Chapter- 8
CYBER SECURITY ASPECTS
8.1 With regard to cyber security, the Committee examined the apprehension that grid disturbances on 30th and 31st July 2012 could have been initiated by cyber attack. In addition the Committee also examined following aspects-
a) Status of IT intervention in the operation of Power Sector
b) Measures taken by various stakeholders to counter any possible cyber attack in their system
c) Communication facilities available between various stake holders
8.2 Field Visit
8.2.1 To assess the situation, visit to NRLDC, 400 kV sub-station of POWERGRID at Agra and Rihand Super Thermal Power Station was undertaken to examine the present automation & communication arrangements at the Power Sub stations & Thermal Power Plants.
8.2.2 During the visit to the 400 kV Grid Sub-station at Agra, it was observed that the switching for operation is independent of computer networking. The commands are issued locally to carry out switching operations at the sub stations and there is no automated system of event recording on a continuous basis. Similarly, in the case of generating plants, as observed during the visit, each unit has its own control and is no way connected with the outside network and the performance logging of the station data is recorded & archived for each generating unit separately.
8.2.3 During the visit to NRLDC and 400 KV sub station, it has been observed that there are no dedicated telecom facilities available between various control centres, and generating stations. If NRDLC observes any abnormality in the operation in the grid, they inform the same to the concerned SLDC/ Station either through public telephone or on leased line network. Since public telephone network may not be reliable in many cases specially in remote/ rural areas and more so in case of grid disturbance and total power failure like the present one, there is an urgent need to provide dedicated network for this purpose. It has also been observed that there may be errors/ loss of data received from remote (RTUs) at the data center and there may be failure of data coming from a station in case of power breakdown because of UPS not working properly or batteries being weak.
8.3 Discussion & findings
8.3.1 The matter was discussed with the representatives of POWERGRID, NTPC, NHPC and POSCO. The issue of cyber security was examined in detail to ensure that adequate mechanism is available with all the stakeholders to prevent any attack on the systems.
8.3.2 It was pointed out during the discussion that the Cyber attacks can be perpetrated from any side either by outsiders or by insiders and may have far–reaching and detrimental effects on power systems controls, that could lead to the destabilization of the supply capabilities of energy sector and may have a cascading effect on the national security /economy. Cyber security vulnerabilities in generation sector are localized and its impact can shut down one unit or plant. The affect of vulnerabilities in centralized systems e.g. SCADA etc used in transmission sector is wide and may have potential impact on the synchronous operation of entire Power System leading to Grid collapse. As far as distribution sector is concerned, where bulk of automation are visible, the impact of cyber attack on centralized SCADA /DMS can lead to disruption of services to critical customers like hospitals, metro etc. which is critical for the units involved but at the same time not global and widespread.
8.3.3 It was informed to all the stakeholders that CERT-In (Indian Computer Emergency Response Teams), Department of Information Technology, Ministry of Communication and Information Technology, Government of India has prepared a Crisis Management Plan (CMP) for countering cyber attacks and cyber terrorism for preventing the large scale disruption in the functioning of critical information systems of Government, Public and Private sector resources and services. Ministry of Power has also constituted CERT-Thermal, CERT-Hydro and CERT-Transmission with nodal agencies as NTPC, NHPC and POWERGRID respectively, to take necessary action to prevent cyber attacks on the Utilities under their jurisdiction.
8.3.4 The Committee in course of meeting with stakeholders, reviewed existence of appropriate security policies and procedures as envisaged in the Crisis Management Plan prepared and circulated by CERT- India. In course of discussion, it emerged that no abnormal cyber event was observed by the stakeholders prior to and during grid disturbances on both occasions. The matter was also discussed with the officers of CERT-In to asses the present arrangement and preparedness of the stack holders to avoid any cyber attack on their system.
8.3.5 After going through the records, discussion & field visits, it is observed that the operation of grid is primarily manual and operations are done locally except in case of few 400 kV S/Ss which are controlled from remote locations through dedicated networks. At present there is no wide area network at grid control level and there is no communication with power utilities using public domain. The Committee is of the opinion that that Grid Disturbance could NOT have been caused by a cyber attack.
8.4 Suggestions
8.4.1 During the discussions and according to the feed back provided by the stakeholders it emerged that Power Sector stack holders have taken adequate steps to prevent the cyber attack on their system and also have dedicated organisational polices in this regard.
8.4.2 The existing communication network should be maintained properly. RTUs and communication equipments should have uninterrupted power supply with proper battery back up so that in case of total power failure, supervisory commands & control channels do not fail.
8.4.3 Regular cyber vulnerability test/mock drills/cyber audit/and other measures as per the crisis management plan of CERT- In should be carried out regularly by all the stakeholders.
8.4.4 A cyber audit specifically to detect malware targeting Industrial Control Systems (ICS) should be conducted at critical plants and sub-stations after any abnormal event.
8.4.5 A dedicated team of IT Personnel for cyber security in all the Power Stations and Sub-stations should be developed and proper training for the team members should also be conducted regularly by the respective organizations to upgrade their skills.
8.4.6 Mitigation strategies for countering physical attacks have to be drawn by all the power utilities.
8.4.7 Regulatory framework should be created for cyber security in the power sector.
8.4.8 An Office/ Body of Cyber Security Auditors should be created within Power Sector.
8.4.9 Vendors for cyber security systems should be developed as per International / National standards.
8.4.10 For smooth operation of grid systems, it is absolutely important that all the power generating and distributing stations are connected on a very reliable telecom network.
i) A proper network may be built up preferably using MPLS (Multi Protocol Label Switching) which is simple, cost effective and reliable. In remote place where connectivity is a problem, the stations can use dedicated fibre cable from the nearest node
ii) Since POWERGRID has its own fibre optic cables, practically covering all major nodes and power stations, a proper communication/IT network may be built using dedicated fibres to avoid any cyber attack on the power system.
