During the summer of June 2020, Indian and Chinese troops came face-to-face in the remote Galwan Valley.T. The battle ended with dozens of soldiers losing their lives. Fast forward four months later when Mumbai, with its population of 20 million, faced a city-wide power outage. The city was experiencing a tough time due to increasing COVID-19 cases and the power outage added to the mayhem faced by the ’city’s people.
While the incident was at first attributed to a standard power failure, a recent New York Times report suggests otherwise. Evidence suggests that the two incidents might be linked and could be part of a Chinese plan to send a warning to India, indicating that the entire country might face similar troubles if it tries to fight China.
The Incident – October 2020
On October 12, 2020, Mumbai faced a massive power outage which outage lasted for about 2 hours in some areas, from 10 am till noon, and 10-12 hours in other areas of central Mumbai.
The power outage brought a halt to train services, while hospitals had to rely on emergency and back-up generators amid the pandemic. The Maharashtra government ordered an investigation and set up three committees to probe into the matter. The Maharashtra Security and Electricity Board requested the cyber cell to become a part of this investigation.
The Energy Minister of the state sent out a video message that said the power outage in Mumbai was due to a grid failure caused by ““technical problems”” while carrying out maintenance work. Adani Power Ltd. and Tata Power Company Ltd., two major power suppliers, said they were also affected because of the power outage.
“Circuit 1 of 400KV GIS center at Kalva-center of MahaTransco was under repair and maintenance, and the load was on Circuit 2. A technical problem in circuit 1 led to problems in power supply to Mumbai and Thane,” Mr. Raut said at the time.
What Were the Problems Faced?
Colaba, Mahim, Bandra, and many other localities in Mumbai and Thane were affected due to the power outage. It brought the local train and metro services to a halt as the city faced a two-hour blackout in the morning. At the time, a senior railway official told the ANI news agency that the train services on the Harbour line of the city had been restored and work was on to get other services restored as quickly as possible. Reports also mentioned that long-distance trains from Mumbai had to be rescheduled.
Mumbai’s international airport and India’s two main stock exchanges, the National Stock Exchange and the Bombay Stock Exchange, were operating normally.
As Mumbai was one of the worst-hit cities affected by the pandemic in India, the Maharashtra state government reportedly asked power suppliers to provide uninterrupted power supply to hospitals as many of them were treating COVID-19 patients.
A New Light to the Incident – March 2021
According to a report by Recorded Future, a Massachusetts-based company, Chinese malware was flowing into India as skirmishes continued in Galwan Valley, lying in wait in the control systems that managed electricity supply across the country. Most of the malware was not activated, meaning that only a small portion of the malware led to the power outage in Mumbai. The report attributed this activity to China-linked threat activity group.
“[RedEcho] has been seen to systematically utilize advanced cyber intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure”,” said Stuart Solomon, Recorded Future’s chief operating officer.
Investigation: What Was Found?
The Maharashtra cyber department submitted a provisional report on the power grid failure to the Maharashtra government on March 1, 2020.
This report was handed over to Power and Energy Minister Nitin Raut by Maharashtra Home Minister Anil Deshmukh. Deshmukh mentioned that the findings of the investigation were validated by leading international newspapers.
This 100-page preliminary report from the cybercrime unit depicted three potential sabotage methods — a malware attack on the server of the Maharashtra State Electricity Board (MSEB), a transfer of 8 GB of unaccounted data from a foreign server to the MSEB, and attempts by several blacklisted IP addresses to login into the MSEB server.
Another source claims that the reason for the massive power outage in Mumbai was due to a malware attack, revealing that about 14 Trojan horses (malware) and 8 GB of unaccounted data were found in the control system electric supply. The investigation further stated that unverified sources installed this malware.
The report also suggested preventive measures and safety guidelines to be followed by individuals and organizations to mitigate such a cyberattack in the future to save the country from power outages and other massive losses.
China’s Reaction to the Allegations
After the allegations were made, China rejected the reports and denied that Chinese hackers were behind the massive power outage.
In a statement, a Chinese Foreign Ministry spokesperson called the allegations “highly irresponsible.”
“As a staunch defender of cybersecurity, China firmly opposes and cracks down on all forms of cyberattacks. Speculation and fabrication have no role to play on the issue of cyberattacks,” the Chinese spokesperson said.
The Mumbai power outage incident showcased how only a small portion of activated malware has the power to halt an entire city for hours. We can only imagine the impact it would have cause if all the planted malware would have been activated. The incident acted as a warning bell for individuals and enterprises to monitor and regulate their security measure on regular intervals and follow security guidelines to mitigate cyberattacks.