidence building and learning exercise based on simulated cyber security incident scenarios that resemble occurrence of a cyber security crisis. A proper record of the mock drills should be available with the distribution companies,'' the officer informed.
IMPROVEMENT
According to CCMP, the distribution utilities can build cyber resilience to anticipate and withstand cyber attacks as well as build the capability to contain, recover, and evolve to improved capabilities.