publive-image

Early last summer a fierce faceoff took place between the Indian and Chinese militaries in the remote Galwan valley of the Ladakh region, leading to causalities on both sides. India then in a pre-emptive move after the clash occupied dominating heights along the LAC in what seemed like an aggressive move to give out a warning to China that misadventures along the LAC is not acceptable and India will not take the change in status quo along LAC lying down and will give it back in the language of aggression that China understands. It was then followed by a visit to the region by the Indian PM Modi where he had subtly warned China.

Just a few months after that in October, the financial capital of India-Mumbai witnessed a power outage across its entire length and breadth. The stock market was not functioning, the lifeline of the city- Local trains came to a sudden halt with passengers stranded, Hospitals that were battling the Chinese virus had to switch on to an emergency source of energies and a panic-like atmosphere was created. Unconfirmed reports suggested a foreign hand ( with malwares found in a Palghar based energy production facility ) but the Indian government denied the same and said that there was a technical failure in the grid.

But the worst fears are being proven to be true, after exporting the coronavirus China seems to have exported another one in the digital domain. A US-based cybersecurity company- Recorded Future has published a report which says that China had been targeting Indian power infrastructure last year using at least 12 malwares to coerce India to soften its stand in the LAC faceoff and to press India not to go too hard on the same issue. The said malwares were infecting the control systems of a coal-based power plant and a high voltage substation in India which was part of a broader cyber attack campaign against India by China.

The report further stated that most of the malwares was infiltrated inside the strategic power production and distribution plants but were never activated. Also, it stated that as the company does not have the required access to the plants it could not get the source code but has notified the concerned authorities but in vain as no further reply was received from the Indian authorities.

The same report was published in the New York Times on Sunday stating that a study by Recorded Future, a US internet security firm, found Chinese malware "was flowing into the control systems that manage electric supply across India, along with a high-voltage transmission substation and a coal-fired power plant. " Recorded future is a US-based cybersecurity company that monitors state-based cyber activities and attacks.

Recorded Future pointed out that a Chinese state-sponsored group, which it referred to as Red Echo, "has been seen to systematically utilize advanced cyber intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure".

While Recorded Future noted that a link between the Mumbai outage and malware "remains unsubstantiated," the study noted “additional evidence suggested the coordinated targeting of the Indian load dispatch centers,” which balance the electrical demands across regions of the country, according to The New York Times.

According to the report, a steep rise in the use of infrastructure called AXIOMATICASYMPTOTE, which encompasses Shadow Pad command and control (C2) servers was seen since mid-2020. Four of the five regional dispatch centers (where power balancing of the grid occurs) and two seaports were targeted by malwares. But most of them remained inactivated which itself is a cause of concern as they can be used as strategic tools in case of heightened bilateral tension

The 12 organizations that fell victim to the cyber attack by Red Echo included Power System Operation Corporation Limited, NTPC Limited, NTPC’s Kudgi power plant, Western Regional Load Dispatch Centre, Southern Regional Load Dispatch Centre, North Eastern Regional Load Dispatch Centre, Eastern Regional Load Dispatch Centre, Telangana State Load Dispatch Centre, Delhi State Load Dispatch Centre, the DTL Tikri Kalan (Mundka) sub-station of Delhi Transco Ltd, VO Chidambaranar Port and Mumbai Port Trust.

There were also unconfirmed reports that the two vaccine manufacturing centers in India- SII & Bharat Biotech were being targeted by Chinese state-backed hackers

Lt. General D.S. Hooda, the Indian Army officer who oversaw the 2016 surgical strike across the Line of Control, interpreted the possibility of the Chinese cyber-attack as "signaling" by Beijing.

"I think the signaling is being done (by China) that we can and we have the capability to do this in times of a crisis… It’s like sending a warning to India that this capability exists with us," Hooda was quoted as saying by The New York Times.

The Chinese government denied the same calling it “unsubstantiated, irresponsible and ill-timed “ and suggested that such reports are being published to derail the talks that are currently ongoing between India & China. "China is a staunch upholder of cybersecurity. We firmly oppose and fight any kind of cyber-attacks," stated an official statement from the Chinese foreign ministry.

Military experts in India have renewed calls for the government of Prime Minister Narendra Modi to replace the Chinese-made hardware for India’s power sector and its critical rail system. Indian government authorities have said a review is underway of India’s information technology contracts, including with Chinese companies. But the reality is that ripping out existing infrastructure is expensive and difficult.

Yashasvi Yadav, a police official in charge of Maharashtra’s cyber-intelligence unit, said authorities found “suspicious activity” that suggested the intervention of a state actor. Nitin Raut, a state government minister quoted in local reports in November blaming sabotage for the Mumbai outage, did not respond to questions about the blackout. The Central government is mum about this issue.

Cyberwarfare the new future ?

Cyberattacks that have seen an increase in their use in recent times are seen less devastating than Nuclear or other conventional attacks but bring about a heavy psychological and strategic edge over enemies. Russia was a pioneer in using this technique when it turned the power off twice in Ukraine several years ago.

India and China both have a large nuclear arsenal capable of mutually assured destruction. In recent times both countries have used cyberwarfare against each other. Indian state-backed hackers were caught using coronavirus-themed phishing emails to target Chinese organizations in Wuhan last February. There were also reports of China trying to infiltrate and place malwares in Indian strategic systems to be used and activated in case of heightened tensions.

Until recent years, China’s focus had been on information theft. But Beijing has been increasingly active in placing code into infrastructure systems, knowing that when it is discovered, the fear of an attack can be as powerful a tool as an attack itself.