The increased threat of cyber attacks on India's energy system has pushed the government to consider forming a specialized computer security incident response team (CSIRT) to stop any attempt to cripple the country's vital energy infrastructure.

The group, which would include educated professionals as well as private sector area experts, will be placed under India's apex energy sector planning body, the Central Electrical Energy Authority (CEA), the sources listed above said on condition of anonymity. The officers could be hired through the Union Public Service Commission's Mixed Engineering Companies Examination.

The move comes amid increased geopolitical tensions, as well as China's attempts to target India's critical infrastructure, such as power grids and transportation systems, with malware attacks.

The Indian Computer Emergency Response Team (CERT-In) collaborates with the Nationwide Crucial Information Infrastructure Security Centre (NCIIPC) to oversee India's cybersecurity operations in critical industries.

On its part, the union energy ministry has set up six CERTs in the areas of grid operation, thermal, hydropower, electrical energy distribution, transmission, and renewable energy. There is also a National Cyber Coordination Centre in India (NCCC).

Cyberattacks have been detected in four of India's five regional centres that handle critical electrical energy load management functions. State-run Nuclear Energy Corp. of India Ltd's Kudankulam Nuclear Energy Plant, THDC Ltd's Tehri dam, West Bengal State Electrical Energy Distribution Co. Ltd, and Rajasthan and Haryana discoms are among the high-profile cyberattacks on India's energy industry. The National Cybersecurity and Infrastructure Protection Center (NCIIPC) has identified a variety of vulnerabilities in several state energy utilities.

The grid is managed by the state-run Energy System Operation Corp (Posoco), which has a Nationwide Load Dispatch Centre, five Regional Load Despatch Centres, and 34 state load despatch centres. Word on the street is that the grid is under constant attack, with at least 30 daily events. The majority come from overseas areas such as China, Singapore, Russia, and the Commonwealth of Independent States (CIS).