Powered by
Sponsored by

After Ladakh cyber attack, India needs to prepare for future threats. A cyber expert explains

China had launched "probing cyber attacks" on the power grid in Ladakh

nandakishore-harikumar Technisanct CEO Nandakishore Harikumar

Addressing a press conference on Tuesday, IAF Chief Air Marshal V.R. Chaudhary said that it is imperative to re-imagine, reform, redesign and rebuild our traditional war-fighting machinery amid a new emerging paradigm. “As the world becomes more interconnected, a cyber attack on our networks can cripple command and control systems,” he said.

This statement comes after China launched "probing cyber attacks" on the power grid in strategically-located Ladakh. The hacking group reportedly used the trojan ShadowPad, which is believed to have been developed by contractors for China's ministry of state security, leading to the conclusion that it was a state-sponsored hacking effort.

Chaudhary said: “In the next war, the enemy might not be a country or an organisation, we may never know the perpetrators. Future warfare will be hybrid—from computer viruses to ultrasonic missiles. Attacks can range from military standoff to information blackouts”.

So, how exactly can we quantify the cyber threats that India is facing? Nandakishore Harikumar, the founder and CEO of cyber security start-up Technisanct, headquartered in Bengaluru, called for a consolidated effort to build out strategies on multiple levels. Technisanct conducts Digital Risk Monitoring and Risk Posturing using AI, and specialises in research in the fields of deep and darkweb. Technisanct has conducted responsible disclosures of data breaches related to organisations like Malindo Airways and Tamil Nadu Public distribution systems.

“These kind of attacks [like what happened in Ladakh] have been continuously happening, fully focused on supply chains," he said. "Take an example. Air India had reported a breach recently, where Chinese hackers attacked a vendor [and pilfered data]. They [the hackers] like to disrupt supply chain, coordinating through multiple networks. It is not just about one vulnerability—Chinese hackers are known to be adept at exploiting a lot of the zero day vulnerabilities that keeps popping up."

So, who are the people actually conducting the cyberattacks? “It is easy to identify that they originate from a Chinese network, but other details are not fully known. They operate very secretively. They are known for continuous attacks on logistics infrastructure, and their way of operation is highly targeted, industry-focused and sector-specific. That is how they work. This pattern is highly visible in the Ladakh incident.”

How can India prevent such intrusions from the Chinese? "It is not just about the Chinese. If you look at cyber warfare advancements over the past two-three years, there is a huge industry that is developing in parallel. Look at what happened in Ukraine. Russian hackers were attacking basic Ukraine infrastructure; the media industry was attacked, so that there would be huge misinformation. We will see a huge shift—before countries move their weapons to the border [for traditional warfare], cyber attacks will happen. They cannot be countered by the UN, or be listed in sanctions. Specifically, when it comes to India, we do not even have a data protection bill. We know how our cybersecurity ops work [with organisations like NCIIPC and CERT]. There should be consolidated effort to build out strategies, and we have to go for technological advancements.”

Harikumar highlighted that China has been continuously targeting us along different vectors. “If you look into the phishing campaigns targeting Indians, or the highly circulating loan apps, they can always be traced back to Chinese infrastructure like Alibaba cloud. It is not just one aspect. The Chinese prepare with 360 degree counterattacks, and full capabilities, and India has to step up and be prepared in a 360 degree manner,” he said.

What could have the Chinese aimed for with the Ladakh hack? “It could have resulted in huge power failures, but that didn't happen. Ransomware attacks could have happened. The national level infrastructure was prepared on the front. Now, imagine a situation where the local infrastructure is attacked. So, there needs to be focus on local infra like metro rail or state power stations like KSEB. We are on the verge of a huge threat, but it is still not clear how much governments are prepared,” he said.

Political reactions

Ministry of External Affairs Spokesperson Arindam Bagchi had said on Monday: “We have seen the reports. There is a mechanism in place so that our critical infrastructure remains resilient in such cases. We have systems in place to safeguard critical infrastructure." Responding to a question by journalists, Bagchi, however, added cryptically, "I don't have any information that we have raised the issue with China."

Speaking on the sidelines of a clean energy ministerial meet in the national capital, Power Minister R.K. Singh acknowledged attempts were made by China, but added India's defences against such intrusions were strong. "Our defence against cyber attack is strong. These were probing attacks in December, January and February. They did not succeed. But we are aware," he said. The minister also said action was taken way back in 2018 against suspected cyber attacks on the country's power supply system. "We had put protocols in place. Those protocols are working and we are strengthening those protocols every day. So, our cyber defence against cyber attack is strong. We are confident about that," Singh asserted.