The massive power outage in October 2020 left railways, stock market, hospitals, and a population of 20-million in Mumbai high and dry for several hours. Recently, a New York Times article has alleged the blackout was the result of a planned cyber attack from China. The US cybersecurity firm Recorded Future claimed China-backed group RedEcho targeted India’s power grid.
Recently, Maharashtra Home Minister Anil Deshmukh said an investigation identified 14 Trojan horse programs lurking in the city’s power system.
The cyberattacks came in the wake of the worsening relations between India and China over their disputed border. While these are just early signs, the question on everyone’s mind is: Will it lead to potential cyber warfare between the two countries?
The report by Recorded Future suggested RedEcho had targeted as many as ten entities under India’s power grid and two ports. “RedEcho has been seen to systematically utilise advanced cyber intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure,” said Stuart Solomon, chief operating officer of Recorded Future.
The Centre has said the Indian Computer Emergency Response Team (CERT-IN) had alerted it to a malware called ShadowPad “at some control centres of POSOCO (Power System Operation Corporation Limited),” on November 19. Further, on February 12 National Critical Information Infrastructure Protection Centre (NCIIPC) had issued an alert about RedEcho.
The power ministry also said, “There is no impact on any of the functionalities carried out by POSOCO due to the referred threat. No data breach/data loss has been detected due to these incident. Prompt actions are being taken at all these control centres”.
Nitin Raut, Maharashtra Energy Minister, suggested the cyberattack on the city’s electrical infrastructure was done to disrupt the power supply. He did not name names but said the investigations found malware inserted in power grid systems.
Cyberwarfare is emerging as the next frontier of war. The states target the enemy’s energy sources, electricity grids, health systems, traffic control systems, water supplies, communications and sensors through cyber warfare. For instance, the cybersecurity systems of Ukraine and Iran came under attack recently. The attack on India’s power grid was along similar lines.
Meanwhile, this is not the first time China has targeted India through cyberattacks.
Close on the heels of the Mumbai blackout, Telangana power utilities TS Transco and TS Genco had neutered cyber attacks from China targeting at least 40 electricity substations. Last year, there were reports of Chinese hackers targeting multiple unsuspecting online shoppers during the festive months of October and November. Before that, hackers based in China attempted over 40,000 cyber attacks on India’s Information Technology infrastructure and banking sector. In another report, a Singapore based Cybersecurity Firm named CyFirma warned Indian top ministries of possible cyber attacks by two Chinese hacking groups dubbed Gothic Panda and Stone Panda. Similarly, in 2017, an Indian Air Force Sukhoi 30 fighter aircraft was downed, purportedly, by China through cyber means.
According to a recent National Cyber Power Index report published by Harvard University’s Belfer Center, China ranks second, after the US, in cyber power. “Countries with high levels of both intent and capability for a specific objective are among the highest-ranking countries in the NCPI. These countries both signal in strategies and previously attributed cyber-attacks that they intend to use cyber to achieve policy goals and have the capabilities to achieve them” said the report.
In another report, India was named one of the most cyber-targeted countries globally in 2019, with over 50,000 cyber-attacks from China alone.
China has been strengthening its cyberattack unit since the early 2000s in both defensive and offensive capabilities. The country has focused its attention on changing network data, releasing information bombs, releasing clone information, and establishing network spy stations, among others. Critical Indian infrastructures have especially been their targets.
India Has To Buckle Up
Compared to China’s cyberwarfare capabilities, India has a lot of catching up to do on both offensive and defensive fronts. Experts in the cybersecurity space believe India’s preparedness is almost non-existent, even in defensive measures, let alone offensive.
To develop these capabilities, India needs to invest in infrastructure, funds, cryptography capabilities, developing indigenous tools, and, most importantly, talent. All the talent that exists today is private hackers with little to no capabilities outside the government. China has been preparing its cybersecurity strategy for over two decades, and India is still making baby steps.