India is mulling a new strategy to strengthen the country’s cybersecurity after a report released by a United States-based firm suggested a Chinese cyber campaign targeted India’s power grid, resulting in a power blackout that brought India’s financial capital Mumbai to a standstill in October, Bloomberg reported on Monday.

The Ministry of Power had confirmed that it was aware of the Chinese cyber campaign to use malware to target India’s power network. However, it said that there was no no data breach due to the incidents.

Speaking about India’s cybersecurity strategy, National Cyber Security Coordinator Rajesh Pant told Bloomberg that the plan will coordinate responses from various ministries, including defense, home affairs and information technology, and the National Critical Information Infrastructure Protection Centre in case of an attack and set audit procedures. The strategy will be approved by a Cabinet committee headed by Prime Minister Narendra Modi.

Pant said that the new strategy will lay down protocols to prevent and audit to secure the government’s digitally-connected education, water and health systems that are all being treated as critical infrastructure. “In my view, if internet-connected computers are infected by malware, I won’t say it’s an attack but an infection unless it jumps from IT systems to other operating systems,” Pant said. “It’s like a crank caller. Can you stop someone from dialing your number?”

The cybersecurity chief said that authorities were investigating a series of recent suspected cyber intrusions that could have resulted in the power outage in Mumbai, affected systems at banks and also led to a glitch at the National Stock Exchange. “We also want to know what happened,” said Pant, a former lieutenant general.

US firm’s report

The report by private cybersecurity firm Recorded Future had suggested that there was a link between the Galwan valley clash in June and the power outage in Mumbai. Indian media had reported that authorities suspected that a malware attack had caused the outage.

On October 12, a grid failure in Mumbai resulted in massive power outage and brought India’s financial capital to a standstill. It stopped trains, froze the stock exchange, and affected treatment of coronavirus patients during the pandemic. It took around two hours for the power supply to resume for essential services.

Recorded Future claimed that “Red Echo”, a group sponsored by the Chinese state, was behind the online intrusion. The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis, its report said.

The US cybersecurity firm’s Chief Operating Officer Stuart Solomon told The New York Times that the Chinese group had been seen to systematically use advanced cyber intrusion techniques to “quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure”.

According to The New York Times, Recorded Future sent its findings to the Computer Emergency Response Team in India. The agency, which is part of the Ministry of Electronics and Information Technology, deals with cyber security threats.

The agency acknowledged twice that it had received the information, but said nothing about whether it had also uncovered Chinese code in India’s power grid, according to the newspaper.