On October 12, Mumbai was crippled with a power outage that caused chaos and disturbance in the daily business.
It was considered to be a technical failure at a power sub-station; however, the latest reports suggest this could well be an effect of a cyberattack on the power grid.
Mumbai, the financial capital of India, is known to have an almost uninterrupted power supply. The city has more power consumption than demand but is able to cope with the load, throughout the year. Yet, Mumbaikars faced their worst nightmare on October 12, which caused chaos and disturbance in daily business as it was the first working day of the week. Even the stock market and local trains came to a halt for some time.
Soon the local electricity board relayed messages across social media platforms and official websites stating that the massive outage was due to cascaded tripping at a substation of state-run transmission company MSETCL. This meant the entire Mumbai Metropolitan Region (MMR) that includes Mumbai, Navi Mumbai, and Thane were cut-off completely.
Theoretically, getting the power grid up at full capacity from zero watts was not possible as it would have blown off the circuit lines. Thus, the restoration was done in a phased manner and was complete only by late afternoon. A city that boasts of being unstoppable came to a grinding halt.
The October incident was swept under the rug as a one-off occurrence; however, a committee was set up to investigate and avert similar grid failures in the future. After a month-long probe, the latest reports suggest this was not just a technical failure but could well be an effect of a targeted cyberattack on the power grid.
Why is it being called a Cyberattack?
As per a local daily Mumbai Mirror, multiple suspicious logins into the servers connected to the power grid’s sub-station have been logged from accounts operating from Singapore and other south Asian countries. A senior minister from the state cabinet said that this was not a “small issue” as the number of DoS and IP Hijacking attacks have already seen a sharp rise in recent months.
A report suggested that the growing geopolitical tension with its neighbor China, resulted in more than 40,000 such attacks on critical Industrial Control Systems (ICS) and banking systems alone in the month of June.
Not the First Time
This is not the first time that a national power grid has been targeted by a cyberattack. In 2016, Ukraine’s national electric grid was also targeted, which the investigators claimed was carried out by Russian state-sponsored threat actors. A malware, dubbed as “Crash Override” or “Industroyer” (which was also used in the first known act of a Cyberwar – the Stuxnet attack), was supposedly used to trigger this attack. Experts said that the malware used in the Ukrainian attack was sophisticated enough to cause power outages of a few days in portions of the national grid.
A similar instance was recorded in India last year, a few thousand kilometers down south from Mumbai in the Kundankulam Nuclear Power Plant (KKNPP). The cyberattack on the internal systems of the nuclear power plant reportedly compromised a certain set of data that could be used in future attacks. However, the attackers could not penetrate the entire network as the core network was isolated from the rest. This was an important lesson to learn as opposed to what happened in Stuxnet, where the entire network came down in one go.
How to Protect Critical Infrastructure
So, amid the rising attacks on ICS, here is a list of things that can help prevent or at least control damages that take place from these targeted attacks:
- Create air-gapped or isolated networks. Although this is not full proof, it helps in controlling the spread.
- Maintain privileged access control. Design a role-based access control (RBAC) to all the systems and grant limited access as per the employee’s roles, because the majority of times it is the humans who falter and not the systems.
- Reduce the attack surface by locking down all the unused ports and services. Allow only real-time connectivity to external networks which will make it easier to monitor traffic.
- Ensure patch management. Keep all your systems updated and patched with the latest updates to defer the latest attack vectors.
About the Author
Mihir Bagwe is a Tech Writer and part of the editorial team at CISO MAG. He writes news features, technical blogs, and conducts interviews on latest cybersecurity technologies and trends.