India tacitly hits out at China, tells UNSC certain nations using cyberspace expertise to target others

India on Tuesday tacitly hit out at China and told the United Nations Security Council that certain nations were using expertise in cyberspace to attack critical infrastructure of other countries, including health and energy facilities.

“Some States are leveraging their expertise in cyberspace to achieve their political and security-related objectives and indulge in contemporary forms of cross-border terrorism,” Foreign Secretary Harsh Vardhan Shringla said. He was participating on behalf of the Government of India at the United Nations Security Council (UNSC) Open Debate on “Maintenance of International Peace and Security: Cyber Security”. He said that the world was already witnessing the use of cyber tools to compromise state security, through attacks on critical national infrastructure, including health and energy facilities.

His comment came amid reports of increasing cyberattacks from China on critical infrastructure of India, particularly after the relations between the two nations hit a new low over the military stand-off which started along the Line of Actual Control in eastern Ladakh in April-May 2020 and has not yet been resolved.

Reuters on March 1 quoted cyber intelligence firm Cyfirma to report that a Chinese hacking group APT10, also known as ‘Stone Panda’, had identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India (SII). It quoted the Cyfirma Chief Executive Officer Kumar Ritesh stating that the “real motivation” of the ‘Stone Panda’ was “exfiltrating intellectual property and getting competitive advantage over” pharmaceutical companies of India. The Recorded Future, another cyber security firm based in the US, also reported a few months back that Red Echo, another hacking group of China, had targeted the power grid of Mumbai and caused outage on October 12 last year.

The Ministry of Power of the Government of India stated that it had been warned by the National Critical Information Infrastructure Protection Centre (NCIIPC) on February 12 about the threat posed by China’s state-sponsored Red Echo group targeting power sector of India, particularly Regional Load Dispatch Centres (RLDCs) along with State Load Dispatch Centres (SLDCs) through a malware called Shadow Pad.

The Foreign Secretary said that cyberattacks by other nations sometimes disrupted social harmony through radicalisation. “Open societies have been particularly vulnerable to cyberattacks and disinformation campaigns,” he said, virtually addressing the UNSC.

He, however, did not directly refer to cybersecurity threats from China.

The Department of Telecommunications (DoT) of the Government of India last month gave its go-ahead to several firms to conduct a six-month-long trial of the 5G technology, but China’s Huawei and ZTE were kept out of it, apparently due to security concerns.

“The integrity and security of Information and Communication Technology products, which form the building blocks of cyber space, are being compromised,” the Foreign Secretary said. “There are widespread concerns that State and Non-State Actors are introducing vulnerabilities and harmful hidden functions, including through backdoor channels, into ICT networks and products. Such nefarious acts undermine trust and confidence in global ICT supply chains, compromise security and create potential flashpoints between States.”

Shringla also tacitly hit out at Pakistan, stating said that the world was witnessing a sophisticated use of cyberspace by terrorists around the world to broaden appeal, spread virulent propaganda, incite hatred and violence, recruit youth and raise funds.

“Terrorists have also used social media for planning and executing their terror attacks and wreaking havoc. As a victim of terrorism, India has always underlined the need for Member States to address and tackle the implications of terrorist exploitation of the cyber domain more strategically,” he said.