Present days critical infrastructures are connected
to information and communication technology (ICT) for portability,
convenience and remote control purposes. Although this process brings
many advantages yet this usage of ICT for critical infrastructures
also exposes them for potential cyber attacks.
According to the Cyber
Security Trends of India 2015 by Perry4Law
Organisation (P4LO), Critical
Infrastructure Protection in India (PDF) would be required in the
year 2015 as India has launched projects like Digital
India and Internet
of Things (IoT) (PDF). Indian Government needs to work hard in
this regard as cyber
security challenges in India are very daunting in nature.
The cyber
security challenges before the Narendra Modi government are more
demanding than its predecessor government due to heavy reliance upon
ICT and technology. However, India is not yet prepared to deal with
the same. We at Centre
of Excellence for Cyber Security Research and Development in India
(CECSRDI) believe that Modi government must urgently formulate
the Cyber Security Policy of India 2015 as the previous policy is
just a paper work with no actual benefits.
Now here lies the real problem. Formulation of a
techno
legal framework and robust cyber security policy of India 2015
require tremendous techno legal acumen. Further, the actual
implementation of the proposed 2015 policy would be even more
difficult. This may be the reason that Modi government is shy in
bringing any change in the otherwise outdated and redundant 2013
cyber security policy of India. Nevertheless, a call has to be made
in this regard and immediate action is need of the hour.
It is not the case the Modi government has not taken
pro cyber security initiatives in India. Firstly, Modi government has
appointed
Dr. Gulshan Rai as the first chief information security officer
(CISO) of India. Secondly, Narendra Modi has suggested
to Nasscom that a task force be set up to solve the growing cyber
security menace in India. According to Nasscom the taskforce would be
constituted within a period of one month. Now it has been reported
that the Grid Security Expert System (GSES) of India has been
proposed to be developed by Powergrid.
GSES would involve installation of knowledge based
Supervisory Control and Data Acquisition (SCADA) system, numerical
relays and Remote Terminal units upto 132 kV stations and the
reliable Optical fibre Ground wire (OPGW) communication system at an
estimated cost of around Rupees 1200 crores. The objective of the
GSES is implementation of the Automatic Defense mechanism to
facilitate reliable and secure grid operation.
CECSRDI welcomes this move of Indian government. We
have been advocating that a robust cyber
crisis management plan of India is need of the hour. A crisis
management plan for preventing cyber attacks on the power utilities
in India has also been suggested by CECSRDI. We have also
suggested that crisis
management plan of India for cyber attacks and cyber terrorism is
required. Power
grids cyber security in India and its challenges are not much
known as on date but awareness about the same is fast increasing. The
present decision of Indian government to establish GSES is an example
of the same.
It has also been stated that the Computer Emergency
Response Team-India (CERT-IN), Department of Information Technology,
Ministry of Communication and Information Technology, Government of
India has prepared a Crisis Management Plan (CMP) for countering
cyber attacks and cyber terrorism. The CMP intends to prevent large
scale disruption in the functioning of critical information systems
of Government, public and private sector resources and services. A
framework has also been outlined for dealing with cyber related
incidents for rapid identification, swift response and remedial
actions to mitigate and recover from cyber related incidents
impacting critical national processes.
In December 2010, Ministry of Power had constituted
CERTs (Computer Emergency Response Teams) for power sector. At
CECSRDI we welcome establishment of these dedicated CERTs as they can
manage cyber security issues in a better manner. For instance,
CERT-Thermal (nodal agency- National Thermal Power Corporation
(NTPC)), CERT-Hydro (nodal agency- National Hydroelectric Power
Corporation (NHPC)) and CERT-Transmission (nodal agency- Power Grid
Corporation of India Limited (PGCIL) can take necessary action to
prevent cyber attacks in their domains. The State Power Utilities
have also been advised to prepare their own sectorial Crisis
Management Plan (CMP) and align themselves with the Nodal Agencies
i.e. NTPC, NHPC & PGCIL and CERT-In for the necessary actions.
Cyber
security of automated power grids of India is need of the hour.
It is only after a massive
power blackout in 2012 that Indian government has woken up to the
dangers of cyber
attacks against Indian power sector. Based on the recommendations
of the Enquiry Committee, constituted by Ministry of Power to enquire
into the causes of the grid collapse of 2012, several measures like
third party protection audit, review of Unscheduled Interchange
mechanism, review of Central Electricity Authority transmission
planning criterion, tightening of frequency band, coordinated
planning of outages, development of islanding schemes, proper
maintenance of under frequency relays etc. have been taken by the
Government to prevent grid failures. We welcome these pro active
efforts on the part of Indian government.
However, it would be really interesting to observe
what actual steps would be taken by Modi government to strengthen
Indian cyber security. Till now Modi government has not come out with
even a single cyber security related policy decision or initiative.
These policy decisions and projects, with their own merits and
demerits, are the legacy of Congress government. What Modi government
would do in this regard is yet to be seen. We wish all the best to
Modi government in the field of cyber security and other related
projects.
Source: Global
Techno Legal News And Views.