Mumbai Power Outage in October May Have Been Result of 'Cyber Sabotage': Anil Deshmukh

The Maharashtra home minister said the the state's Cyber Cell's report found that 14 Trojan horses, a kind of malware, may have been introduced into the electricity board's server.

New Delhi: Even as the power ministry said that the functionality of the Power System Operation Corporation (POSOCO) was not affected by cyberattacks, Maharashtra home minister Anil Deshmukh appeared to corroborate the findings of a US-based firm’s claims that the massive power outage in Mumbai in October last year was the result of sabotage by Chinese hackers.

Addressing the media in Mumbai along with energy minister Nitin Raut, Deshmukh said the state’s Cyber Cell had submitted its report into the October 12 outage. The preliminary report also says that unaccounted data may have been transferred to the MSEB’s (state electricity board) server from a foreign server.

However, he did not name the country from where the data may have been transferred.

Deshmukh’s comments came in the wake of the US-based company Recorded Future’s report which claimed that with the escalation of tensions along the Line of Actual Control in Eastern Ladakh last year, a group of hackers linked to the Chinese government “targeted” India’s critical power grid system through malware.

The report wondered whether the massive power outage in the financial capital was a result of the online intrusion, but said a link between the two remains “unsubstantiated”.

On October 12, a grid failure in Mumbai resulted in a massive power outage, stopping trains on tracks, hampering those working from home amidst the COVID-19 pandemic and hitting the economic activity hard.

Deshmukh also referred to a related news report in the New York Times as he spoke to the media.

The Cyber Cell’s report into the outage, prepared with the help of electricity department experts, was handed over to Raut on Monday evening.

“We had a discussion with our colleague Raut about examining if there was any such possibility (of cyber-sabotage) after the power failure in Mumbai. The Maharashtra Cyber Cell analysed the Supervisory Control and Data Acquisition System (of the MSEB). In its analysis, the cell has mentioned the possibility of cyber sabotage,” Deshmukh said.

The home minister said the Cyber Cell’s report mentions that 14 Trojan horses (a kind of malware) may have been introduced into the MSEB’s server. “Secondly, 8 GB unaccounted data may have been transferred into the MSEBs server from a foreign server,” he said.

Thirdly, the cell also hinted at a possibility of attempts being made to log into the MSEB server through “several blacklisted IP addresses”, Deshmukh added.

“So, from the findings of the Cyber Crime department and electricity department experts, it seems that the October 12 blackout could have been due to it (sabotage),” he said.

The home minister said the preliminary report will be further studied.

On his part, Raut said he will comment on the issue after studying the report.

“I will speak on this in the legislature (which is having its budget session),” he added.

Earlier on Monday, the energy minister had said that from the information he had, the outage was caused by a “cyber attack” and it was an act of sabotage.

Responding to the NYT report, the power ministry said, “There is no impact on any of the functionalities carried out by POSOCO due to the referred threat. No data breach/ data loss has been detected due to these incidents.”

It further said, “Prompt actions are being taken by the CISOs (chief information security officers) at all these control centres under operation by POSOCO for any incident/advisory received from various agencies like CERT-in, NCIIPC, CERT-Trans etc.”

The Chinese government denied the report’s findings, with its foreign ministry spokesperson saying that the country is “a staunch defender of cyber security” and it “opposes and cracks down on all forms of cyber attacks”.

What did the report say?

Recorded Future’s report said that RedEcho, a group of Chinses state-backed hackers, had targeted ten distinct Indian power sector organisations, including four of the five regional load despatch centres (RLDC) which are responsible for the operation of the power grid through balancing electricity supply and demand. Two Indian seaports were also targeted.

According to the report, the targeting of critical infrastructure through malware offers “limited economic espionage opportunities” but poses “significant concerns” over potential “pre-positioning of network access to support Chinese strategic objectives”.

Pre-positioning on energy assets may support several potential outcomes, including geostrategic signalling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation, Recorded Future said.

The outage in Mumbai could have been a “show of force”, meant to warn India of what could happen if it pursued its border claims vigorously, Recorded Future said.