India has stepped up the security of its national power grid as heightened tensions with Pakistan revive memories of cyberattacks in recent years, three people aware of the development said.
The power ministry has tightened security protocols at the load despatch centres which manage the demand and supply of power. The goal is to repel potential cyber and physical attacks that could bring down the grid, a calamity for any transmission utility.
“The National Load Despatch Centre (NLDC) and other regional and state load despatch centres are highly secure and safe. However, the security of these load despatch centres is usually enhanced in the light of the national security situation,” one of the three people said on the condition of anonymity.
Also read: Major discovery likely from blocks offered in OALP rounds, says OIL CMD
The load despatch system has three levels, with the NLDC serving as the nerve centre. Below it are five regional load despatch centres (RLDCs) that supervise the five regional grids that form the national grid. Lower down are 33 state load dispatch centres (SLDCs) that manage power for the states and Union territories.
Queries sent to the ministries of power and home affairs and the Grid Controller of India, which operates NLDC and supervises the operations of regional load despatch centres, remained unanswered.
A second person said both cyber and physical security at all load despatch centres are being monitored.
The security concerns stem from high-profile cyberattacks on India’s power sector in recent years. These attacks caused outages in Mumbai in 2020, Kudankulam Nuclear Power Plant in 2019, THDC India Ltd’s Tehri dam in 2017, West Bengal State Electricity Distribution Co. Ltd in 2017, and at Rajasthan and Haryana discoms in 2018. The National Critical Information Infrastructure Protection Centre (NCIIPC), which oversees India’s cybersecurity operations in critical sectors, has also earlier reported several vulnerabilities in states’ power utilities.
Also read: Gensol’s West Asia operations look to separate from parent
Security concerns grew after a 2021 cyberattack on the northern grid, allegedly by Chinese hackers. In April 2022, erstwhile Union power minister R.K. Singh said three attacks were carried out on the power grid in strategically located Ladakh since December 2021, but the hackers did not succeed because safeguards were in place to thwart such intrusions.
“There have been continuous attacks on the Indian critical information infrastructure and this would continue,” said Pavan Duggal, advocate at the Supreme Court and an expert in cyber and artificial intelligence (AI) laws. “With the coming in of AI, a new vector of attacks and cyberthreats have opened up. The power grid is a critical infrastructure and recently, we saw the grid outage in Spain leading to halt across sectors including internet and aviation. India can be prone to such a threat. In 2024, the world witnessed an economic loss of around $8 trillion due to cyber attacks and a large part of it was from India. The projected loss for 2025 is about $10.5 trillion and India again may contribute a large share,” Duggal cautioned.
He added that there is a need for a futuristic, holistic and inclusive legal framework for the protection of critical information and India should also look at repelling and countering such attacks, besides building cyber resilience.
Also read: BHEL’s revenue grows 19% in FY25 on power sector demand
“More than physical security, cybersecurity has more significance as a cyberattack may halt the whole system,” said Alok Kumar, former power secretary. “A physical impact on a transmission line can be mitigated as the grid has alternate routes for power supply and security including the process of islanding. In the past few years, the government has taken several steps to ensure cyber security including the creation of the position of cyber security officers in concerned organizations and setting up a dedicated computer emergency response team for the power sector which institutionalizes cyber security aspect in grid management,” he said.
In August last year, the government had outlined measures taken to ensure cybersecurity of the power grid. The Computer Security Incident Response Team Power (CSIRT—Power) was established in April 2023 exclusively for the power sector. Additionally, sectoral Computer Emergency Response Teams (CERTs) have been setup for thermal, hydro, transmission, distribution, grid operation and renewable energy sectors.
Outlining the steps, junior power minister for power Shripad Yesso Naik said the Grid Controller of India has established a security operation centre (SOC) to monitor security events and incidents across the NLDC and RLDCs. An SOC has also been set up at Power Grid Corp. of India Ltd for 24×7 monitoring of critical assets.
As of March 2024, 30 out of the 33 SLDCs managing the grid operations had conducted vulnerability assessment and penetration testing cybersecurity audits in the past five years, he added.
