In what may ring alarm bells in the Central government, cyber intelligence firm Recorded Future has identified seven state load dispatch centres (SLDC) located in north India as having faced cyber attacks from China-linked adversaries in the recent months. The bulk of the activity is likely to have occurred between February 17 and March 22. "What is more, these attacks are in geographic proximity to the disputed India-China border [Ladakh]," said Recorded Future, in its report published on Wednesday.
What becomes a bigger concern is that the attacks were likely intended to gather information surrounding critical infrastructure systems, or is pre-positional for future activity, said the report accessed by THE WEEK. SLDCs are responsible for carrying out real-time operations for grid control and electricity dispatch within the respective states.
"Despite partial troop disengagement between India and China in February 2021, the prolonged targeting of Indian critical infrastructure continues to raise concern over pre-positioning activity being conducted by Chinese adversaries," it said.
When contacted, Lt Gen Rajesh Pant, cybersecurity coordinator in the Prime Minister's Office (PMO), said the unfolding of the recent global events (hybrid war between Ukraine and Russia) has demonstrated the need for a robust cyber security strategy at the national level to build indigenous cyber defence capabilities. "India is taking all steps to protect itself from threat actors active in the cyber space," he told THE WEEK. He added that the need of the hour is indigenous capability development, along with international collaboration with strategic partners for sharing threat intelligence to protect the critical infrastructure.
In hybrid wars, as seen in Ukraine for the first time, dismantling of power and telecommunication in the target country becomes a key entry point for inimical forces before a military invasion takes place. All future wars will have a cyber component, and India needs to prepare for the future, said another senior government official.
The latest cyber activity displays targeting capabilities consistent with previous activities linked with the attack group RedEcho, but there are also some distinct features this time as "cluster" activity is noticed.
In addition to targeting Indian power grid assets, the firm has also identified the compromise of a national emergency response system, and the Indian subsidiary of a multinational logistics company. The government is yet to confirm or deny reports of this security compromise, but there is no denying that a threat exists.
According to the report, analysed by THE WEEK, India’s power grid organisations have been facing continuous targeting by Chinese state-sponsored groups in the last 18 months. While the allegations have strongly been denied by the Chinese government more than once, the latest reports once again draw attention to the vulnerability of India’s critical infrastructure, and the need for to have a cyber strategy at the national level to keep such threats at bay.
So far, Indian CERT has also been dismissing claims of any “successful" cyber attacks targeting the power grid in Mumbai, or impacting any of the power dispatch centres in northern India. The Union power ministry had also denied that the Mumbai power outage last year was caused by a cyber attack. But, the attempts are continuing, according to cyber experts.
This has resulted in CERT-IN instituting new mechanisms in the last few months to sensitise the power sector, dispatch and transmission centres, and other critical infrastructure like telecom to bolster their capacity to identify and thwart cyber intrusions.
Recorded Future, meanwhile, said the prolonged targeting of Indian power grid assets by Chinese state-linked groups offers limited economic espionage or traditional intelligence opportunities. But, the indication that it is part of a “long-term strategic priority” for China-sponsored threat actors is a concern that cannot be easily dismissed.
“The objective of intrusions may be to gather increased understanding into the complex systems in order to facilitate capability development for future use, or gaining sufficient access across the system in preparation for future contingency operations,” warned the report.
In February 2021, Recorded Future highlighted the compromise of 10 Indian power sector organisations, four out of the five regional load dispatch centres, two ports and other operational assets.
