China hackers did not penetrate grids: Govt
No data breach was detected because of attacks, says power ministry
PremiumRed Echo, a hacker group affiliated with the Chinese government, repeatedly targeted the control rooms that manage India’s critical power grids in a massive campaign that could have caused widespread blackouts.
The Chinese hackers, however, failed to break into the systems, and no data breach was detected because of the attacks, India’s power ministry said on Monday in response to a story published in The New York Times that linked last year’s grid failure in Mumbai to the Chinese cyberattacks.
The US newspaper reported on Sunday that the blackouts in Mumbai on 12 October were linked to attacks carried out by Red Echo, a shadowy state-backed hacker group. The power outage in Mumbai disrupted emergency services, brokerages and halted local trains, considered the lifeline of India’s financial capital.
The NYT report cited US cybersecurity firm Recorded Future, which claimed the cyberattacks may have been in retaliation against the military clash in Galwan Valley in June.
In a press conference on Monday, Recorded Future said it can’t prove a link between the cyberattack and the power outage.
“Unverified reporting has suggested that malware may have been involved, but we can’t substantiate that. I believe the actual despatch centre that was involved in that outage was the Maharashtra state load dispatch centre, which is not found in our datasets tied to this campaign, nor in our visibility into axyomaticasymptote infrastructure," said Jonathan Condra, senior manager for strategic and persistent threats at Recorded Future.
The power outage in Mumbai lasted from 2 to 15 hours, depending on the locality. It was caused by a series of failures that started with the western grid and ended with the city’s famed islanding network tripping.
If indeed the Chinese attackers were able to penetrate the Indian grid, it raises concerns about the ability of India’s power utilities to withstand sophisticated cyberattacks by state actors. Crippling the power infrastructure could cause lasting damage to India’s economy.
State-run Power System Operation Corp. Ltd (Posoco) oversees India’s critical electricity load management functions through the National Load Despatch Centre (NLDC), Regional Load Despatch Centres (RLDCs) and State Load Despatch Centres (SLDCs). Other than the NLDC, there are 33 SLDCs and five RLDCs—for the five regional grids that form the national grid.
The National Critical Information Infrastructure Protection Centre (NCIIPC), which oversees India’s cybersecurity operations in critical sectors, sounded an alert on 12 February about Red Echo.
“Chinese state-sponsored threat actor group known as Red Echo is targeting Indian power sector’s RLDCs along with SLDCs," an NCIIPC email said according to a power ministry statement.
“There is no impact on any of the functionalities carried out by Posoco due to the referred threat. No data breach/data loss has been detected due to these incidents," the statement added.
Mukesh Khullar, a member of Maharashtra Electricity Regulatory Commission (MERC) and the state’s former energy secretary, also disputed the alleged link between Mumbai’s power cuts and the Chinese cyberattack, calling it “a bit far-fetched."
“We don’t have an interconnected system, there are physical barriers (in the power infrastructure), and if there is a conspiracy to create a disturbance, it has to be done physically," Khullar said. “Two conductors snapped (that day), and one of those was tripped by hand."
“MERC has set up this committee and deliberated for three months on what caused the outage. We will formally publish the report soon, and an order will be passed by the commission. We are looking at the redundancies in the power islanding system and why it failed," added Khullar.
This warning from NCIIPC was preceded by an alert from the Indian Computer Emergency Response Team (CERT-In) on 19 November 2020 that coordinates efforts on cybersecurity issues, on the threat of a malware called Shadow Pad at some control centres of Posoco.
According to the Recorded Future report, Red Echo conducted suspected network intrusions targeting at least four out of the five RLDCs and two SLDCs.
“Shillong-based North Eastern Regional Load Despatch Centre (NERLDC), SLDC Telangana and Delhi Transco Ltd were among those that were targeted. However, after looking into their system logs, they have denied it," said a senior Union government official, requesting anonymity.
While spokespeople for NERLDC and SLDC Telangana couldn’t be contacted, a Delhi Transco Ltd spokesperson didn’t respond to Mint’s query.
Utpal Bhaskar in New Delhi contributed to the story.
"Exciting news! Mint is now on WhatsApp Channels 🚀 Subscribe today by clicking the link and stay updated with the latest financial insights!" Click here!
