China’s Mumbai Cyber Attack: Using Fear As A Tool for Diplomatic Strong-arming

By Bhavdeep Modi (Research Manager, Red Lantern Analytica and Post-graduate Student, JSIA, India)

The Galwan clash between India and China in June 2020, and the subsequent 4 months that saw it turn into a border clash, had academics making different predictions. One of the common themes amongst such views was the possibility of an increase in cyber-attacks against New Delhi at the hands of Beijing.In October 2020, we saw a power outage in Mumbai that led to the stock market being closed, trains being shut down and hospitals turning on emergency generators to keep the ventilators working.

Just recently, on the 28th of February 2021, David E. Sanger argued in a piece for The New York Times that “a new study lends weight to the idea that those two events may well have been connected — as part of a broad Chinese cyber campaign against India’s power grid, timed to send a message that if India pressed its claims too hard, the lights could go out across the country.”

While cyber-attacks originating from China is not a new phenomenon, it certainly should ring alarm bells due to the peculiar nature and protocol with which this attack was carried out. It should also force the government and the policymakers to pivot their attention to the increasing threats that India is facing in its cyberspace. Even though the LAC issue has been resolved for now, such instances call for a stronger threat perception coupled with timely policy decisions to strengthen our cyberspace.

The Cyber-attack on Mumbai: How India Responded

Mumbai reported a power outage in the city on October 12, 2020. At that time, various media reports suggested that the outage could have been a result of a cyber-attack by a foreign entity. While the Maharashtra government has admitted to the outage as a result of Chinese intrusion into our cyberspace, the Union Power Ministry has stated that they don’t have any evidence which supports this claim and instead, attributed it to a “human error”.

Now, even though the two claims by the Indian government and the Maharashtra government stand in contrast to each other, the Union Power Minister RK Singh did admit that some sort of a cyber-attack was indeed carried out at that time, though it was not related to the power outage. He further stated that China would definitely deny carrying out such an attack. Despite such a statement that didn’t explicitly call out China for the attack, it does not absolve the possibility of the same.The report published by the US-based group Recorded Future has claimed that the outage was indeed caused by the Chinese group, RedEcho. The report reasons that the tactics, techniques, and procedures (TTPs) used in the attack are common to Chinese state-sponsored groups, thus, supporting their claim. Thefindings of the report, before being published, were also sent to the Computer Emergency Response Team-India (CERT-In). The Maharashtra government has already launched aninquiry into the same, the report of which is expected soon.

One of the reasons for the Indian government not acknowledging the attack could be to prevent the diplomatic talks between the two Foreign Ministers from falling apart, which have ultimately led to the scaling back of forces by both sides. But, the threat to India’s critical infrastructure at the hands of Chinese state-backed groups cannot be ignored. While the responses have been varied, it would be safe to argue that the threat of Chinese cyber-attacks against Indian critical infrastructure looms large. It would be only reasonable to employ a stronger threat perception to pre-empt such attacks.

China Using Cyber-Attacks as a Tool of Fear

What New Delhi should pay more attention to is that these cyber-attacks are a part of a larger Chinese effort to undermine the Indian state. It needs to be noted here that such efforts gain a higher density when both the countries are involved in a conflict. It allows the Chinese state to gain leverage against its opponent, thus combining a psychological approach along with aggressive diplomatic tactics. As reported in June last year, Chinese state-sponsored cyber-attacks against India increased by 200%. This happened in the aftermath of the Galwan clash, which begs the question “did Beijing increase its cyber aggressiveness against New Delhi to gain political leverage?”.

The past few months have demonstrated China’s shift from “information theft” to more aggressive cyber-attacks aimed at being used as a diplomatic tool or strategic messaging to opponents. It is aimed at being used as a tool of fear. Now one might wonder how this mechanism works.

According to the report published by The Recorded Future, China, while carrying out this cyber-attack on the Mumbai power-grid, placed codes to induce a malware called ShadowPad. Now, these codes can be easily identified and their source/origin can be easily found out.ShadowPad serves as a backdoor access tool. As mentioned earlier, the TTPs used in the attack were very similar to various other Chinese state-backed cyber groups involves in carrying out attacks of distinct types.

Then why would a group risk being identified by placing such decipherable codes? This is where the opinions of various Indian cyber experts need to be noted with utmost sincerity. Lt. General DS Hooda, an army veteran and cyberexpert, stated that “it’s like sending a warning to India that this capability exists with us (China)”. This power outage happened at a time when the LAC clash was at its peak and efforts were being made from both sides to find a peaceful resolution to the issue. Similarly, Vineet Kumar, President of the Cyber Peace Foundation, while talking about China’s intentions, stated that “one of the intentions seems to be power projection”.

