The New York Times (NYT), based on analysis by a private intelligence firm Recorded Future, reported on February 28 that as the China-India tensions in eastern Ladakh continued unabated last year, a Chinese entity penetrated India’s power grid at multiple load dispatch points. It also raises the possibility that an October 13 blackout in India’s financial capital Mumbai, while the city managed to contain COVID-19 outbreak, could be related to this intrusion. The NYT story (and the report it was based on) seems to suggest that the alleged activity against critical Indian infrastructure installations was as much meant to act as a deterrent against any Indian military thrust along the Line of Actual Control (“a show of force,” as Recorded Future put it) as it was to support future operations to cripple India’s power generation and distribution systems in event of war.
According to the Recorded Future analysis, “10 distinct Indian power sector organizations, including 4 of the 5 Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure.” The firm identified two maritime institutions that were also targeted: the Mumbai Port Trust, and the V. O. Chidambaranar Port in the south of India. The targets, including the North Eastern Regional Load Dispatch Center, were geographically dispersed and spread across the country north, west, east and south, clearly supporting Recorded Future’s conclusion that a Chinese state-backed entity (which it calls RedEcho) was behind the campaign. All in all, 21 Indian IP addresses were targeted by the group, the firm reports.
Recorded Future concludes that RedEcho’s choice of target set does not indicate economic espionage as its intent. Rather, the firm claims, “pre-positioning on energy assets may support several potential outcomes, including geostrategic signaling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation.” (When it came to the influence operations value of the campaign, Recorded Future noted that it could also be to “sway [Indian] public opinion during a diplomatic confrontation.”) According to the NYT, Recorded Future had alerted the Indian government’s Computer Emergency Response Team to its discovery. “Twice the center has acknowledged receipt of the information, but said nothing about whether it, too, found the code in the electric grid,” the NYT article said.
But if India’s physical critical infrastructure presents a first set of vulnerabilities that could be targeted by a range of actors for signaling, deterrence or offensive operations, cyber espionage too remains another pressing challenge for the country. Earlier in February, the Hindustan Times had reported that a number of Indian government officials, including those from the sensitive ministries of defense and external affairs, had been subject of a phishing campaign on February 10 that involved compromised government domain email addresses. While it is important to note that the news report does not identify Chinese state-supported entities as being behind it, in the past the Indian government had directly identified China as being attempts to hack computers belonging to officials in the national security establishment. In January 2010, then Indian National Security Advisor M.K. Narayanan directly accused China of being behind a cyber campaign that targeted many officials – including him.
When it comes to cyberattacks – in distinction to espionage activities – it is unclear how India seeks to deter them, or counterattack in the event such attacks eventuate. Considerable questions remain about India’s own offensive cyber capabilities, despite hints that they exist.
In general deterring cyber-attacks – and whether a proportionate response to a cyber attack on critical infrastructure could include kinetic military responses – remain difficult questions. In the 2018 book “The Perfect Weapon,” NYT national security correspondent David Sanger (who coauthored the February 28 article on Chinese malware targeting India’s power grid) noted that then-Secretary of Defense James Mattis had recommended to President Donald Trump that in order to deter a massive cyber-strike on U.S. critical infrastructure, the president should announce that he was willing to retaliate kinetically – even with nuclear weapons – should such an attack materialize.