Union Power Minister R.K. Singh’s reply in Parliament confirms the same.
New Delhi: On 25 March, while responding to a question by members in the Lok Sabha on “the number and details of cyber attacks on the power grid and the cases and sources of malware found in the energy supply system during the last two years and the current year”, Union power minister R.K. Singh responded: “In the recent past, cyber incidents have been reported at Southern Region Load Dispatch Center (SRLDC), Western Region Load Dispatch Center (WRLDC) and North Eastern Region Load Dispatch Center (NERLDC) of Power System Operation Corporation (POSOCO), NTPC Kudgi and Telangana State Transco. Necessary isolation and other protection measures have been taken by these organizations. Further detailed analysis of the incidents is under process under the guidance of CERT-In.”
To a subsequent question whether “some states faced electricity blackout or massive power outrage due to the said cyber attacks that manage power supply across the country and if so, the factual position in this regard,” Singh replied with a “No”.
Earlier in March, Singh—while responding to media queries on whether China-backed hackers had caused the massive power outage that Mumbai had witnessed on 12 October 2020—had replied that it was caused by a “human error” and not due to “cyber-attack”. Singh had to respond to media queries after the New York Times published a report on 28 February (China Appears to Warn India: Push Too Hard and the Lights Could Go Out) stating that the 12 October 2020 power outage in Mumbai was the handiwork of state-sponsored Chinese hackers.
Singh had at that time told the media that “cyber attacks happened on Northern and Southern region load dispatch centres, but they (malware) could not reach the operating system”.
However, last week’s statement made by Singh in Parliament and the one that he gave to media vary significantly, despite coming less than one month of each other.
Singh told Parliament members that apart from the dispatch centers in South India, cyber incidents were reported from WRLDC and from NERLDC. North-Eastern Regional Load Dispatch Centre (NERLDC) is headquartered at Shillong, while WRLDC is headquartered in Mumbai.
In his statement to media, Singh, despite being pointedly asked whether the Mumbai outage was due to a cyber incident, had said no. However, in Parliament, he said that the Mumbai-based WRLDC saw “cyber incident”.
Similarly, in his response to the media, he said that cyber attacks happened on Northern and Southern region load dispatch centers, but he did not mention that “cyber-incidents” were also noticed in Western Region Load Dispatch Center (WRLDC) and at North Eastern Region Load Dispatch Center (NERLDC), which he did in his response to the MPs subsequently.
On 12 October, 2020 at 10:05 am, large parts of Mumbai metropolis and parts of Thane district were hit by a power outage. The outage lasted more than 2 hours. By 12:05 pm, power was restored in some parts of South Mumbai and Navi Mumbai. But it took almost 10 hours to restore the full supply to the region.
According to Power ministry documents, seven incidents of “grid disturbances and grid incidents” were reported from WRLDC in October 2020.
Among these seven, the documents mention a grid incident that happened on 12 October which started at 10.05 am. The disturbance was revived at 10.27 am, the documents claim.
The incident is described as: “At 04:33 Hrs 400 kV Kalwa-Padghe 1 tripped on over Voltage at Kalwa end and emergency work permit was taken on the line at 06:54 Hrs by MSETCL for insulator replacement. At 09:45hrs, Bhira PS unit (150MW) tripped on Butterfly Valve (BFV) open feedback failure. At 09:58 Hrs, 400 kV Kalwa-Padghe 2 tripped on R-E fault. The flow on 400kV Pune-Kharghar S/C increased from 726MW to 886MW and the flow of 400kV Kharghar-Kalwa S/C rose from 396MW to 676MW. At 10:02hrs, due to heavy sparking observed at Kharghar S/S, 400kV Pune-Kharghar was hand tripped by site.
At the same time flow on 400kV Kharghar-Kalwa was seen on two phases R&B only due to Y-phase CT clamp open. 400kV Kharghar-Kalwa also was hand tripped from Khaghar S/S on an emergency basis as reported by MSLDC in their preliminary report. With these trippings, 400kV Kalwa and Kharghar were cut off from 400kV network of WR grid.
Due to heavy power flow, the links of 220kV Padghe-Temghar-1&2, Tarapur-Borivali, 220kV Boisar(PG)-Borivali, 220kV Nagothane-Apta and the other 220kV links connected to Kalwa and Kharghar tripped resulting in formation of island of Borivali, Mulund, Kalwa, Khargar, Uran,Temghar, Apta,Taloja, Adani system and TATA system. The island had a total generation of 1587 MW(1367 MW internal+220 MW Uran) and a load of around 3700 MW.
As reported by TATA in their preliminary report, when the frequency dropped to 48.0 Hz, about 760 MW load shedding took place in their system. Due to the load generation imbalance in the island, Kalwa-Kharghar and TPC island collapsed. At 47.7 Hz AEML island got separated and survived with a load of around 400 MW.”
The Sunday Guardian reached out to the secretary, Power ministry, seeking a response as to when did the ministry discover that the “cyber-incident” had affected the dispatch centers at Mumbai and Shillong and whether that means that the story done by New York Times was correct in identifying the role of Chinese backed hackers in the Mumbai power outage. No response was received till the time the story went to press.