Cyber experts warn that there is a strategic shift in cyberattacks on India’s power sector. They note that the cyberattack on Central Coalfields Limited (CCL), a subsidiary of Coal India Ltd, on May 7, 2025, marks a critical inflection point in cyber warfare against India’s energy infrastructure.
Experts such as K.S. Manoj and G. Jenin of cybersecurity firm Intelegrid ECC say that rather than targeting power grids or SCADA infrastructure directly, adversaries are now striking upstream fuel supply chains, thereby endangering the foundational input of power generation itself. “Believed to be linked to Operation Sindoor and attributed to hostile state-backed groups, this incident exposes a new flank in hybrid warfare,” they note.
The experts warn that the cyberattack on CCL is not an isolated incident but a prototype for future asymmetric strikes. Rather than striking generation or transmission nodes, threat actors now aim to paralyse the coal supply chains feeding India’s thermal power backbone—an attack vector that is less defended but strategically devastating.
The Intelegrid experts believe the CCL incident is linked to the recent flurry of cyber intrusions from Pakistan-based advanced persistent threat groups. Experts note that India’s coal-fired thermal power plants, including those operated by NTPC, typically maintain only a four-day reserve of coal, and a disruption lasting longer could trigger forced shutdowns, impairing electricity supply across entire regions.
The coal supply chain relies on a complex network of digital systems that includes mining operations, rail logistics and dispatch coordination, ERP and billing platforms, and inventory and scheduling systems. “These systems, largely run by subsidiaries like CCL, SECL, and MCL, often fall outside the purview of India’s designated Critical Information Infrastructure (CII). That is a major oversight, given how integral they are to national power security,” say the experts.
Currently, organisations such as the National Load Dispatch Centre (NLDC) and Power System Operation Corporation (POSOCO) are covered under Section 70 of the Information Technology Act, 2000, which empowers the government to designate protected computer resources. However, fuel supply chain infrastructure remains conspicuously absent from this list.
The indirect disruption of upstream logistics represents a deliberate strategy of non-contact warfare, experts caution. “By halting coal movement rather than targeting plants directly, adversaries can achieve wide-scale industrial and civilian impact without firing a shot,” note Manoj and Jenin. Such disruptions could delay or halt thermal power generation, interrupt essential services and industrial production, create public distrust in government-run utilities, and inflict both economic and psychological costs.
Intelegrid ECC experts outline a strategy to secure India’s coal supply chain. They recommend that NCIIPC and CERT-In immediately designate IT/OT systems involved in coal mining, logistics, and dispatch as Critical Information Infrastructure under Section 70 of the IT Act. The experts also call for enforcing regular cybersecurity audits and real-time incident disclosure protocols for all coal-sector entities. Establishing a dedicated fuel-sector CERT (Computer Emergency Response Team) to coordinate with the power sector and national cybersecurity bodies is also recommended. They further advocate conducting war-gaming exercises and tabletop simulations to stress-test the coal-to-power supply chain against cyber threats, as well as creating a real-time cyber risk intelligence network linking Coal India, NTPC, Indian Railways, and energy regulators.
