In May 2020, a dispute between China and India along a 2,100-mile-long border prompted both governments to send military missions into the area. A June 2020 clash in the Galwan Valley ultimately resulted in the death of soldiers from both sides. Since 1914, sovereignty in the area in question has been in question, with a brief military action transpiring in 1962. China has long been engaged in trying to claim disputed maritime areas such as in the South China Sea, and appears to be replicating this strategy on the land as well. According to one source , China has been building new villages in disputed borderlands to strengthen its position as rightful owners of these areas. If the South China Seas is any indication, Beijing will likely start to build military installations in order to solidify its control.
India’s presence along the Himalayas is a constant thorn in China’s side. In addition to the border dispute, throughout 2020, India limited China’s investment in India and permanently banned 59 Chinese applications, calling them “prejudicial” and infringing on India’s sovereignty, integrity, and national security. Beijing did not retaliate in a similar tit-for-tat response, which may have been due to China surpassing the United States as India’s primary trading partner in 2020. Instead, Beijing may have turned to the cyber domain to register its displeasure at India’s bold actions.
China is one of the most pervasive nation-state level cyber threats, executing extensive global cyber espionage campaigns that have targeted all industries. These efforts have yielded substantial volumes of stolen intellectual property, personal information, and sensitive government-related data, and have targeted high-profile organizations. After years of U.S. government inaction to deter Chinese cyber operations, Beijing’s audacious exploits finally resulted in the U.S. Department of Justice indicting Chinese nationals, as well as intelligence and military actors for perpetrating these activities. It had been long accepted that China saw the cyberspace domain for information-gathering, looking to steal the type of data that supported its strategic and economic interests and national security priorities. While any successful entry into a network could be used to execute disruptive or destructive attacks, China has preferred to exploit targets. After all, Beijing has always declared that it would never strike first in a nuclear sense, a strategy that it seemed to have carried over into the cyber realm.
However, recent tensions between Beijing and New Delhi may have revealed a change in this position. According to a computer security report, Chinese state-sponsored cyber operations dubbed “RedEcho” targeted ten Indian entities involved in power generation, transmission, and distribution, as well as two ports. More importantly, four out of five of India’s Regional Load Dispatch Centers, entities responsible for operating the India’s power grid, were targeted. Researchers observed activity in October 2020, with a subsequent power outage in Mumbai mid-October.
Although a government official later asserted that human error was the result of the outage and not the result of any direct cyber attack, he did acknowledge that “some cyber attacks” did transpire in India’s northern and southern load dispatch centers, though no malware impacted operating systems.
As a result of RedEcho activity, India appears to be taking a page from the United States playbook. New Delhi’s new policy has made it more difficult for Chinese tech companies to do business in India by requiring its telecoms to consider “national security” implications and obtain material from trusted sources only.
An “enduring rivalry” characterizes the China-India relationship. In addition to territorial and maritime disputes, the two compete for strategic influence in South Asia. Therefore, frequent Chinese cyber operations victimization of India is unsurprising. Per a 2018 report to India’s National Security Council Secretariat, 35 percent of cyber attacks India suffered were attributed to China. Like Chinese targeting of other countries, the main goal of these activities was to gain access to sensitive government and private sector information. However, as China continues to shed its “peaceful rise” narrative, it seems to be adopting a more aggressive stance in cyberspace. This is worrisome as Beijing is following the steps of two of its allies and antagonists of Western interests – Iran and Russia. Both governments have been linked to disruptive cyber activity targeting civilian infrastructure: Russia’s 2015 of Ukraine’s power grid, and current ongoing Iranian cyber attacks against Israeli water facilities.
While it remains to be seen if China directly inflicted the Mumbai power outage, it did not execute any disruptive attacks into India’s regional power stations, although the access it obtained could have facilitated them. The selection of energy infrastructure targets, particularly those that help manage the supply and demand of energy use, indicates target selection for a far more nefarious purpose.
This is not to say that an attack was imminent; states compromise high-value targets like energy organizations with the strategic intent of gaining and sustaining access. And that certainly seems to be the case here, serving as a digital “shot across the bow” to warn India to get back in line or else be at risk for a power shutdown. Framed in that perspective, it does beg the question: was China’s hand wasn’t behind that switch-pull in Mumbai as a show of capability, and future intent?
Nation state targeting of civilian critical infrastructure has generally been considered off-limits by governments, though it appears that this approach is changing. The aforementioned attacks against Ukraine and Israel, in addition to the suspected 2010 joint Israeli-U.S. Stuxnet incident, certainly suggest that states are willing to push the boundaries when it suits their interests. Worse, none of these offenders have suffered a repercussion severe enough to deter them from future targeting of civilian critical infrastructure.
Both Iran and Russia have repeatedly conducted attacks against these types of targets, and they will likely continue to do as long as it serves their interests. Now, it appears that China has joined this group as well. Failing to check bad behavior appropriately has unfortunately created a tacitly permissive environment for these actors to operate within.
Cyber attacks against the civilian space during times of geopolitical tension short of armed conflict risk becoming “acceptable” as long as human casualties aren’t immediately and directly caused by them. This should be a concern to all, as it creates a slippery slope that could result in quick escalation, particularly between two prominent cyber actors. The United States has identified critical infrastructure protection as vital to U.S. security, therefore it needs to update its national cybersecurity strategy to reflect the realities of the nature of the critical infrastructure attacks that are occurring around the world.
Given the increasing probing attacks occurring within its own critical infrastructure sectors, the U.S. mantra of “reserving the right to strike back at a time and place of its choosing” may no longer the punitive threat it may have once seemed.