Chinese cyberattacks against Ladakh electricity grid:  A déjà vu  

Evidence has now emerged following revelation by a US-based cyber security firm—Recorded Future—and confirmed by the Government of India (GoI) that the Peoples Republic of China (PRC) carried cyber attacks in December last year, which continued in January and February targeting electricity grids in Northern India located close to Ladakh and the Line of Actual Control (LaC) dividing India and China. Officially, China denied any involvement and China’s foreign ministry spokesman claimed China does not tolerate hacking, the hackers appear to have used Taiwan and South Korea as the gateway to execute the cyber offensive. Specifically, the Chinese hackers targeted load State Load Dispatch Centers (SLDCs) or electricity distribution units in the Northern Indian states using a cluster of malware called ShadowPad threatening the supply of electric power. These attacks were preceded by cyber attacks against Regional Load Dispatch Centers (RLDCs) in Delhi, Karnataka, and Telangana as well as two ports: Mumbai Port and Tuticorin VOC port. There are two consequences that flow from this latest PRC-directed attacks, which in all probability were carried out by the People Liberation Army Strategic Support Forces (PLASSF) and Ministry of State Security (MSS). Firstly, the Union Energy Minister R.K. Singh observed India cyber defence capabilities thwarted the PRC’s attacks, revealing why cyber defence remains India’s first line of protection against attacks and where investment by the Indian state has been strong.

The Chinese hackers targeted load State Load Dispatch Centers (SLDCs) or electricity distribution units in the Northern Indian states using a cluster of malware called ShadowPad threatening the supply of electric power.

Regardless of India’s commendable cyber defence, the geographic concentration of the targets is also indicative of the level of effort the PRC is making in probing for weaknesses in India’s electricity infrastructure. The attacks may have only been a dry run by the Chinese cyber attack teams in preparation for something more devastating down the line. While the attacks were likely geared to test the strengths and weaknesses of the cyber network of India’s electricity grid in the North; however, preceding the attacks there is evidence to suggest cyber espionage. The latter is critical to executing attacks, because it would have helped assess and determine the nature or the intricate characteristics of the cyber network on which the electricity grid in Northern India close to the border with China is based. Cyber espionage is a vital prerequisite for cyber attacks, even if these latest attacks by the PRC failed to inflict any serious damage. As Recorded Future in its report noted, “…was intended to enable information gathering surrounding critical infrastructure systems or is pre-positioning for future activity.”  The cyber attacks were carried out with considerable advance preparation.

Cyber weapons will remain a weapon of choice for the Chinese because there is no real inherent danger for the Chinese state to suffer significant retaliation. In fact, Beijing in all likelihood sees itself incurring minimum costs.

Secondly, Indian decision-makers need to understand that neither the PRC nor Pakistan are likely to divest their intent to carry out offensive action against Critical Infrastructure (CI). Indeed, offensive cyber warfare, manifesting themselves in the form of the recent incident, will remain an arrow in the quiver of both China and Pakistan. Indeed, their lack of success will spur them (especially the Chinese) to develop more innovative means to target India’s critical infrastructure. Indeed, cyber weapons will remain a weapon of choice for the Chinese because there is no real inherent danger for the Chinese state to suffer significant retaliation. In fact, Beijing in all likelihood sees itself incurring minimum costs. Also, Beijing deduces that escalation thresholds will not be breached and will remain confined to the cyber domain as long as they do not generate significant collateral damage in the form of mass casualties or significant physical destruction. Thus, India will witness continued Chinese and Pakistani origin cyber offensive as well as collusion between them, with Pakistan serving as a proxy. Union Power Minister R.K. Singh did not speak of exacting any retribution against the Chinese for the cyber attacks. In addition, these attacks give China plausible deniability. The attacks were conducted through “compromised” Internet IPs from Taiwan and South Korea. Notwithstanding the Chinese Foreign Ministry spokesperson’s vehement public statement regarding the PRC’s non-involvement and assuming that privately motivated hackers based in the mainland carried out the hack, the PRC can still claim it did not authorise the attacks and that it goes after hackers as its spokesperson says, which is akin to Pakistan claiming it is cracking down on terrorism when it is not, because they serve as proxies of the state. In any case, the hackers who carried out the cyber attacks are part of the state—the PLASSF and the MSS.

The recent cyber-attacks against SDLCs in India’s northern power grid will not be the last as the Indian government will need to brace for additional attacks from China.

More fundamentally, India has to contend with the importance and necessity of cyber offence as much as cyber defence. As of today, India’s primary or possibly only response measures appear to be defensive. India has to also invest in more offensive cyber means as a response. To be sure, offensive cyber capabilities are not a panacea for India’s challenges in the cyber domain. However, faced with motivated adversaries such as China and Pakistan, cyber retaliatory capabilities are indispensable. The recent cyber-attacks against SDLCs in India’s northern power grid will not be the last as the Indian government will need to brace for additional attacks from China. The Chinese view the cyber domain as offence dominant. While the Indian government may avoid publicly commenting on any cyber offensive or retaliatory measures by India, it has to plan, prepare, and execute cyber attacks against China or Pakistan. India would be wise to let its adversaries to know that it is very capable of exploiting their vulnerabilities in the cyber domain and penetrating and sabotaging the computer networks of their CI. Cyber planners in the government must understand, they cannot completely firewall the computer systems of the country’s CI from cyber attacks, and they will recur with possibly more devastating effects in the future.

• International Affairs
• Defence and Security
• Cyber Security
• Internal Security
• Cyber and Technology
• China
• India
• Pakistan
• attacks
• Chinese
• cyber defence
• cyberattacks
• déjà vu
• electricity grid
• LAC
• PLASSF
• terrorism

The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.