INDIA’S POWER GRIDS UNDER THREAT OF CYBER ATTACKS
People’s Liberation Army (PLA) had a specialised unit comprising cyber “warriors” whose only job, during war, was to sabotage the critical infrastructure of the enemy country. In November 2014, the United States had charged five Chinese military officers—who were a part of PLA Unit 61398 based in Shanghai—of cyber attacks on US assets. Recent assessments by US agencies show that many similar units, in fact much more sophisticated, have been set up by China.
In December 2019, as part of the US National Defense Authorization Act 2020, the Securing Energy Infrastructure Act was enacted by the US government with the aim to establish a two-year pilot programme to identify security vulnerabilities of certain entities in the energy sector.
The bill was brought by US Senators to “remove vulnerabilities that could allow hackers to access the energy grid through holes in digital software systems”.
This pilot programme will examine ways to replace automated systems with low-tech redundancies, like manual procedures controlled by human operators, thereby thwarting even the “most sophisticated cyberadversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyberattacks much more difficult”.
In effect, to secure its critical national infrastructure, especially power grids and to stop them from being manipulated or hacked, the US government is now going back to the tried and tested method of analogue and manual systems to operate these power grids. As a result of this, the control systems of the power grids will be isolated from the internet and for any foreign power to manipulate the system they would have to be present at the power grid site physically.
The Senators, who brought the bill, stated that their legislation was inspired in part by Ukraine’s experience in 2015, “when a sophisticated cyber-attack on that country’s power grid led to more than 225,000 people being left in the dark. The attack could have been worse if not for the fact that Ukraine relies on manual technology to operate its grid”.
However, the other more urgent reason for bringing such an Act, was the immediate and clear threat posed by China.
In its annual worldwide threat assessment report, the Office of the Director of National Intelligence, US, which was tabled in the Senate in January 2019, had given a detailed insight into the cyber threat posed by China.
The report said that China now had the capability to successfully target critical infrastructure, such as the electric grid and cause “temporary disruptive effects”.
“China presents a persistent cyber espionage threat and a growing attack threat to our core military and critical infrastructure systems. China remains the most active strategic competitor responsible for cyber espionage against the US government, corporations, and allies. It is improving its cyber attack capabilities and altering information online, shaping Chinese views and potentially the views of US citizens—an issue we discuss in greater detail in the Online Influence Operations and Election Interference section of this report. Beijing will authorize cyber espionage against key US technology sectors when doing so addresses a significant national security or economic goal not achievable through other means. We are also concerned about the potential for Chinese intelligence and security services to use Chinese information technology firms as routine and systemic espionage platforms against the United States and allies. China has the ability to launch cyber attacks that cause localized, temporary disruptive effects on critical infrastructure—such as disruption of a natural gas pipeline for days to weeks—in the United States,” the relevant part of the report stated.