Online security

EXCLUSIVE: Cybersecurity strategy is the need of the hour, says senior PMO official amid report on cyberattacks in China

In what could raise alarm bells within central government, cyber-intelligence firm Recorded Future has identified seven State Load Dispatch Centers (SLDCs) in northern India as having faced threats. cyberattacks from China-linked adversaries in recent months. Most of the activity likely occurred between February 17 and March 22. “Furthermore, these attacks are in geographical proximity to the disputed India-China border. [Ladakh]“said Recorded Future, in its report published on Wednesday.

What becomes of greater concern is that the attacks were likely intended to gather information about critical infrastructure systems, or are prepositional for future activity, said the report seen by THE WEEK. The SLDCs are responsible for performing real-time operations for grid control and distribution of electricity in the respective states.

“Despite the partial troop disengagement between India and China in February 2021, the prolonged targeting of Indian critical infrastructure continues to raise concerns about prepositioning activities by Chinese adversaries,” he said.

When contacted, Lt. Gen. Rajesh Pant, Cybersecurity Coordinator in the Prime Minister’s Office (PMO), said the unfolding of recent world events (Hybrid War between Ukraine and Russia) demonstrated the need for a robust cybersecurity strategy at the national level to strengthen local cyber defense capabilities. “India is taking all measures to protect itself from threat actors active in cyberspace,” he told THE WEEK. He added that the need of the hour is the development of local capabilities, as well as international collaboration with strategic partners to share threat intelligence to protect critical infrastructure.

In Hybrid Wars, as first seen in Ukraine, the dismantling of electricity and telecommunications in the target country becomes a key entry point for enemy forces before a military invasion can erupt. takes place. All future wars will have a cyber component, and India must prepare for the future, another senior government official said.

The latest cyber activity displays targeting capabilities consistent with previous activities related to the RedEcho attack group, but there are also distinct features this time around as “cluster” activity is noticed.

In addition to targeting Indian power grid assets, the firm also identified the compromise of a national emergency response system and the Indian subsidiary of a multinational logistics company. The government has yet to confirm or deny reports of this security breach, but it is undeniable that a threat exists.

According to the report, analyzed by THE WEEK, Indian power grid organizations have been continuously targeted by Chinese state-sponsored groups over the past 18 months. While the allegations have been strongly denied by the Chinese government on several occasions, the latest reports once again draw attention to the vulnerability of India’s critical infrastructure and the need for a cyber strategy. at the national level to keep these threats at bay.

India’s CERT has also so far dismissed claims of “successful” cyberattacks targeting Mumbai’s power grid or affecting any of the power dispatch centers in northern India. The Union Energy Ministry had also denied that last year’s Mumbai power outage was caused by a cyberattack, but attempts are continuing, cyber experts say.

This has led CERT-IN to put in place new mechanisms over the past few months to raise awareness among the electricity sector, dispatch and transmission centers and other critical infrastructures such as telecommunications in order to strengthen their capacity to identify and thwart cyber intrusions.

Recorded Future, meanwhile, said the prolonged targeting of Indian power grid assets by Chinese state-linked groups offers limited opportunities for economic espionage or mainstream intelligence. But the indication that this is part of a “long-term strategic priority” for Chinese-sponsored threat actors is a concern that cannot be easily dismissed.

“The purpose of intrusions may be to better understand complex systems to facilitate the development of capabilities for future use, or to gain sufficient access through the system for future emergency operations,” the report warns. .

In February 2021, Recorded Future highlighted the compromise of 10 Indian power sector organizations, four of the five regional load dispatch centers, two ports and other operational assets.