Maharashtra's Energy Minister Nitin Raut in a statement on Wednesday, 3 March, reiterated that the Mumbai power outage on 12 October 2020, which disrupted local trains, hospitals, and the stock exchange was a cyber attack, as per the findings of a Maharashtra Cyber Cell report.
Speaking in the Assembly, Raut clarified that at around 10:05 am 400 KV of power supply was disrupted due to power outages and low Embedded Generation in Mumbai. The disruption paralysed life in the city for few hours.
He added, "The state government took serious note of the matter and set up a technical committee under the power department to probe the incident. The committee consisted of expert professors from IIT Mumbai, VNIT Nagpur, VJTI Mumbai as well as senior technical officers from the Department of Energy.”
“In addition, the Central Electricity Authority (CEA) of the Government of India appointed an expert committee on 12 October 2020. The Maharashtra Electricity Regulatory Commission (MERC) also appointed an expert committee,” Raut said.
He had also requested the Home Department to inquire into the matter from the Maharashtra Cyber Cell as he suspected that the incident might be an attempt of sabotage.
Subsequently, a report by the Senior Inspector General of Police, Maharashtra Cyber Cell was submitted to the government on 1 March 2021.
What Did the Report Say?
The findings of the report stated that an attempt was made to discontinue electricity supply by introducing 14 Trojan horses, known as destructive programs, in the computer system of Maharashtra State Electricity Transmission Company Limited (MSETCL).
The Trojan horses have carried out similar cyber-attacks in a few countries in the past and they easily entered into the firewall of the server of IT and OT servers important for the power supply.
Suspected destructive codes and software programs that can damage the cyber security ecosystem and composition method were found in the server firewall of Kalwa’s State Load Dispatch Centre (SLDC).
The IT system was alarmed thrice, but each alarm was overlooked as it was less than one minute long. This is an indication of a cyber-attack, the report noted.
The SLDC cyber server had also been logged in by foreign and especially suspected and blacklisted internet protocol (IP) addresses.
The report added that a well-known credit rating agency certified that these IP addresses are suspected and destructive in nature. Multiple hacking and system damaging attempts were also found.
To interrupt the power supply, attempts to transfer or upload 8GB data in the SLDC server through the suspected and destructive IP addresses were found in the investigation.
Cyber Cell’s Recommendations
In line with these findings, Raut said that the cyber cell made several important recommendations, such as separating the IT and OT Design (Information Technology and Operational Technology) infrastructure, password management, updating the web application security systems, updating the IT and OT design, empowering the SLDC system etc.
The state government has also received the reports of other committees mentioned above in connection with the power outage in October. They recommended empowering the transmission system in Mumbai, adopting state-of-the-art technology, among others.
The recommendations made by all the above committees will be thoroughly studied and short-term and long-term measures will be adopted.
The measures will include modernisation of SLDC, strengthening the Mumbai Islanding system, setting up of 400KV substation at Vikhroli, substantial increase in EMBEDDED power generation in Mumbai, generating additional 1000 MW power through HVDC at Kudus-Aarey for Mumbai Metropolitan Region (MMR), increase in gas-based power generation capacity at Uran, near Mumbai.
Raut assured the House that steps to thwart these incidents in the future will be taken by the department. He also went on to say that 24 hours of quality and adequate power supply will be available for the Mumbai metropolis.
The China Angle: An Attempt to Threaten India?
The power outage has also come under speculation after a study by an intelligence provider for enterprise security, Recorded Future, claimed to reveal details of “a cyber campaign conducted by a China-linked group, named RedEcho.”
While the Union Power Minister RK Singh said that there was no evidence that China carried out this attack, many still believe the outage to be China’s attempt to threaten India amid the ongoing stand-off between the two nations.
The Maharashtra government also launched a probe into the matter, the findings of which can be accessed here.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)