China may be responsible for a massive power outage in Mumbai, according to a recent report published by Recorded Future, a Massachusetts-based cybersecurity company that specializes in collecting, analyzing, and disseminating cyber threat intelligence.
In October 2020, India’s second most populous city – Mumbai – experienced a power outage that shut down the National Stock Exchange, halted rail transport, and left more than 20 million people without electricity. The blackout took place amid growing tensions between India and China, particularly along their border where violence resulted in combat fatalities for the first time in 45 years.
A February 28th article in the New York Times suggests that there could be a link between the blackout and Chinese cyber warfare, pointing to a
The Recorded Future report stated that they “observed a large increase in suspected targeted intrusion activity against Indian organizations from Chinese state-sponsored groups” and that targets included “a large swathe of India’s power sector.”
The report stated that “the alleged link between the outage and the discovery of the unspecified malware variant remains unsubstantiated.”
The New York Times, however, suggests that it “lends weight to the idea that those two events may well have been connected — as part of a broad Chinese cybercampaign against India’s power grid, timed to send a message that if India pressed its claims too hard, the lights could go out across the country.”
Some Indian officials appear to agree.
Maharashtra Energy Minister Nitin Raut said, “When the power went out in Mumbai, I had said that there was something wrong and had constituted three committees to probe. I feel media reports that have surfaced are true.”
Raut added that [based on] “the preliminary information I have, there definitely was a cyber-attack and it was a sabotage.”
Chinese Foreign Ministry spokesman Wang Wenbin denied any involvement when questioned about the report, stating: “China is a staunch upholder of cybersecurity. We firmly oppose and fight any kind of cyber-attacks.”
There are key takeaways from this event for the United States.
First, Chinese actions parallel Russia’s testing of cyberwarfare tools, training cadre, refining tactics, techniques and procedures, and the linkages to other military and strategic initiatives. Russia’s intrusions and attacks against the Ukraine sent a message to its neighbors the same way China now intimidates Vietnam and other neighbors who oppose Beijing’s incursions into the South China Sea.
Second, malware can be developed by less capable adversaries than Russia or China. For example, in 2019 Iranian hackers deployed malware targeting industrial and energy sectors in the Middle East, and malware attributed to North Korean hackers infected the network of India’s Kudankulam Nuclear Power Plant. While this North Korean malware appeared to be a tool for reconnaissance and espionage, it laid a foundation that could be exploited in the future to do physical damage to critical infrastructure through supply chain attacks and attacks on control systems.
Last, America is just as vulnerable as India when it comes to malware, vulnerabilities of control systems, and an insecure supply chain for our critical infrastructures – especially the electric grid.
Supply chain cyber-attacks and those meant to affect control systems are not often used for espionage, but rather as a weapon to disable or destroy critical infrastructures according to cybersecurity expert Joe Weiss.
Weiss warns that it is not just a grid issue, because “China has supplied pumps, valves, motors, relays, and other equipment world-wide.”
Mike Rogers – former chairman of the House Intelligence Committee – who recently wrote:
“If a full on ‘turn the lights off’ cyber war were to happen today, we would lose. Think about that. We would lose a cyber war. With a few clicks of the mouse, and in just a few seconds, hackers in Beijing or Moscow could turn off our electricity…’
Rogers’ warning of our electric grid being a prime target echoes that of the Congressional Electromagnetic Pulse (EMP) Commission, which wrote in 2017:
“Combined-arms cyber warfare, as described in the military doctrines of Russia, China, North Korea, and Iran, may use combinations of cyber-, sabotage-, and ultimately nuclear EMP attack to impair the United States quickly and decisively by blacking-out large portions of its electric grid and other critical infrastructures…”
Presently, America’s electric grid is far too vulnerable to cyber, sabotage, and nuclear EMP attack –underscoring the need for federal, state, and local policies directed at rapidly securing the grid against all hazards.