Cyber Security

Overview

As JUSNL moves toward a more digitally integrated power transmission network, the convergence of Information Technology (IT) and Operational Technology (OT) brings increased exposure to cyber threats. In alignment with National and State directives, JUSNL is committed to safeguarding the State’s critical power infrastructure from unauthorized access, disruption, and cyber-sabotage.

1. Mandatory Regulatory Guidelines

All employees, contractors, and vendors associated with JUSNL are strictly required to comply with the following statutory frameworks:

Central Electricity Authority (CEA): Adherence to the CEA (Cyber Security in Power Sector) Regulations, 2025. This includes mandatory logical and physical isolation between IT and OT systems and the use of "Trusted Sources" for ICT equipment.

Link: CEA Cyber Security Regulations

NCIIPC: As a critical sector, JUSNL follows the National Critical Information Infrastructure Protection Centre (NCIIPC) guidelines for the protection of "Protected Systems" under Section 70 of the IT Act.

Link: NCIIPC Guidelines

CERT-In: Compliance with the latest Cyber Security Directions issued by the Indian Computer Emergency Response Team (CERT-In) regarding log retention and mandatory incident reporting.

Link: CERT-In Rules & Regulations

MeitY: Adherence to the Information Security Practices for Government Employees (Do’s and Don’ts for password management, official email usage, and removable media).

Link: MeitY Cyber Security Policies

2. Reporting a Cyber Incident

If you observe any suspicious activity—such as unauthorized login attempts, system slowdowns, or suspicious emails—you must report it immediately to the following:

Email:  gmcs.jusnl@gmail.com (GM – Cyber Security),

  itjusnl@gmail.com (GM – IT, CISO, JUSNL)

What to include in your report:

Date and time of discovery:

Type of incident: (e.g., Phishing, Malware, Unauthorized Access).

Affected systems:  (e.g., specific PC, Server, or Gateway).

Brief description of the anomaly observed:

3. Cyber Security Protocol: Essential Do’s and Don’ts for JUSNL Staff

Protecting our power infrastructure starts with individual vigilance. Below are the mandatory practices aligned with CEA and MeitY standards.

✅  The Do’s (Best Practices)

Use Strong Passwords: Create passphrases that are at least 12 characters long, including numbers, symbols, and mixed cases. Change them every 90 days.

Lock Before You Walk: Always lock your workstation (Win + L) whenever you leave your desk, even for a minute.

Verify the Sender: Before clicking links or downloading attachments, double-check the sender's email address for slight misspellings or anomalies.

Keep IT/OT Separate: Only use designated systems for internet browsing. Never connect an internet-facing laptop to the Substation Automation System (SAS) or SCADA network.

❌ The Don’ts (Prohibited Actions)

No Unauthorized USBs: Never plug in personal pen drives, mobile phones for charging, or external hard disks into JUSNL computers.

Don't Share Credentials: Never share your login ID or password with colleagues, vendors, or over the phone—even if they claim to be from "Technical Support."

Avoid Public Wi-Fi: Do not access JUSNL internal portals or official emails using public/unsecured Wi-Fi networks (e.g., airports, cafes). Use a secure VPN.

No Pirated Software: Do not install any unauthorized software, browser extensions, or "cracked" version of tools on your office machine.

Don't Ignore Updates: Never skip or "postpone" security patches or antivirus updates. These are your first line of defence against known exploits.