Chinese cyber escalation against India’s electricity grid amidst the boundary crisis
Beyond defensive measures, New Delhi needs to step up efforts for a potent cyber offensive capability that can enable retaliatory strikes against Chinese Critical Infrastructure and other vulnerable targets on the mainland.
Bill Hinton — Moment Open/Getty
In the wake of the recently reported cyber attacks targeting the Maharashtra electricity grid, New Delhi faces an intensified cyber security threat to physical infrastructure. The scale of the attack and the identity of the attacker being the Peoples Republic of China (PRC) make it obvious that the vulnerabilities facing India’s Critical Infrastructure (CI) need to be addressed with greater urgency. Cyber attacks against India’s CI and Strategic Infrastructure (ST), such as nuclear power plants, are not new. After all, hackers from North Korea penetrated the Kundankulam Nuclear Power Plant (KKNPP) in 2019 in a bid to test the defences of the cyber security of the plant and steal information about the reactor design. What is new, albeit unsurprising, is China’s cyber assault against Indian CI happened amidst an ongoing crisis on their contested boundary.
Two distinctions have to be made here — between symmetrical and asymmetrical responses. Symmetrical response involves proportionality in that the state executing it does not overreact and tailors its response to be well calibrated to tackle the threat in question. On the other hand, asymmetrical response involves shifting the terrain of action to one that is suited to that state’s strength and where the adversary is weak. The PRC exploited lapses committed by India in Ladakh, which the Indian Army (IA) normally patrols but left vacant, allowing the People’s Liberation Army (PLA) to seize tactically advantageous positions at Pangong Tso, Hot Springs, and Gogra along the Line of Actual Control (LAC) with India in April-May 2020. The IA did contest the PLA exactly where the occupation occurred but was unable to secure a Chinese withdrawal and the nadir of the crisis was in mid-June 2020, when 20 Indian soldiers perished trying to evict the Chinese presence in Galwan. Thereafter, the IA waited for a propitious moment and responded in a geographic area more suited to India in late August 2020 by seizing heights and securing tactically advantageous positions on the south bank of the Pangong Tso such as the Kailash Range. The IA took the PLA by surprise. The seizures of territory along the south bank created conditions for a quid pro quo.
What is new, albeit unsurprising, is China’s cyber assault against Indian Critical Infrastructure happened amidst an ongoing crisis on their contested boundary.
Having countered the PLA with an asymmetrical response, the IA shifted the onus of escalation back on to the PLA. In October 2020, the Chinese appeared to have stepped up the pressure by moving up the escalatory ladder by shifting their action to an altogether different domain — cyberspace, on which India’s CI is crucially dependent. Although the term “cross-domain” is laden with ambiguity and generally tends to be defined as sea, air, and land domains, the definition is too restrictive. The other domains the term must cover or should encompass are space and cyberspace. The People’s Liberation Army Strategic Support Force (PLASSF) and its state-sponsored affiliate grasped this vulnerability and saw an opportunity and planned the escalation beyond the land domain to cyberspace. By doing so, a Chinese state-sponsored hacking group called Red Echo — and possibly a veritable arm of the PLASSF that plans and executes cyber, space, and electronic warfare operations — targeted the Maharashtra state electricity grid through the cyber domain. Maharashtra, which is home to India’s financial capital, Mumbai, had malware inserted that flowed through its electricity grid precipitating a power outage on 13 October 2020. The state is also one of the largest and most industrialised in the Indian union and the Chinese picked their target with great precision to send a signal that India needed to demonstrate flexibility in the military-to-military negotiations that were underway at the time. The cyber attack was launched to improve their bargaining position and was a demonstration to their Indian adversaries that China could hurt India. After all, India too pursued a certain set of actions to counter-coerce and generate pressure for Beijing’s infractions along the Sino-Indian boundary — disturbing the peace that had held for over 50 years. These measures ranged from strongly counter-mobilising Indian ground and air forces in Ladakh, banning Chinese mobile apps, limiting Chinese investments in the Indian economy, and joining the Quad — an informal grouping of the United States (US), India, Japan, and Australia arrayed against the assertion of Chinese power in the Indo-Pacific.
The cyber attack was launched to improve their bargaining position and was a demonstration to their Indian adversaries that China could hurt India.
Further, the cyber code that was used to trigger the blackout is potentially still to be found. If true, this implies that malware can hide within a cyber network and go undetected even if you know that it was the source of disruption. Indeed, malware is known to hide amidst the flow traffic of any given computer or cyber network. Indeed, malicious code could be prepositioned for future attacks in a given network or rather information can be gathered to execute future attacks. Unless the Computer Emergency Response Team–India (CERT-In) along with the state of Maharashtra and its dedicated cyber unit, Maharashtra Cyber — which is one-of-a-kind in that no other state has a comparable body — reveal more; there is very little that can be precisely gleaned from the existing public information. For now, as most cyber security experts have conceded, there have to be regular cyber audits, better cyber detection mechanisms and personnel training to prevent malicious code from penetrating India’s CI. A key reason for the cyber intrusion of this scale was possible because Maharashtra, like several other states across India, is dependent on Chinese hardware for their critical electricity infrastructure. Divesting dependence on Chinese equipment should be a priority.
However, beyond these defensive measures, New Delhi needs to step up efforts for a potent cyber offensive capability that can enable retaliatory strikes against Chinese CI and other vulnerable targets on the mainland. This capability must also be used in conjunction with other instruments of military power when necessary. The Chinese have clearly demonstrated they are ready to escalate a crisis and conflict with cross-domain attacks in order to coerce and extract concessions. India cannot deprive itself of dedicated cyber warfare capabilities and if investments are already underway, this episode should accelerate the effort.