Audit Reveals Over 270 Power Grid Substations Missing ‘Next-Generation’ Firewalls Amid Escalating Cyber Threats

The reviewed documents revealing that more than 270 substations operated by the state-run Power Grid Corporation of India Ltd, all commissioned before the official cybersecurity guidelines were introduced in late 2021, currently lack next-generation firewalls. These advanced firewalls, equipped with intrusion detection and prevention systems, are crucial for protecting India’s critical power infrastructure from escalating cyber threats. The estimated cost to install such firewalls across 273 substations is around Rs 119 crore. However, Power Grid has informed the government that accommodating this expenditure under its existing operations and maintenance (O&M) budget is difficult due to stringent regulatory limits.

The issue is scheduled for discussion at the National Power Committee (NPC) meeting in Shillong on May 16, 2025. Members will deliberate on mechanisms to book or recover the installation costs and consider a broader national roadmap for firewall implementation across the country’s transmission infrastructure. The absence of next-generation firewalls at substations poses significant cybersecurity risks, especially in the context of simmering geopolitical tensions with Pakistan and the evolving threats from both state and non-state actors.

Next-generation firewalls go beyond traditional firewalls by integrating intrusion detection and prevention capabilities that monitor, detect, and block malicious network traffic in real time. During an April 2024 meeting, Power Grid disclosed to top officials that no firewalls are installed at over 270 substations commissioned before the Central Electricity Authority (CEA) issued cybersecurity guidelines in October 2021. A subsequent NPC meeting in December 2024 highlighted that firewalls are missing not only at POWERGRID substations but also at those of other Transmission Service Providers (TSPs), compromising perimeter security.

A Power Grid representative further explained that no firewalls are installed at POWERGRID stations for any data communication directed towards Regional Load Dispatch Centres (RLDCs), and these installations are also necessary to secure the Inter-State Transmission System (ISTS) communication network. The company told the CEA in April 2025 that bearing the Rs 119 crore firewall installation cost under current O&M norms could adversely affect its financial health. The Power Grid warned that such expenditure is difficult to accommodate and could impact commercial performance metrics.

In the April 2024 meeting, India’s top grid operator noted that cyberattacks targeting the power sector have grown in frequency and intensity. Systems lacking adequate security at their perimeters are vulnerable to compromise, and potential lateral movements within the network could affect larger systems, posing a grave risk to national infrastructure.

While firewalls are widely recognized as essential access control tools against hackers, they are not foolproof. The CEA noted in documents that firewalls can be misconfigured or fail to detect insider threats and connections from trusted sites, making firewall-only solutions insufficient to guarantee comprehensive cybersecurity.

To strengthen the sector’s cybersecurity posture, the Union Power Minister Manohar Lal inaugurated the Computer Security Incident Response Team for the power sector (CSIRT-Power) in September 2024. The CSIRT-Power is responsible for detecting threats, enabling rapid responses, improving resilience across the power sector, promoting best practices, conducting training, and facilitating collaboration.

At the inauguration, the minister emphasized that today’s cyber threats are unprecedented and more severe than before, with the power sector being a prime target due to its critical role in national infrastructure. Earlier, in April 2022, then Union Power Minister RK Singh disclosed that Chinese hackers attempted to target electricity distribution centers near Ladakh twice but failed, adding that India had already strengthened its defense systems to counter such cyberattacks.

In summary, the Power Grid faces a critical cybersecurity gap with over 270 substations lacking next-generation firewalls, posing risks to India’s power infrastructure. The financial challenge of installing advanced firewalls is significant under current budgetary constraints, prompting high-level discussions on cost recovery and national cybersecurity strategy. While firewalls are key defenses, they must be supplemented by broader security measures like CSIRT-Power to protect against increasingly frequent and sophisticated cyberattacks targeting the nation’s vital power systems.