Cyber Security Of Automated Power Grids Of India

Power sector reforms in India are in the pipeline. Among many suggested measures, some of them pertain to use of automated systems through IT intervention for sustained collection of accurate baseline data and automation of some electricity functions. The idea is good but is not free from problems like lack of expertise and inadequate cyber security in India.

Malware like Stuxnet and Duqu have already proved that critical infrastructures like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to sophisticated cyber attacks.

In the Indian context, the critical infrastructure protection of India is not in good shape. There is neither an implementable cyber security policy of India nor there is any critical ICT infrastructure protection policy of India.

In these circumstances, use of automated power grids in India should be undertaken only after making cyber security of India robust, reliable and effective. For instance, the supervisory control and data acquisition (SCADA) systems are used world over for managing automated water utilities and power grids. However, successful cyber attacks against these SCADA systems have result in great loss and productivity of these utilities.

SCADA may be the new cyber attack priority for cyber criminals and rouge nations. We must ensure sufficient cyber protection of SCADA systems in India in general and critical infrastructure in particular.

Consider a real life situation in India. The Restructured Accelerated Power Development and Reform Programme (R-APDRP) of UT electricity department will soon be implemented as the Joint Electricity Regulatory Commission ( JERC) has accorded its approval to the department for availing the funds from the central government through the Power Finance Corporation (PFC). These funds will be used towards the implementation of Part-A of R-APDRP scheme for creation of reliable and automated systems with IT intervention for sustained collection of accurate baseline data.

R-APDRP will have projects which would be undertaken in two parts – part A and part B. Part-A includes the projects for establishment of baseline data and IT applications for energy accounting/auditing and setting up IT based consumer service centres. Part-B shall include regular distribution strengthening projects. Part-A also covers SCADA implementation which facilitates centralised control of power supply position in Chandigarh. PFC has been appointed as a nodal agency for this Central Government funded scheme.

If cyber security aspects of automated electricity grids in India are taken care of, this e-governance drive would prove very useful and productive for power sector of India. We hope Indian government would consider all these aspects for the larger interest of power industry of India.