Thus, a rational deduction that can be made based on such assertions is that China is using its aggressive cyber capabilities to subtly threaten India. The underlying motive? Stop pressing your border claims so hard, else millions will suffer. It is a lethal combination of power projection combined with the usage of fear psychosis to assert itself as a hegemon. China’s ‘grand strategy’ rests on the premise that it sees itself as a challenger to the US-led World Order and understands India as a regional challenger to its supremacy. Hence, the aggressiveness.

Lessons for India & The Way Forward

The fact that India has witnessed a huge spike in cyber-attacks from Chinese state-sponsored attacks for information theft as well as attacks on critical infrastructure, calls for taking a step back and identifying the fissures in the system is crucial. The first and the foremost issue that the Indian government should focus on is stronger threat perception about China’s actions around cyber-space. In a world where “data is the new oil”, India will need to ramp up its efforts in securing its cyber-space.

In this regard, the Indian Computer Emergency Response Team (CERT-In) and the National Critical Information Infrastructure Protection Centre (NCIIPC) should enhance their efforts to identify potential targets for Chinese cyber groups. It has been observed that Chinese cyber groups have targeted the critical infrastructure of various countries to gather classified information, thus threatening their national security. This power outage is just one example of China going an inch further by blowing off the lights of the biggest business hub of India, Mumbai. Naturally, securing the current critical infrastructure should be a key for India’s cybersecurity strategy in the future.

On a similar note, it is equally important to acknowledge that India is overflowing with Chinese hardware in the power and rail sectors. This has raised concerns in recent times, with military experts calling on the government to reduce dependence on Chinese hardware. The Indian government has already taken measures in this regard. For example, information technology contracts are being reviewed by the government, especially the ones with China. Economic decoupling from China, on the whole, has been underway since the Galwan clash. However, we’ll have to admit that a complete decoupling, especially reducing our dependence on Chinese hardware, will be an expensive task.

For this, the focus must be on PM Narendra Modi’s Atmanirbhar Bharat policy, where financial and research impetus can be provided to Indian firms involved in the production of critical hardware. While this may take some time, the time is ripe to make strides in this direction to achieve our long-term goals on the domestic as well as foreign fronts.

As for our actions in foreign policy, India should make efforts to step up its cyber diplomacy by partnering up with other countries in the domain of technology and cybersecurity. The US, of course, shall prove to be a natural partner in this regard. But, India should also look beyond the US to build its cyber-space capabilities. Japan, according to Anne-Leonore Dardenne for South Asia LSE, seems to be a country that India can have deep relations with for cybersecurity. Both countries share a common vision of free and secure cyberspace, and also are in favor of having a rules-based order. Australia, coincidentally, has also been on the receiving end of aggressive cyber-attacks by Chinese cyber groups. Needless to say, India can tap the QUAD to undertake stronger cyber diplomacy, since the issue has been stated as a common concern at the recently held QUAD Meeting of January 2021 after the Biden administration took over.

Thus, India should take this lesson from these instances that China can indulge itself in hybrid warfare to gain an upper-hand in conflicts, even if they are of limited capacity. It is a grey-zone that the government should appreciate and hence formulate a strategy accordingly. In the contemporary times, it is important that coordinated efforts are made in the cybersecurity sector. Understanding realities, having a clear chain-of-command and an explicit national security doctrine are a few measures that the government should undertake in order for India to be considered a credible technological power across the globe.

Sources
1. https://www.mha.gov.in/division_of_mha/cyber-and-information-security-cis-division
2. https://thewire.in/world/india-china-hackers-border-tension-power-grid-malware-recorded-future
3. https://www.indiatoday.in/india-today-insight/story/chinese-cyber-attack-why-maharashtra-should-worry-1774905-2021-03-02
4. https://www.thehindu.com/news/national/amidst-heightened-border-tension-chinese-hackers-targeted-indias-power-through-malware-us-firm/article33960990.ece
5. https://go.recordedfuture.com/redecho-insikt-group-report
6. https://www.cfr.org/blog/emergence-cyber-diplomacy-increasingly-post-liberal-cyberspace
7. https://www.hoover.org/sites/default/files/research/docs/segal_chinese_cyber_diplomacy.pdf
8. http://eprints.lse.ac.uk/90675/1/Dardenne_Cyber-security-Author.pdf
9. https://www.nytimes.com/2021/02/28/us/politics/china-india-hacking-electricity.html
10. https://www.firstpost.com/world/australia-hit-by-sophisticated-cyber-attacks-indian-firms-may-be-on-list-a-look-at-why-china-could-be-the-prime-suspect-8500151.html