Pedestrians wearing protective masks walk past an out of service traffic signal as the Bombay Stock Exchange (BSE) building stands in the background in Mumbai on 12 October 2020 | Dhiraj Singh | Bloomberg
Pedestrians wearing protective masks walk past an out of service traffic signal as the Bombay Stock Exchange (BSE) building stands in the background in Mumbai on 12 October 2020 | Dhiraj Singh | Bloomberg
Text Size:

New Delhi: The massive power outage that brought much of Mumbai to a standstill for hours last October was caused by a cyberattack, said Maharashtra Energy Minister Nitin Raut Monday, who called it an act of “sabotage”.

Raut said the state government, the Maharashtra Electricity Regulatory Commission (MERC) and the Central Electricity Authority had set up separate committees to probe the cause of the outage and their reports have been received.

“We had then complained to the cyber cell and their report is awaited. But the preliminary information I have, there definitely was a cyber attack and it was a sabotage,” he said, according to news agency PTI.

A 28 February New York Times report stated that the outage could be a “part of a broad Chinese cybercampaign against India’s power grid”. Citing a study by a US cyber security firm, NYT said a stream of Chinese malware had been “flowing into the control systems” that manage India’s electricity supply.

The Chinese embassy in India put out a statement denying China had any role in the cyber attacks.

In a tweet, the spokesperson said China was a “staunch defender of cyber security” and  said it was “highly irresponsible to accuse a particular party with no sufficient evidence”.

Earlier in the day, Sanjay Shintre, superintendent of police (SP), Maharashtra Cyber, said the cybersecurity agency had not found any proof that linked the China-backed hackers with the power outage.

“There is no concrete evidence Chinese hackers disrupted the Mumbai power supply,” he told ThePrint.

“There were suspicions of Chinese involvement because of clues like internet traffic originating from China. However, no FIR has been registered in this power outage issue. There were technical experts from institutes from Mumbai and nearby who investigated the power outage, but the technical experts did not conclude that Chinese hackers had caused the Mumbai power outage,” he added.

Maharashtra Cyber is the nodal agency for cybersecurity issues under the home department of the Maharashtra government. Shintre took charge of the agency in February 2021.

The Union Ministry of Power had also issued a statement on the cyber threat identified by the US firm, which nicknamed the hackers ‘RedEcho’.

“There is no impact on any of the functionalities carried out by POSOCO due to the referred threat. No data breach/data loss has been detected due to these incidents,” the statement said. However, it did not address the claims about the Mumbai power outage.

The US firm’s study said that several other Indian entities could have also been attacked by RedEcho. These “suspected victim” organisations include Power System Operation Corporation Limited (POSOCO), Kudgi Super thermal power station in Karnataka, and the maritime port Mumbai Port Trust.

ThePrint emailed several Indian government officials, including the National Cyber Security Coordinator (NCSC) Lt Gen Rajesh Pant, Director General of Indian Computer Emergency Response Team (CERT-In) Dr Sanjay Bahl, and the help desk of the National Critical Information Infrastructure Protection Centre (NCIIPC) for a comment on the alleged Chinese malware campaign against India.

Pant replied saying he was yet to receive a detailed report from the Maharashtra government.

The report will be updated when they respond.


Also read: China hacked Indian govt teleconference in 2017 — US think-tank reiterates old report


What the reports say

Citing the cyber threat monitoring firm the Recorded Future, NYT reported: “The study shows that as the standoff [between India and China] continued in the Himalayas … Chinese malware was flowing into the control systems that manage electric supply across India…”

The NYT article and the study both linked to an India Today report about the Mumbai power outage.

On 13 October last year, Mumbai faced at least two hours of power outage, starting at 10 am, that brought railway services to a halt as well as the stock exchange and commercial offices. In the suburban central Mumbai area, the outage lasted 10-12 hours. Intensive care units at government hospitals and Covid centers were forced to run on back-up power supplies during this term.

“News reports at the time quoted Indian officials as saying that the cause was a Chinese-origin cyberattack on a nearby electricity load-management center,” NYT said, citing the India Today report. 

However, the India Today report said the Maharashtra Cyber, based on initial findings, suspected the power outage was caused by malware on computers at a state load despatch center around Padgha. State-level load despatch centres are set up to manage and monitor the efficient despatch of electricity across a state.

It also noted that China-based hackers had been carrying out a series of attacks on the Indian cyberspace in the aftermath of the Galwan clash in June 2020, citing sources from Maharashtra Cyber.

The study by the Recorded Future, on which the NYT report is based, said the possibility of China-linked hackers infusing malware to cause a Mumbai power outage “remains unsubstantiated”.

(With inputs from Soniya Agarwal)

(This report has been updated with the statement by the Maharashtra energy minister, the NCSC’s response and a statement by the spokesperson of the Chinese embassy in India.)


Also read: Why paying hackers a ransom for your data isn’t the best idea


 

Subscribe to our channels on YouTube & Telegram

Why news media is in crisis & How you can fix it

India needs free, fair, non-hyphenated and questioning journalism even more as it faces multiple crises.

But the news media is in a crisis of its own. There have been brutal layoffs and pay-cuts. The best of journalism is shrinking, yielding to crude prime-time spectacle.

ThePrint has the finest young reporters, columnists and editors working for it. Sustaining journalism of this quality needs smart and thinking people like you to pay for it. Whether you live in India or overseas, you can do it here.

Support Our Journalism

VIEW COMMENTS

4 COMMENTS

  1. But we have read the extensive reports on how workers of electricity company had rrpaired a broken high tension line in the weztrrn ghats putting their lives at risk. Can a cyber attack physically damage high tension lines ?

  2. Have the Chinese Bought these blokes? It seems like they are just dismissing the reports from the US. Not that they are reliable, but need to be investigated nonetheless. Why not get data from them and ask why they think so…

  3. Maharashtra cyber official has to study a bit more. He is took quick to react to an expert study. Pretty soon that official will eat a humble pie.

Comments are closed.