By Sunil Singhvi, President, Indian Electrical and Electronics Manufacturers’ Association
The electrical sector is the backbone of India’s economy, enabling growth across industries and ensuring the well-being of over a billion people. With increasing reliance on smart grids, digital substations, real-time energy monitoring, and interconnected infrastructure, the sector is transitioning into an intelligent ecosystem. With this transition and rapid digitalisation, the sector faces unprecedented cybersecurity challenges. During the recent India-Pakistan conflict, the Union Minister of Power and Housing and Urban Affairs informed that there have been two lakh cyber-attacks targeting the power sector in India.
A complex and expanding threat landscape
As India continues to expand its power capacity and improve efficiency through digital infrastructure, the sector becomes a prime target for cyberattacks. What makes the power sector uniquely vulnerable is the convergence of legacy infrastructure with new digital systems. SCADA systems, smart meters, and substation automation devices were not originally designed with cyber threats in mind. While these technologies enable efficiency and reliability, they also expand the attack surface:
- 40 per cent of global critical infrastructure cyberattacks target energy systems, making it the most vulnerable sector.
- India reported a 278 per cent increase in cyber incidents affecting the power sector between 2018 and 2022, according to Indian Computer Emergency Response Team (CERT-In).
- Supply chain vulnerabilities are growing: 68 per cent of Indian utilities rely on imported hardware/software, often with limited security vetting.
- Decentralised end points: Over 250 million smart meters planned under revamped distribution sector scheme will increase potential attack vectors if not secured at design stage.
Globally, incidents like the 2015 Ukraine grid attack (225,000 customers affected) underscore how energy systems are prime targets. India must act decisively to avoid similar events. What exacerbates the risk is the lack of skilled cyber professionals trained specifically in operational technology. India’s utilities need a new cadre of cyber professionals who understand the nuances of both power engineering and digital security.
A grid under siege
India’s power grid is increasingly exposed to persistent and complex cyber threats. As per Seqrite and Quick Heal Technologies report, over 15,000 instances of malware were detected within the power sector, affecting more than two thousand endpoints. This translates to an average of seven malware detections per endpoint, highlighting the growing focus of cyber attackers on critical electrical infrastructure. A wide range of threat actors – including state-sponsored groups and organised criminal networks are actively seeking vulnerabilities in power generation, transmission, and distribution systems. The deployment of smart meters and other Internet of Things devices across the country further expands the attack surface. With millions of connected devices in use, cyber attackers have more entry points to exploit, including consumer-level endpoints.
Experts also highlight a shift in cyberattack strategies from targeting the grid directly to focusing on its supply chains. For instance, a cyberattack on a major coal supplier could significantly disrupt thermal power plant operations, which often have limited fuel reserves. Such an attack could result in large-scale power outages, even without breaching the main grid’s digital defenses. This approach demonstrates a more indirect but potentially more damaging method of causing electrical disruption.
Key priorities for strengthening cybersecurity in the electrical sector
To address growing cyber threats, India’s electrical sector must adopt a unified and strategic approach.
- Create a single nodal cyber security authority: Right now, cyber security in the energy sector is handled by multiple agencies, which often leads to confusion and gaps in protection. India needs a dedicated energy sector cyber security agency empowered to set standards, conduct audits, and enforce penalties threats.
- Strengthen end device immunity: Smart devices like meters and controllers must integrate secure boot, encryption, tamper detection, and over-the-air patching. Requiring mandatory Indian certification for these devices will help reduce hidden vulnerabilities and ensure safer operations.
- Regular testing and red-teaming: Utilities should undertake quarterly penetration tests and annual red team drills to regularly assess and strengthen their cyber defenses. National cyber drills must simulate real-world adversary tactics.
- Zero-trust operating practices: Traditional perimeter defences are inadequate. A zero-trust approach using network segmentation, multi-factor authentication, and constant monitoring ensures that no one is trusted by default, strengthening overall security.
- Supply chain security and vendor vetting: Procurement contracts should require secure software development, vulnerability reporting, and patch delivery.
- Human factor and capacity building: Withover 80 per cent of cyber breaches globally involve human error, utilities must invest in regular cyber hygiene training for staff. Establishing dedicated security operations centres is also essential for continuous monitoring and quick response to threats.
Enhancing cybersecurity in India’s power sector: A national priority
In response to the growing cyber threats facing the power sector, the Indian government has taken significant steps to strengthen its cybersecurity framework RecogniSing the critical nature of electrical infrastructure, it has established a robust institutional structure led by the National Critical Information Infrastructure Protection Centre and the CERT-In. These agencies play a central role in coordinating cybersecurity initiatives across sectors, with a particular focus on critical infrastructure such as the power grid. In line with this, CERT-In issued directives in 2022 mandating the reporting of cyber incidents within six hours, retention of logs for 180 days, and timely vulnerability disclosure, reinforcing a proactive cybersecurity posture.
To address the unique challenges of the electrical ecosystem, the government launched the Computer Security Incident Response Team–Power in 2024. This specialiSed entity functions as a dedicated cyber response unit for the power sector and works in close coordination with sector-specific CERTs for thermal, hydro, transmission, and distribution systems. Together, they provide targeted support and incident response capabilities for power-related cyber events, acting as a national-level command structure for securing grid operations.
On the regulatory front, the Central Electricity Authority (CEA) has also taken proactive measures. The CEA’s Cyber Security in Power Sector Guidelines issued in 2021 and further strengthened through draft regulations introduced in 2024 mandate stricter compliance requirements for all power sector participants. These include the appointment of a Chief Information Security Officer for every utility, mandatory vulnerability assessments and penetration testing of grid components, and procurement of hardware and software only from trusted and approved sources. These efforts aim to reduce the risk of cyberattacks, particularly those stemming from compromised supply chains, and to establish a unified and secure cyber posture across generation, transmission, and distribution networks. Additionally, the Digital Personal Data Protection Act 2023 strengthens data privacy, indirectly pushing utilities to enhance protection of consumer information.
The road ahead: Collaboration and accountability
Shifting from risk to readiness requires continuous improvement in responsiveness and the use of advanced technologies. Strong public-private collaboration is essential to ensure the timely sharing of threat intelligence. Cybersecurity in the electrical sector cannot be the responsibility of utilities alone. A multi-stakeholder framework is essential:
- Government: Establish a single nodal authority, mandate stricter audits, and incentivise research and development.
- Industry bodies: Develop sector-specific cyber maturity models and awareness campaigns.
- Manufacturers: Certify every device and software update for security.
- Consumers: Demand transparency regarding data protection and reliability measures.
Cyber threats will only become more sophisticated as India’s grid grows more connected. By aligning regulation, technology, and operational practices, the sector can transition from reactive defence to proactive resilience. As India aspires to be a $5 trillion economy and global manufacturing hub, securing the electrical sector is non-negotiable. Cybersecurity must be treated with the same priority as physical safety and reliability. Only then can we ensure the lights stay on – securely and sustainably.
