Union Minister Raj Kumar Singh has denied media reports that said the massive power outage in Mumbai last year was caused by a cyberattack from China, calling it a “human error”. Singh’s remark contradicts Maharashtra Home Minister Anil Deshmukh’s admission of a possible “cyber-sabotage”, based on a preliminary report by the state’s Cyber Cell. While both global and local press are alluding to the Mumbai power outage of 12 October 2020 to a China-based hacking system, it is intriguing that the Union minister should be in such a rush to give a clean chit to China.
Even as Singh was denying China hand, power utilities in Telangana averted a possible hacking attempt by a China-based “ATP-Threat actor Group Command and Contro” servers, which were trying to communicate with control systems belonging to Telangana State Load Dispatch Centre (SLDC) of TS Transco (Transmission Corporation of Telangana Ltd). A Mumbai-type grid failure was averted because of a timely alert by the Computer Emergency Response Team of India (CERT-In).
Clearly, India’s characteristic sloppiness about non-conventional threats must not be the guiding force here. To allow China to play out its cyber intentions, which the Joe Biden administration in the US is giving strong signals of, would be a disaster to say the least.
What we are up against
An Advanced Persistent Threat (APT) is a secret threat actor, generally directly owned by a government or state-sponsored group, which gains unauthorised access to a computer network and remains undetected for a long time, referred to as “dwell time”. This could even be two to three years thus giving the hacker enough time to mop up as much critical information as possible before mounting an attack to incapacitate the host system. In recent times, such ‘moppings’ are done by non-state actors and sponsored groups constantly engaged in large-scale targeted intrusions for specific sectors such as mass rapid transport, defence establishments, banks and general trade facilities like stock exchanges.
PLA Unit 61398 (also known as APT 1, Comment Crew, Comment Panda, Shanghai Group, GIF89a, and Byzantine Candor) is the Military Unit Cover Designator (MUCD) of the People’s Liberation Army’s APT unit that controls and supervises all computer hacking attacks. The unit is stationed in Pudong, Shanghai. Some of the most sophisticated of the Chinese hacking groups are said to be operating from this unit under the command structure of the PLA from its headquarters. Reports of studies commissioned during the Barack Obama administration in the US suggested that cyber attacks on commercial and defense institutions believed to be emanating from Unit 61398 focused not just on stealing information, but “obtaining the ability to manipulate American critical infrastructure: the power grids and other utilities”.
Obama referred to this alarming situation in the State of the Union speech, saying, “We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing.” Obama’s successor Donald Trump took the threat perception to the next level and created firewalls because “foreign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system, which provides the electricity that supports our national defense, vital emergency services, critical infrastructure, economy, and way of life”.
Biden’s committing an error
The Joe Biden administration’s first order in a way reversed these when it decided to review Trump’s policies while also pausing the ban on Chinese company TikTok. These are signs that the US’ critical sector engagements with China will continue. The US may have to pay a very heavy price for this callous approach towards cyber threats from China.
Technology is the new weapon. It is an instrument of progress in the hands of a benign leadership functioning within a democratic framework. In the hands of a powerful oligarchy run by a single party and presided over by a powerful individual, technology is a weapon to subjugate the obstinate and punish those who dare to compete.
There is very little doubt that Beijing considers New Delhi, especially under a strong prime minister like Narendra Modi, to be a potential threat to its hegemonic objectives. In the larger global context, China has every reason to be cautious of the conventional war capabilities of the US. As against the ‘Rapid Global Strike’ plan of the US to counter China’s maritime and land-based capabilities, the PLA preferred to develop its non-conventional strike capabilities through technology transfer (read robbing technology) from American universities and research institutions.
Beijing continued to deny that it has snooping capabilities or intentions. The PLA had consistently dismissed allegations of cyber war perpetuated by its ‘computer laboratories’ like PLA Unit 61398 and other MUCDs. But faced with undeniable evidence, the PLA, in its December 2013 document, accepted conducting cyber ‘espionage’ activities and admitted that it will develop a strong capability in APT command structure.
India got the signal, it’s time to act
It is one of the many such command structures that perhaps sneaked into the Mumbai power grid and temporarily shut it down. Such shutting down can happen to any power grid anytime as the operating units do not know of the “sleeping malware” with a long dwell time. Again, a sudden attack on the banking software, payment portals and digitalised sharing platforms can plunge the banking, commercial, railways and even air travel into utter chaos.
The Mumbai power grid failure followed by the incident in Telangana are warnings that India cannot take the threat lightly. Instead of distributing clean chits to China, all concerned ministries should invest more on creating a strong anti-access technology. The future wars will be fought on cyber domain and probably in outer space, which will be instrumental in communication technology. By the time New Delhi realises the enormity of the problem, Chinese cyber soldiers would have infiltrated our systems so deeply that de-coupling them would become next to impossible.
There is an urgent need to put in place a national security doctrine with integrated security approach to tackle non-conventional threat perceptions. A continuous net assessment should be initiated preferably by the Integrated Defence Staff headquarters to determine the chinks in our anti-access security architecture.
Seshadri Chari is the former editor of ‘Organiser’. Views are personal.