Delhi Lieutenant Governor Vinai Kumar Saxena has approved the notification to declare the ‘Critical Information Infrastructure’ of Delhi Power utilities and the computer resources of their associated dependencies, to be ‘Protected Systems’ in view of a potential cyber attack threat to the power system in the national capital.
Along with this the person authorized in writing by these Power utilities, to access these ‘Protected Systems’, will also be notified. This will ensure that critical power infrastructure in the City will be protected from any kind of attack or breach.
In 2020–2021, cyber security monitoring agencies of the Centre had observed some cyber attack attempts aimed at disrupting the power system operations. The Ministry of Power had on March 8, 2021, written to the chief secretaries of all states and UTs for precautionary steps.
Cyber attackers are increasingly targeting the power sector, hence taking preventive measures and mitigating threats to protect the Indian Power System needs the special attention of all power sector holders, the Ministry had then pointed out.
The notification approved by the LG would help put into place certain checks, including information security practices and procedures, and access control.
They will ensure that the computer resources of the power utilities – Delhi Transco Ltd (DTL), State Load Dispatch Centre (SLDC), and discoms – TPDDL, BRPL, and BYPL – will be secured against any incapacitation or destruction, the statement said. The computer resources of these utilities fall in the category of the 'Critical Information Infrastructure,' or CII, the destruction or incapacitation of which, will have a debilitating impact on national security, economy, and public health, it said.
The notification to be issued now will authorise persons specifically identified by these utilities and be approved by the power department of the Delhi government.
Any person who secures access or attempts to secure access to these protected computer systems, in contravention of the provisions of the laid down procedures, will be punished with imprisonment for up to 10 years and also be liable for a fine, it said.
The National Critical Information Infrastructure Protection Centre (NCIIPC) had in March asked the Delhi government and the city's power utilities to identify the CIIs and people who would access them for notification.
Supervisory Control and Data Acquisition (SCADA) system, Unified Real Time Dynamic State Measurement (URTDSM) system, and Web-Based Energy Scheduling (WBES) system were identified as CIIs in June this year.