Critical information infrastructure of Delhi Power utilities to be declared protected system

New Delhi [India], December 30 : Delhi Lieutenant Governor VK Saxena on Friday approved the notification to declare the Critical Information Infrastructure of Delhi Power utilities and the computer resources of their associated dependencies to be Protected Systems.
"Along with this the person authorized in writing by these Power utilities, to access these 'Protected Systems', will also be notified," an official statement read.
It stated that this will ensure that critical power infrastructure in the City will be protected from any kind of attack or breach. As of years 2020 - 2021, attempts of cyber attacks to disrupt power system operations had been observed by Cyber Security Monitoring Agencies of Govt. of India, where after the Ministry of Power, Govt. of India, wrote to the Chief Secretaries of all States and UTs on March 8, 2021, with directions to take precautionary actions.
"Cyber attackers are increasingly targeting the Power Sector, hence taking preventive measures and mitigating threats to protect the Indian Power System needs special attention of all Power Sector holders, the letter from the Ministry of Power, GoI, underlined," an official statement read.

"Issued in accordance with sub-section (1) of section 70 of the Information Technology Act, 2000, this notification would help put into place an effective system of checks, comprising information security practices and procedures, and access control, that will ensure that the computer resources of the Power utilities - Delhi Transco Ltd., (DTL), State Load Dispatch Centre (SLDC), TATA Power Distribution Ltd. (TPDDL), BSES Rajdhani Power Ltd., (BRPL) and BSES Yamuna Power Ltd., (BYPL), will be secured against incapacitation or destruction," it read.

The computer resources of the above utilities fall in the category of 'Critical Information Infrastructure' (CII), the destruction or incapacitation of which, will have a debilitating impact on National Security, Economy, Public Health or Security, as per an official statement.

"The notification to be issued now will authorize persons specifically identified by these utilities and approved by the Power Department, GNCTD to access protected systems under sub-section (1) of section 70 of the Act. The information security practices and procedures shall be in accordance with, those prescribed by the Central Govt. for such protected systems," it read.

"Any person who secures access or attempts to secure access to these protected computer systems, in contravention of the provisions of the laid down procedures, shall be punished with imprisonment up to 10 years and also be liable for a fine," it read.
The National Critical Information Infrastructure Protection Centre (NCIIPC), Govt. of India, had asked the GNCTD/Power utilities of GNCTD in March, for such identification of CIIs and people who would access them, for notification.

After that, the NCIIPC asked for these CIIs - SCADA, URTDSM and WBES and their associated computer resources to be notified as 'Protected Systems', by GNCTD and also in writing notify, the persons who are authorized to access the notified 'Protected Systems'.