Mumbai blackout serves as cybersecurity alert for region

Mumbai blackout serves as cybersecurity alert for region


Four months after Chinese and Indian troops fought with fists and stones on the remote Himalayan frontier, the lights went out for the 20 million people of Mumbai, India.

On the morning of October 12, 2020, the trains stopped running, the stock market closed, and hospitals switched to generators to keep ventilators running as the COVID-19 pandemic raged, The New York Times newspaper reported. Now, a study by a U.S. cybersecurity firm gives credence to the theory that the events on the China-India border and in Mumbai were linked.

The two-hour Mumbai blackout was caused by a broad Chinese cyber campaign timed to send a message to India to back off from the border confrontation, according to the March 2021 study by Recorded Future. The firm reported that Chinese malware flowed into the control systems that manage India’s power grid as the border standoff dragged on. (Pictured: A mother and daughter light a candle inside their house during a power outage in Mumbai, India, in October 2020.)

Although they didn’t single out the People’s Republic of China (PRC) as the source of the blackout, officials from the Indian state of Maharashtra issued a March 1, 2021, report agreeing that cyber intrusion led to the outage.

“A well-known American company has said that maybe it was the Chinese who could have introduced the malware. … Our finding was that some foreign companies were indulging in the malware,” Maharashtra Home Minister Anil Deshmukh said, according to a report by the India Today television network.

India’s experience with hackers reveals the PRC isn’t the sole aggressor. North Korea-based hackers in September 2019 stole technological data when they penetrated the Kudankulam nuclear power plant in India. The hack is believed to be the work of the Lazarus group, a criminal enterprise that also targeted agencies linked to the Indian Space Research Organisation, according to a November 2019 report in The Times of India newspaper.

India’s National Stock Exchange also was targeted in 2015 by a Chinese hacking group dubbed Suckfly, according to the cybersecurity firm Symantec. The IP addresses for Suckfly, which also targeted South Korean companies, originated in Chengdu, China, Symantec reported.

The repeated intrusions serve as a warning to other Indo-Pacific nations that cybersecurity should be a top priority for defense planners. Elli-Katharina Pohlkamp, a visiting fellow at the European Council on Foreign Relations, said the Mumbai blackout provides evidence that cybersecurity should be a pillar of Europe’s Indo-Pacific strategy.

The Chinese Communist Party “has placed its plans in science, technology and innovation before all other sectors for the first time in its history,” Pohlkamp wrote in March 2021 on the council’s website. “This is a clear sign that cyber espionage will remain a centerpiece of China’s strategy to achieve these goals and to improve its offensive capabilities. The blackout in Mumbai suggests that China is not only capable but also willing to use that power against others.”