by
Austin BayMarch 2, 2021
Let's start with relevant facts. Mumbai is India's largest city (20 million residents), its major financial center (India's central bank is located there) and the capital of the state of Maharashtra, a financial powerhouse unto itself.
Those facts alone make Mumbai a target for any group seeking to weaken India, much less wage war on India. For example, damaging a financial hub exacts immediate and long-term economic costs.
That's why Pakistani-backed Islamic terrorists have launched several attacks on the city. In 2006, terrorists blew up packed commuter trains. In November 2008, an Islamic terrorist assault team attacked Mumbai and murdered 166 people.
Here are some newer facts only Big Lie propagandists would dispute, but there are a lot of those snakes around: At 10 a.m. on Oct. 12, Mumbai suffered a massive electrical power outage. Local trains stopped, stranding passengers. Cellphone service crashed. India's bond market was disrupted during peak trading hours. Some neighborhoods lost power for over 12 hours. Indian media called the outage Mumbai's "worst in decades." And it was.
In November, India Today reported that Maharashtra's cyber department believed a malware attack could have caused the crippling outage. "Could have" is speculation, not fact. However, technical experts found indications of attempted cyber intrusions on digital devices controlling Mumbai's grid.
On Feb. 28, The New York Times reported Recorded Future, a Massachusetts-based company that -- get this anodyne description -- "studies the use of the internet by state actors," had discovered Chinese malware "flowing into the control systems that manage electric supply across India" and elsewhere in the electrical production and transmission system.
Caveat: Because Recorded Future could not get inside India's complex power grid, its experts could not examine the malware's details.
A further qualification: On March 2, IndiaTimes.com reported that India's Union power minister, R.K. Singh, said there is no evidence a cyberattack caused Mumbai's blackout. The power ministry believed human error caused the outage, not cyberattacks by China or Pakistan.
New caveat: The ministry agreed there were attempted cyberattacks on India's northern and southern region electric control centers, but the malware did not reach the operating systems.
Additional caveat of confusion: On March 1, Maharashtra's home minister, Anil Deshmukh, claimed that the Mumbai power outage in October 2020 was a cyber-sabotage attempt.
Observation: In democratic nations, national and state governments/politicians frequently contradict one another because they really don't know. I offer Dr. Anthony Fauci as an example of a politician who contradicts himself.
Bottom-line fact: The Sino-Indian War of 1962 is still unresolved. In 2020, Indian and Chinese military forces repeatedly squared off in the Himalayas. During one 2020 military confrontation in the Galwan Valley, Maharashtra state authorities noticed an increase in Chinese attempts to penetrate its power grid.
Bottom-line fact: Chinese-sourced malware entered the Indian digital network associated with the electrical power grid.
Bottom-line intelligence assessment: Confirming presence doesn't confirm an attack that succeeded in gaining control of the power grid, but it does confirm direct threat to attack, direct capability to attack and, in my opinion, the intent to attack.
I've framed this column not as an opinion essay but as an intelligence assessment moving toward an operational assessment. Why did I do this? American citizens need to understand the threats they and American allies face on a daily basis -- from a vicious, advantage-seeking enemy.
The ability to cause blackouts in an enemy country -- and, make no mistake, communist China regards the U.S. as THE enemy country -- is a gray-area warfare capability. "Gray area" means the attacker conducts attacks that are designed to be uncertain and deniable.
The October Mumbai blackout perfectly fits the uncertain and deniable criteria.
A digital attack doesn't leave shell craters or humans dead -- at least not in the same overt sense as a bomb raid. But the contingent lethality of a cyberattack is real; a sustained digital attack erodes morale and economic and defensive capabilities.
