Need to develop cyber security framework to address security needs of power sector: CEA Report
Smart power grid systems in India are vulnerable to deadly virus Wannacry Ransomware. It has been learnt that aftermath of the Ransomware virus attack last year, Central Electricity Authority (CEA) has advised an urgent need to develop a cyber security framework to resolve the security issues in the power sector, according to Indian Express report. Notably, on December 23, 2015 hackers had successfully attacked information systems of three prominent power distribution companies in Ukraine. It had disrupted the electricity supply to approximately 2,50,000 Ukranians. A similar small-scale attack had occurred in Ukraine’s capital, Kiev in December 2016. It had led to a power outage for about an hour.
After that the Wannacry ransomware attack in May 2017 had affected computers and systems in 150 countries, including India. Following that the Ministry of Power had tasked the CEA – the apex policy advisory body in the electricity sector – with constituting a committee to discuss various issues including cyber security issues in the power sector. The CEA submitted its report on July 19, 2017.
A smart grid is a power network used to supply electricity to consumers via two-way digital communication, which is more vulnerable to cyber attacks. “Unfortunately, sophisticated cyber attacks on advanced metering infrastructures (smart grids) are a clear and present danger. The most devastating scenario involves a computer worm that traverses advanced metering infrastructures and permanently disables millions of smart meters,” said a study.
“Though India in past few years has developed technical standards for evaluating cyber security/ cyber-attacks, there is a perceived lack of security built into the smart grid systems. Further, the mechanism for information sharing on cyber security incidents need to be developed. Given the vulnerabilities in the operations of the power system devices, including present practices followed, developing a multiple-threat intrusion detection system is the need of the hour,” stated the CEA report, titled ‘Cyber Security in Power System’.
“Cyber and physical security threats pose a significant and growing challenge to electric utilities. Unlike traditional threats to electric grid reliability, such as extreme weather, cyber threats are less predictable and therefore more difficult to anticipate and address. This calls for an urgent need to develop a cyber security framework and regulatory response to address the specific security needs of the power sector in India,” the CEA’s report stated.
