This comes in the backdrop of growing concerns that the country’s power infrastructure could be the next target for crippling India’s economy, given the increased state of hostilities in the Indian subcontinent
New Delhi: The National Critical Information Infrastructure Protection Centre (NCIIPC), which oversees India’ cybersecurity operations in critical sectors, had sounded an alert on 12 February about a Chinese state-sponsored threat actor group known as Red Echo targeting regional load dispatch centres (RLDCs) and state load dispatch centres (SLDCs), the union power ministry said on Monday.
This comes in the backdrop of growing concerns that the country’s power infrastructure could be the next target for crippling India’s economy, given the increased state of hostilities in the Indian subcontinent. This also comes at a time of India involved in the process of disengagement with China, post the border clashes.
State-run Power System Operation Corp Ltd (Posoco) oversees India’s critical electricity load management functions, through the National Load Despatch Centre (NLDC), RLDCs and SLDCs—-drawing comparisons with an air traffic controller. The country has 33 SLDCs, five RLDCs—for the five regional grids that form the national grid—and one NLDC.
A New York Times report citing a study from Somerville headquartered Recorded Future stated that the border clashes with China and the Mumbai power outage “may well have been connected."
Mumbai practically came to a standstill around 10 am on 12 October by the blackout. The outage that lasted from 2 to 15 hours depending on the locality was caused by a cascade of failures that started with the western grid and ended with the city’s famed islanding network also tripping.
“There is no impact on any of the functionalities carried out by POSOCO due to the referred threat. No data breach/ data loss has been detected due to these incidents," the statement said.
This sounding of alarm from NCIIPC was preceded by an alert from the Indian Computer Emergency Response Team (CERT-In) that coordinates efforts on cybersecurity issues, on the threat of a malware called Shadow Pad at some control centres of Posoco.
“NCIIPC informed through a mail dated 12th February 2021 about the threat by Red Echo through a malware called Shadow Pad," the statement said.
“Chinese state-sponsored threat Actor group known as Red Echo is targeting Indian Power sector's Regional Load Dispatch Centres (RLDCs) along with State Load Dispatch Centres (SLDCs)," the NCIIPC’ email stated.
India’s power sector is facing cyberattacks, with at least 30 events recorded daily, as reported by Mint earlier. A majority of the attacks originate from China, Singapore, Russia and the Commonwealth of Independent States (CIS) countries.
“A report from Insikt talks about the imminent threat from the Red Echo group based in China," the power ministry statement said and added, “The IPs mentioned in Red Echo related advisory are matching with those given in Shadow pad Incidents already informed by CERT-in in the month of November,2020."
While military disengagement has taken place between the two countries at one friction point in Ladakh, a mutually acceptable solution on the remaining issues of dispute is being sought.
“The IPs mentioned in Red Echo related advisory are matching with those given in Shadow pad Incidents already informed by CERT-in in the month of November, 2020," the power ministry statement said.
Some high-profile cyberattacks on India' power sector include the ones at state-run Nuclear Power Corp. of India Ltd’s (NPCIL) Kudankulam Nuclear Power Plant (KKNPP), THDC Ltd’s Tehri dam, West Bengal State Electricity Distribution Co. Ltd, and at Rajasthan and Haryana discoms.
The National Critical Information Infrastructure Protection Centre has also reported several vulnerabilities in the power utilities of the states.
“All IPs and domains listed in NCIIPC mail have been blocked in the firewall at all control centres," the statement said and added, “Log of firewall is being monitored for any connection attempt towards the listed IPs and domains."
This comes in the backdrop of India facing massive power transmission failures in July 2012, which left around 700 million people without electricity.