NEW DELHI :
India’s power sector is facing cyberattacks, with at least 30 events reported daily, said people aware of the development on condition of anonymity.
A majority of the attacks originate from China, Singapore, Russia and the Commonwealth of Independent States (CIS) countries. As such, there are growing concerns that the country’s power infrastructure could be the next target of terrorists looking to cripple India’s economy.
Some high- profile cyberattacks include the November 2017 malware attack on THDC Ltd’s Tehri dam in Uttarakhand, the May 2017 ransomware attack on West Bengal State Electricity Distribution Co. Ltd (WBSEDCL), the February 2018 attack on a Rajasthan discom website, and the March 2018 attack on Haryana discoms in which the commercial billing software of the highest paying industrial customers was hacked, according to information reviewed by Mint. The National Critical Information Infrastructure Protection Centre also reported several vulnerabilities in the power utilities of states in May 2018.
Ransomware typically logs users out of their own systems and asks them to pay a ransom if they want to access the encrypted data.
India faced massive power transmission failures in July 2012, which left around 700 million people without electricity.
“Tehri’s computer was attached to the power grid’s computer. The threat was eliminated as there was an air gap. If the attack was successful it could have even opened the doors of the dam," said a senior government official.
The issue has assumed greater importance as the country now has an integrated national power grid, with south India joining the national electricity grid in January 2014.
“The hackers even demanded ransom from WBSEDCL, but it was refused. Both West Bengal and Haryana discarded the old systems and put in place a new system. Beyond these, there has been no reported incident of cyberattack on the Indian power sector. There are attacks everyday, but people don’t report. The maximum number of attacks happen on the energy utility sector," said the official quoted above.
There are five regional grids in India—northern, southern, eastern, north-eastern, and western. A grid collapse is the worst-case scenario for any transmission utility. When this happens, states that draw power from a particular network go without electricity.
“The grid at the 132 kv (kilovolts) level that is managed by the states is pretty insecure. Grids between 220 kv and 765 kv are safe," the official said.
“The attacks come from everywhere. A majority of the attacks come from China, Singapore, Russia, and the CIS countries," he said.
The Intelligence Bureau had warned the government in 2009 that substations and regional load despatch centres, both key components of power network, could be targeted.
Substations play a critical role in the generation, transmission, and distribution of power. The Indian Computer Emergency Response Team (CERT-In) coordinates efforts on cybersecurity issues and is tasked with responding to cyberattacks, the National Technical Research Organisation is the elite technical intelligence agency.
“These types of problems keep on happening and CERT-In keeps on issuing advisories. Application of safeguards is a 24x7 affair. It is an evolving technology. As and when new problem areas surface, new remedial measures are taken in the affected sectors," said a spokesperson of the ministry of electronics and information technology.
Queries emailed to the spokespersons of ministries of home affairs and power, besides THDC, WBSEDCL, Haryana discom, and PGCIL remained unanswered till press time.
Shaswati Das contributed to this story.