Cyber safety is too vital to be caught napping on

The public revelation of a China-backed cyberattack’s likely role in Mumbai’s electricity blackout on 12 October last year has revived worries across India over the vulnerability of key installations, a lazily-aimed security focus on Chinese apps, and national laxity in a theatre of hostility where we had assumed some prowess, thanks to Indian exploits in the sphere of information technology. To assure us of the government’s alertness, the Union power ministry admitted that a Chinese hacker group called Red Echo had repeatedly targeted the control rooms of Power System Operation Corp. Ltd (Posoco), but flatly denied it had any role in Mumbai’s outage. By the Centre’s claim, Red Echo failed to hack the state-run grid operator’s computer systems and no breach of data took place. The ministry said it was alerted by the Indian Computer Emergency Response Team, a cybersecurity agency, of a malware threat to Posoco on 19 November. It was not until 12 February that our National Critical Information Infrastructure Protection Centre informed the ministry of Chinese attempts to disrupt domestic power supply. All this was long after—almost aeons on an ‘internet time’ scale—our commercial capital was paralysed by what was probably a Chinese e-salvo fired in the wake of Ladakh’s border scuffle and resultant tensions, as a US-based cybersecurity firm Recorded Future claimed.