Last week, an article by The New York Times caused a major buzz when it cited a report by a cybersecurity firm to state that the major power blackout experienced by Mumbai last October may have been caused by a cyberattack from China.
The report, carried out by US-based cybersecurity firm Recorded Future - which studies internet use by state actors, found that a China-backed group called RedEcho has led a state-sponsored operation of deploying malware in the Indian power systems.
The NYT article then connected this to the major power blackout experienced in Mumbai, by pointing out the fact that the Maharashtra cyber cell had indeed stated last November that the blackout was caused by Chinese malware, after initial investigations. The article then suggested that the attack may have been done retaliation to the hand-to-hand skirmish between Indian and Chinese troops in June 2020 at the Galwan Valley, which claimed the lives of both Indian and Chinese soldiers.
Also Read: Mumbai's 2020 Power Blackout Caused By Chinese Attack, Says Study
Human Error Or Chinese Attack?
The Central and State governments are now in disagreement about what happened, with Maharashtra's Energy Minister confirming the Chinese cyberattack, while Central government chalked it up to a human error and not an attack.
Speaking to India Today on Monday, Maharashtra Energy Minister Nitin Raut confirmed that the claim regarding Chinese cyberattack being the cause of the Mumbai blackout last year was true.
"There is truth in the claims made by NYT (in reference to an article on the report by New York Times). We had formed three committees to inquire into the matter. We will receive a detailed report this evening from the cyber department," Raut said.
Also Read: Marriage Between Rapist And Survivor Not Justice
After a day of silence from the central government, Union Minister of State of Power R K Singh denied there being any evidence pointing to a Chinese cyberattack, and called last year's power blackout in Mumbai a result of 'human error'.
Speaking to ANI, Singh said, "Two teams investigated the power outage and reported that the outage was caused by human error and not due to cyber attack. One of the teams submitted that cyber attacks did happen but they were not linked to the Mumbai grid failure."
"Some people say that the group behind the attacks is Chinese but we don't have evidence. China will definitely deny it," Singh added.
And they did - a spokesperson for Chinese embassy in India issued an official statement of denial on Tuesday, saying, "China is a staunch defender of cyber security and also a major victim of hacking and cyber attacks. China firmly opposes and combats all forms of cyber attacks and crimes."
"Speculation and fabrication have no role to play on the issue of cyber attacks. It is highly irresponsible to accuse a particular party when there is no evidence. China is firmly opposed to such irresponsible and ill-intentioned practice," the statement added.
On that very day, the Ministry of Power also put out a statement reiterating Singh's point and stating that it was aware of the cyberattack attempts. "An email was received from CERT-In on 19th November, 2020 on the threat of malware called Shadow Pad at some control centres of POSOCO. Accordingly, action has been taken to address these threats," the statement read.
The statement also added that actions were taken to prevent any damage to the power systems. "There is no impact on any of the functionalities carried out by Power System Operation Corporation (POSOCO) due to the referred threat. No data breach/ data loss has been detected due to these incidents," it read.
Also Read: Explained: What Is A Bad Bank, How It Has Been Used Around The World
Telangana's Sub-Stations Under Attack
Soon after the Ministry of Power issued the denial of China causing the Mumbai power blackout, electricity officials in Telangana said they have received alerts from Central Electricty Authority about Chinese malware entering 40 sub-stations in the state.
According to a PTI report, citing officials, "CERT-In has reported from a trusted source that China-based "Threat actor Group Command and Control" servers are trying to communicate with systems belonging to Telangana State Load Dispatch Centre (SLDC), TS Transco (Transmission Corporation of Telangana Ltd) and advised taking suitable precautionary measures to ensure the security of the power system."
Officials also stated that actions were taken quickly to remove the malware before it could cause any damage.
"We noticed some malware. Immediately, we erased that. We have taken all the preventive steps. Absolutely, there is no problem," a senior official in the state's electricity department told PTI.