On 12 October 2020, Mumbai was brought to its knees by an unprecedented power blackout that disrupted suburban railways and emergency services, and forced thousands of remote-working bankers, stock traders and technology professionals in India’s financial capital to go offline. A report released by a US-based cybersecurity group Recorded Future today said the power outage could possibly be linked to a Chinese cyberattack on India’s power distribution systems.
Recorded Future believes that although “the targeting of Indian critical infrastructure offers limited economic espionage opportunities, we assess they pose significant concerns over potential pre-positioning of network access to support Chinese strategic objectives”.
Also Read | Assam shakes up the micro loans universe
The firm said that this “pre-positioning on energy assets” may support several potential outcomes, including geostrategic signaling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation. The firm believes the attack, by a Chinese threat activity group RedEcho, was state-sponsored retaliation for skirmishes at the China-India border, culminating in the Galwan Valley clashes.
According to the Recorded Future report, RedEcho conducted suspected network intrusions targeting at least four out of India’s five Regional Load Despatch Centres (RLDCs), alongside two State Load Despatch Centres (SLDCs).
The load despatch centres are responsible for ensuring real-time integrated operation of India’s power grid through balancing electricity supply and demand to maintain a stable grid frequency. “Additionally, local media reporting previously linked an October 2020 power outage in Mumbai to the identification of malware at a Padgha-based State Load Despatch Centre. At this time, the alleged link between the outage and the discovery of the unspecified malware variant remains unsubstantiated. However, this disclosure provides additional evidence suggesting the coordinated targeting of Indian Load Despatch centres.”
However, officials in Maharashtra have disputed the possibility of the Mumbai blackout being caused by a cyber attack. Mint reported on 13 October that according to the Maharashtra State Electricity Transmission Co, which operates four 400kV (kilo-volt) transmission lines fetching power to Mumbai, the blackout was because of pending maintenance work at substations and a mismatch between power demand and supply, which caused key transmission lines to trip.