Delhi Lieutenant Governor VK Saxena approved the notification to declare the ‘Critical Information Infrastructure’ of Delhi Power utilities and the computer resources of their associated dependencies, to be ‘Protected Systems’. Along with this the person authorized in writing by these Power utilities, to access these ‘Protected Systems’, will also be notified.
This will ensure that critical power infrastructure in the City will be protected from any kind of attack or breach. As of years 2020 – 2021, attempts of cyber attacks to disrupt power system operation had been observed by Cyber Security Monitoring Agencies of Govt. of India, where after the Ministry of Power, Govt. of India, wrote to the Chief Secretaries of all States and UTs on 08.03.2021, with directions to take precautionary actions. Cyber attackers are increasingly targeting the Power Sector, hence taking preventive measures and mitigating threats to protect the Indian Power System needs the special attention of all Power Sector holders, the letter from the Ministry of Power, GoI, underlined.
Issued in accordance with sub-section (1) of section 70 of the Information Technology Act, 2000, this notification would help put into place an effective system of checks, comprising information security practices and procedures, and access control, that will ensure that the computer resources of the Power utilities – Delhi Transco Ltd., (DTL), State Load Dispatch Centre (SLDC), TATA Power Distribution Ltd. (TPDDL), BSES Rajdhani Power Ltd., (BRPL) and BSES Yamuna Power Ltd., (BYPL), will be secured against incapacitation or destruction.
The computer resources of the above utilities fall in the category of ‘Critical Information Infrastructure’ (CII), the destruction or incapacitation of which, will have a debilitating impact on National Security, Economy, Public Health or Security.
The notification to be issued now will authorize persons specifically identified by these utilities and approved by the Power Department, GNCTD to access protected systems under sub-section (1) of section 70 of the Act. The information security practices and procedures shall be in accordance with, those prescribed by the Central Govt. for such protected systems.
Any person who secures access or attempts to secure access to these protected computer systems, in contravention of the provisions of the laid down procedures, shall be punished with imprisonment up to 10 years and also be liable for a fine.
The National Critical Information Infrastructure Protection Centre (NCIIPC), Govt. of India, had asked the GNCTD/Power utilities of GNCTD in March, for such identification of CIIs and people who would access them, for notification. Thereafter, following several rounds of correspondence and several meetings between Delhi SLDC, DTL and DISCOMS, in June this year, the following were identified as CIIs,
Supervisory Control and Data Acquisition (SCADA), system.
- Unified Real Time Dynamic State Measurement (URTDSM), system
- Web Based Energy Scheduling (WBES), system.
Thereafter, the NCIIPC asked for these CIIs – SCADA, URTDSM and WBES and their associated computer resources to be notified as ‘Protected Systems’, by GNCTD and also in writing notify, the persons who are authorized to access the notified ‘Protected Systems’.
The above-mentioned CIIs and the persons authorized to access them, as identified by the Power utilities, will now be notified, with LG having approved the same.
