The Power Ministry has expanded its cybersecurity architecture for India’s electricity sector, unveiling new institutional mechanisms, upgraded audit cycles and research initiatives to protect critical infrastructure from rising digital threats. A dedicated POWERGRID Centre of Excellence in Cybersecurity has been set up at the Indian Institute of Science (IISc), Bengaluru, to drive advanced research and development in cyber protection for power grid operations and transmission networks.
The Central Electricity Authority (CEA) has already issued its Cyber Security in Power Sector Guidelines, 2021, which form the bedrock of a sector-wide cyber assurance framework and create a strengthened governance structure for all power utilities. These guidelines are now set to be supplemented by the Draft Central Electricity Authority (Cyber Security in Power Sector) Regulations, 2025, which are in the final stages of approval and will lay down a more detailed cybersecurity compliance framework.
In an effort to create real-time institutional response capabilities, the Ministry of Power established the Computer Security Incident Response Team – Power (CSIRT-Power) at CEA on 5 April 2023 as an extended arm of CERT-In. CSIRT-Power assists utilities in detecting, responding to and managing cyber incidents while also supporting long-term preparedness measures. Beyond this central team, the ministry has also constituted six sub-sectoral CERTs for Thermal, Hydro, Transmission, Grid Operation, Renewable Energy and Distribution segments. Each of these sector-specific response teams has been tasked with preparing a model Cyber Crisis Management Plan to enable coordinated, swift mitigation efforts during cyber-attacks.
The ministry also highlighted state-level advances, noting that Gujarat Energy Transmission Corporation Limited (GETCO) has implemented a full-spectrum cybersecurity framework, which includes tighter access controls, endpoint protection, reduced system exposure, secure encrypted communication channels and next-generation firewalls positioned between Remote Control Centres and the State Load Despatch Centre. These measures are supported by updated antivirus deployments across operational networks.
Despite escalating global concerns around cyber intrusions targeting critical infrastructure, no successful cyber-attacks or security breaches have been reported in the operational systems of the National Load Despatch Centre during the past five years. Officials attribute this clean record to continuous audits and upgrades mandated by CEA’s 2021 guidelines. These audits are conducted by third-party cybersecurity firms empanelled by CERT-In and include both Information Technology (IT) and Operational Technology (OT) systems. Over the past five years, the National Load Despatch Centre underwent nine IT infrastructure assessments and five Operational Technology assessments, with periodic audits continuing in the current year.
The audit schedule shows a structured cycle: in FY 2025–26, IT systems were assessed in September 2025 and SCADA systems in June 2025. In FY 2024–25, IT audits were conducted in April 2024 and January 2025, while SCADA systems underwent assessment in June 2024. Earlier years followed a similar dual-cycle pattern, with IT audits in August 2023 and March 2024 for FY 2023–24 and SCADA checks in May 2023; IT audits in July 2022 and January 2023 for FY 2022–23 with SCADA reviewed in September 2022; and IT audits in August 2021 and February 2022 during FY 2021–22 when the SCADA system was under upgradation.
A comparable audit regime is in place for all State Load Despatch Centres across India, covering IT and OT assets such as Supervisory Control and Data Acquisition (SCADA) and the Unified Real-Time Dynamic State Measurement system. These recurring evaluations, authorities said, form the backbone of India’s cyber resilience strategy in the power sector as the grid becomes increasingly digital and interconnected.
