Jan-2023
SCADA & URTDSM: Govt Takes Steps to Boost Cyber Health of Power Infra after AIIMS Server Hack
After major healthcare establishments in India became the target of cybercriminals, the Ministry of Power has informed in a recent notification about the installation of crucial systems for power infrastructures that will aid in monitoring and determining any issues so that better measures can be implemented.
The ministry said: “Supervisory control and data acquisition (SCADA) and Unified Real Time Dynamic State Measurement (URTDSM) system installed at National Load Despatch Center (NLDC), Northern Region Load Despatch Centre (NRLDC), North Eastern Region Load Despatch Center (NERLDC), Eastern Region Load Despatch Center (ERLDC), Western Region Load Despatch Centre (WRLDC) and Southern Region Load Despatch Center(SRLDC).”
“SCADA system of Renewable Energy Management Centre (REMC) installed at NLDC, NRLDC, WRLDC and SRLDC. [And] Web Based Energy Scheduling System at NLDC, NRLDC, NERLDC, ERLDC, WRLDC, and SRLDC,” said the notification published in the Official Gazette.
Additionally, the notification stated that “in exercise of powers conferred by sub-section (1) of section 70 of the IT Act, 2000 (21 of 2000), the Central Government hereby declares the SCADA and URTDSM system being Critical Information Infrastructure of System Load Despatch Centre, Bhakra Beas Management Board, Chandigarh and the computer resources of their associated dependencies to be Protected Systems for the purpose of the said Act”.
Like healthcare organisations, power grids are becoming cybercriminals’ favourite places to break in. Many experts have advised that power grid operators must use more communication infrastructure to monitor and manage their grid due to rising volatility in power transmission and distribution. It was also said that a larger attack surface is produced for bad actors as a result of increased communication.
For example, earlier this year it was reported that a hacking group with ties to China targeted at least seven Indian state load despatch centres (SLDCs), along with an Indian branch of a multinational logistics company. However, according to reports, these attempts were not successful.
Manish Mimani, founder & CEO of Protectt.ai, told News18: “The pertinent scenario with legacy infrastructure is that many times it is observed that the tendency is to prolong technical debt-related considerations which eventually leads to continued use of outdated technologies. It is for this reason that utility services providers have been found to be under constant threat from malicious actors.”
“The proposed use of SCADA will enable constant monitoring and identification of vulnerable points so that service providers can take appropriate measures. The move will lead to shifting in mindset and approach from being reactive to one of proactiveness,” he noted.
Here it should be understood that SCADA is a software and hardware system that enables industrial organisations to control industrial processes locally or remotely; monitor, gather, and process real-time data; directly interact with devices such as sensors, valves, pumps, motors, and more via human-machine interface software; and record events into a log file.
URTDSM system is composed of PMUs, which is a device that measures a quantity called a phasor that tells the magnitude and phase angle for voltage or current at a specific location on a power line.
Piyush Somani, MD and Chairman, ESDS Software Solutions Limited, stated that the latest decision by the government “is highly welcomed” as after the online payments and top private banks data being named as highly confidential and Critical Information Infrastructure, now most of the power grids data and network has been categorised as Critical Information Infrastructure.
“We the members of the Cloud Computing Innovation Council of India (CCICI) were anticipating this and we had also sensitised MeitY on how important it is to keep certain foreign companies away from the supply of infra and software to our energy sector. We are glad that this change will help with further indigenization in the Energy sector,” he noted.
Meanwhile, Vinod Nair, Global VP of Sales and General Manager at Noventiq India, said that there have been numerous cyberattacks across multiple countries and businesses, which has proved that anyone could be targeted, regardless of their size, location, or type of institution.
However, while citing the AIIMS cyberattack he said that “for the first time, people had witnessed the chaos that ensued when a fraudster from another country hacked the server of one India’s major institutions”.
So he suggested that there are some additional options that critical organisations can also consider. It includes eliminating multiple layers of security or hybrid systems—including standalone or manual systems—to protect the data and training the employees to protect the organisation.
