Welcome to the Cyber Security Department at Kerala State Electricity Board Limited (KSEBL), where safeguarding our power system infrastructure against cyber threats is our utmost priority. We operate in accordance with the directives of the Ministry of Power, NCIIPC (National Critical Information Infrastructure Protection Centre), sectoral CERTs (Computer Emergency Response Teams), and Cyber Security Guidelines issued by the Ministry of Power.
Our Core Initiatives:
1. Chief Information Security Officer (CISO):
- The Chief Engineer (IT, CR & CAPs) is designated as the CISO of KSEBL.
- An alternate CISO is designated to ensure continuous coordination of cyber security activities.
- Sectoral Information Security Officers (ISOs) are appointed to facilitate specialized expertise.
2. Cyber Swachta Kendras (CSK):
- KSEBL is an active participant in CSK, the Botnet Cleaning and Malware Analysis Centre.
- We collaborate with industry and academia to identify and assist users with infected systems.
- Alerts and vulnerabilities reported by CSK are monitored and addressed promptly.
3. Compliance with CERT-IN & NCIIPC Advisories:
- We closely monitor advisories received from CERT-IN (Indian Computer Emergency Response Team) and NCIIPC.
- Swift actions are taken to rectify reported issues, and Vulnerability Closure Reports are submitted to CERT-IN.
4. Cyber Crisis Management Plan (CCMP):
- CCMP documents are prepared and vetted by respective CERTs and CERT-In.
- Approval is sought for the implementation of CCMP.
- Various wings of KSEBL are in different stages of CCMP development and implementation.
5. Identification of Critical Information Infrastructure (CII):
- Draft CII documents are submitted to NCIIPC for review.
- Necessary modifications are being made based on feedback received.
- The identification of CII is in progress.
6. ISMS (ISO 27001) Implementation:
- Tender processes are underway to appoint a Cyber Security Consultant.
- The consultant will conduct security audits, develop cyber security policies, and provide compliance audit support.
- ISO 27001:2013 Certification Support is part of this initiative.
7. Cyber Security Audit / VAPT:
- Vulnerability Assessment & Penetration Testing (VAPT) is conducted every six months on IT/OT systems.
- VAPT has been completed in various sections, including State Load Dispatch Centre, SCADA/DMS systems, and generating stations.
8. IT Security Policy Implementation:
- An interim IT Security Policy is being drafted with inputs from KSEBL's ISOs.
9. Cyber Mock Drills:
- KSEBL actively participates in mock drills conducted by sectoral CERTs and CERT-In.
- These drills help us assess our readiness to respond to cyber incidents effectively.
E-File (DDFS) Implementation:
- To streamline digital file processing, we are configuring and implementing an off-the-shelf product across KSEBL offices.
Data Centre and Data Recovery Centre:
- We manage the Data Centre at Vydyuthibhavanam, Thiruvananthapuram, and the Disaster Recovery Centre at Infopark, Cherthala.
- These facilities are maintained by M/s KEPCO KDN, ensuring reliable and secure operations.
IT/Network Infrastructure:
- Our headquarters' IT/network infrastructure includes advanced components like Core network Switches, distribution switches, desktops/laptops, network printers, wireless access points, and more.
- We provide comprehensive end-user support for hardware, software, applications, networks, and email.
Other Activities:
- Management of KSEBL's official e-mail system (kseb.in).
- Support for e-tendering processes.
- Deployment of a Video Conferencing System.
- Specification finalization for IT equipment, computers, and peripherals.
- Support for camera surveillance at various locations.
At KSEBL's Cyber Security Department, we are committed to ensuring the highest levels of protection for our power system infrastructure. Our proactive approach and continuous efforts make KSEBL resilient against evolving cyber threats, ensuring a reliable power supply for our valued customers.