The central government has mandated that only “trusted source” IT and telecom equipment—such as routers, switches, and related gear—can be procured for transmission grids and distribution systems from January 2026. Power officials say the move aims to shield critical infrastructure against cyber threats, especially in the aftermath of Operation Sindoor’s digital warfare test.
Following a wave of cyberattacks linked to Operation Sindoor, which targeted India’s critical infrastructure last month, the Ministry of Power has moved swiftly to secure the energy grid. In a memorandum dated 5 June, power officials directed all state utilities, distribution firms, and sector regulators to procure new IT equipment exclusively via the Trusted Telecom Portal, developed by the National Security Council Secretariat. The portal already vets telecom and internet providers, approving only vendors from trusted sources.
The move mirrors existing cybersecurity protocols in the telecom sector, under the National Security Directive on Telecommunications introduced in 2021. Ministry insiders emphasised that the mandate targets only new equipment post-1 January 2026—legacy systems under current maintenance contracts are unaffected. A coordination cell will work with designated officers from state utilities to ensure compliance, liaising on clearances and seamless rollout .
Cybersecurity experts support the initiative, noting a growing trend of hybrid warfare. During Operation Sindoor, Pakistani-based APTs and hacktivist groups reportedly launched DDoS, phishing, and malware attacks across multiple sectors, including telecom, banking, and notably energy. Experts warn that future attacks may aim to disrupt coal supply chains feeding thermal plants a vulnerability that bypasses standard grid defences strengthening supply chain security is thus now a strategic priority for the power ministry, drawing parallels with telecom’s successful vetting system.
The Trusted Telecom Portal conducts rigorous vetting, with over ten ministries reviewing candidates for trusted status. Its framework has earned praise for enhancing national security by blocking insecure foreign vendors In extending this model to the power sector, government officials say they will deploy the same due diligence, risk assessment, and clearance mechanisms—followed by telecom entities since 2021 .
Recognising the scale of the initiative, the ministry has allowed existing AMCs and software upgrades to continue uninterrupted. New procurements, however, must be pre-cleared via the portal. Power Ministry insiders confirm that a dedicated inter-ministerial coordination cell is already active and will guide all stakeholders until full compliance is achieved. The goal is a cyber-secure procurement system synchronised across states by early next year .
A senior government source confirmed that cyber incidents targeting the national grid intensified during the Pahalgam counterterror operation and Operation Sindoor. “We thwarted multiple intrusion attempts aimed at transmission nodes and distribution systems,” the official said, stressing that supply chain attacks represent a rising risk vector. The new mandate is thus a critical pillar in India’s broader cybersecurity overhaul of critical infrastructure.
Also Read: Arunachal CM Unveils Rs 2000 Cr Power Upgrade
Centre Mandates Trusted IT for Power Security
