Maharashtra Energy Minister Nitin Raut on Wednesday informed the state Assembly that a Mumbai Cyber Police investigation into the October 12, 2020, power outage had suggested a possible cyber attack on the city’s electrical infrastructure with an intent to disrupt power supply.
Raut did not name any country in the statement that he read out in the Assembly. He said the investigation had revealed that some of the Trojan horses used to hack into Mumbai’s electrical infrastructure with an attempt to disrupt it had been earlier deployed for cyber attacks in other parts of the world.
While speaking to mediapersons later in the day, Raut said the report shows intrusion of malware from China, UK and other places into the power grid system. He added that the state power department has now banned the use of Chinese equipment.
Raut said that the malware had easily bypassed the firewall systems and entered the Information Technology (IT) and Operational Technology (OT) servers used to oversee the power distribution system. He added that while the IT system had raised alarm three times in one minute about a possible cyber attack, it went unnoticed. He said it was as “organised cyber attack”.
Raut was informing the Assembly of the findings of the cyber police, which had been asked to investigate the power outage that had brought major parts of Mumbai to a grinding halt. “The findings of the cyber cell report states that malicious programmes through 14 Trojan horses had managed to enter the server of Maharashtra State Electrical Transmission Company in an attempt to disrupt power supply. Some of these Trojan horses have been used in other parts of the world to conduct cyber attacks.”
He added that these Trojan horses had easily managed to bypass the firewalls and enter the servers of the transmission agency.
Raut said that the inquiry also found that the firewall of the server at the State Load Dispatch Center (SLDC) at Kalwa – the nerve centre for the operation, monitoring and control of the power system – was found to be easily accessed by suspicious malicious codes and software programmes that could compromise the cyber security eco system as well as disrupt its design functionality.
He added that while three alarms were raised by the transmission agency’s IT system in less than a minute, they all went unnoticed, which indicated the possibility of a cyber attack.
“It has been observed that repeated attempts were made from suspicious and blacklisted IP (Internet Protocol) addresses from foreign locations to login to the cyber server of the SLDC to hack and disrupt the system,” Raut said. He added that these IP addresses had been certified as suspicious and malicious by major credit rating agencies.
He also said that attempts have been made to classify or remove approximately 8 GB of data from a suspicious IP address in the SLDC cyber server, which could disrupt power supply.
The minister further said that the report had recommended that efforts needed to be taken to separate the IT Infrastructure from the OT Infrastructure of the transmission company. It also called for augmenting the cyber security of the servers of power companies.
“The recommendations made by all the committees in connection with this incident will be thoroughly studied and necessary measures taken in the short and long term,” Raut said. He added that the department will take necessary steps to ensure that there is no power outage in Mumbai in the future and that quality and adequate power is available 24 hours a day.
A report by a cyber security company based in Massachusetts had noted a “steep rise” in the use of malware by a Chinese group called Red Echo to target India’s power sector organisations in 2020, when tensions between the two countries were high.
The contents of the study conducted by Recorded Future were reported by The New York Times on Sunday. The report said the findings suggested a link between the Galwan clash of June 2020 and the grid disturbance that led to the power outage in Mumbai on October 12, last year. The NYT report spoke of a “broad Chinese cyber campaign against India’s power grid”, timed as a “message from Beijing about what might happen if India pushed its border claims too vigorously”.
Soon after the report came out, state Home Minister Anil Deshmukh on March 1 appeared to agree with the assessment in the NYT report. He told mediapersons that preliminary findings of an investigation by the cyber police has indicated that the “blackout of October 12 could probably have occurred” due to “attempts” by unidentified foreign agencies to hack the city’s electrical infrastructure.
The Union government has, however, has denied that the blackout was the result of a cyber attack. Union Minister of State for Power R K Singh on Tuesday had blamed it on human error.