According to Recorded Future, in early April 2022 alleged Chinese state cyber actors attempted to gain unauthorized access into seven power grid hubs in north India threatening the supply of electric power.  The company published a report saying it had found evidence that over the course of several months at least seven state load dispatch centers (SLDC) and a subsidiary of a multinational logistics company had been targeted by a China-linked group the company dubbed TAG-38. SLDCs are important to energy operations as they are responsible for real-time processes for grid control and electricity dispatch within these regions of India. India’s Minister of Power confirmed that at least two unsuccessful attempts targeted electricity distribution centers near Ladakh.

This recent activity is the second time suspected Chinese actors have focused on compromising India’s power grid.  In March 2021, another Chinese cyber campaign dubbed “RedEcho” targeted ten Indian entities involved in power generation, transmission, and distribution. This included four out of five of India’s Regional Load Dispatch Centers, key entities responsible for operating India’s power grid. In October 2020, Mumbai suffered a power outage initially suspected of being a cyber attack, though the official position was that “human error” was at fault, despite some Indian official acknowledgement that “some cyber attacks” occurred in India’s northern and southern load dispatch centers, though none impacted operations. China was not linked to that incident though some speculate its culpability.  Later, a June 2021 China-linked cyber espionage campaign dubbed “RedFoxtrot” exploited other India critical infrastructure entities (e.g., telecommunications and government agencies) but did not include those in the energy sector.

These cyber incidents have occurred surrounding increased tensions over a 2,100-mile border dispute between Beijing and New Delhi.  A longstanding problem that has been ongoing since 1914 with a brief military skirmish transpiring between the two sides in 1960, hostilities escalated in May 2020, with another military clash occurring in June 2020resulting in the death of soldiers for both sides. Since that time, Beijing and New Delhi have been engaged bilaterally, with the 15th round of border talks occurring in mid-March 2022 that failed to resolve differences along the Line of Actual Control (LAC) that serves as demarcation between India-controlled and China-controlled territory.

The frequent targeting of India’s energy stakeholders is a disconcerting turn of events and underscores the increasing interest of nation states’ willingness to target critical infrastructure for their own advantage. A recent report from Dragos identified at least 10 nation state actors actively targeting critical infrastructure, and specifically, energy organizations. And while it is feasible that at least some state-driven activity against these important civilian assets is for espionage purposes and intelligence collection, gaining and sustaining access to be used later for more nefarious purposes seems the more likely motivation.  A brief review of some of the more noteworthy, suspected state cyber attacks against energy organizations bolsters this assertion revealing that geopolitical events are the likely catalysts for disruptive cyber attacks against these critical systems.  Notable examples include Russian state actors recent attacks against Ukraine’s grid (as well as those in 2015), suspected Iranian cyber operators targeting of Saudi Arabia’s Saudi Aramco oil company in 2017, and North Korean state hackers’ cyber malfeasance against South Korea’s hydroelectric company in 2014.

Reviewing China’s ongoing interest in exploiting Indian energy organizations appears to be similarly motivated by geopolitical considerations rooted in the territorial dispute as well as other strategic Indian objectives. The access gained in these energy targets would facilitate China’s ability to inflict pain on India, particularly when its southern neighbor does not abide by Beijing’s wishes. Viewed from this perspective, the October 2020 Mumbai power outage begs closer re-examination, particularly coming so close on the heels of the May 2020 activities on the LAC.  The fact that the two sides remain deadlocked after 15 iterative meetings on the subject suggests India may experience more energy issues the longer a resolution remains elusory.

An additional point of contention for Beijing is the United States and India’s pledge to strengthen military cooperation in the Indo-Pacific.  Such a move strengthening ties between the world’s two largest democracies clearly threatens Beijing’s stature of regional leader. This is an unsettling turn of events for China who is aggressively shoring up its dominance in the Asia-Pacific for the purposes of establishing itself globally as a political/economic alternative to the United States. Currently, China and India remain top trading partners, a symbiotic relationship that benefits both when they are not at odds with one another.  Indeed, despite their border conflict, bilateral trade increased to approximately USD 32 billion the first quarter of 2022.  Therefore it makes perfect sense that China wants to normalize ties with India as soon as possible.  Preserving its relationship with India may be as important as trying to reclaim Taiwan, as this would support its global strategic objectives.

However, it is difficult for Beijing to realize global aspirations if it hasn’t even solidified its position as regional influencer, which is why the India situation is one in which Beijing must have an array of possible options at its disposal. Political and economic engagement are strong preferences, but the ability to initiate a series of strategic power outages and energy disruptions to bring a China-favorable resolution to the forefront is an equally enticing substitute. For the time being, it appears that Beijing is content to let diplomatic engagement be the preferred course of action, but for how long may depend on how similar territory disputes like the one in Ukraine come to resolution.  In the end, mutual economic benefit may be the carrot Beijing dangles before New Delhi, but disruptive cyber attacks are the coercive stick that might help nudge it in the right direction.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community