A Field Encounter with SCADA Reality: Lessons from Critical Infrastructure Research in India’s Border Regions

During 2021–2022, The CyberDiplomat was engaged in on-ground research on critical infrastructure cybersecurity, with a particular focus on SCADA systems, OT security, and national resilience. One of the most defining phases of this research took place in Siliguri, a strategically significant region due to its proximity to India’s northeastern corridor and international borders.

Our research spanned multiple sectors—power transmission, maritime infrastructure, aerospace systems, and banking and finance—with the power sector emerging as a particularly sensitive and under-examined domain.

Border Geography and Cyber Risk Convergence

Siliguri and the surrounding northeastern states occupy a unique geopolitical position, sharing borders with multiple countries, including China. During field interactions, we learned that extended power outages—sometimes lasting up to 24 hours—are not uncommon in certain border areas.

While not all outages are cyber-induced, practitioners on the ground acknowledged that cyber incidents are increasingly considered among the possible causes, particularly in transmission and control environments where attribution remains opaque. This convergence of geography, infrastructure criticality, and cyber uncertainty formed a key research insight.

Inside a Transmission SCADA Environment: An Unfiltered Observation

As part of this research, our team visited a power transmission entity operating a SCADA control environment. What stood out was not advanced adversary tradecraft—but the absence of baseline physical and cyber hygiene.

• Locating the SCADA facility itself was challenging; personnel were hesitant and visibly cautious when asked for directions.

• Eventually, a signboard reading “Way to SCADA” was found—an ironic discovery given the surrounding secrecy.

• More concerningly, the SCADA facility door was left open during lunch hours, with no apparent access control.

• Adjacent data centre components were loosely protected, exposing the environment to unnecessary risk.

While such observations point to serious security lapses, they also reflect a systemic issue: security is often assumed rather than engineered.

Engineers on the Frontline: Capability Without Enablement

Despite infrastructural weaknesses, interactions with engineers on site revealed high technical competence and deep operational understanding. These professionals openly shared:

• The constraints of legacy SCADA systems

• The cyber threats they observe but cannot always escalate

• The lack of specialised, recurring OT-focused cybersecurity training

Their insights significantly shaped The CyberDiplomat’s evolving research direction—highlighting that the weakest link was not people, but governance, training, and systemic prioritisation.

Transparency vs. Security: Finding the Balance

A critical ethical and operational dilemma emerged during this engagement.

On one hand, openness in sharing operational insights can be seen as a vulnerability. On the other hand, excessive opacity creates conditions where:

• External researchers feel compelled to “gatecrash” systems to understand risks

• Security gaps persist unaddressed due to fear of disclosure

• Learning and resilience stagnate

  
  

The conclusion was clear: baseline cybersecurity controls must be non-negotiable, but measured transparency within structured frameworks is essential for national resilience.

Attribution: The Missing Link in India’s Power Sector Cyber Incidents

A recurring issue identified during this research was misattribution—or lack of attribution—of cyber incidents.

In many cases:

• Detection of malware or Remote Access Trojans is incorrectly equated to a confirmed cyberattack

• There is no established technical or policy mechanism to attribute incidents to specific threat actors or states

• Attribution often occurs only when it aligns with political or diplomatic signalling

  
  

This creates a dangerous ambiguity: even if a cyberattack occurs, accountability remains elusive. Addressing this gap requires coordinated effort across technical agencies, policymakers, and the research community.

Institutional Learning and Framework Development

Insights from Siliguri directly informed The CyberDiplomat’s engagement with national cybersecurity capacity-building efforts, including exposure to training and initiatives led by National Critical Information Infrastructure Protection Centre (NCIIPC).

Subsequently, this research contributed to our involvement in cybersecurity certification and capacity-building schemes developed with the support of Quality Council of India, reinforcing the need for India-specific SCADA and OT security frameworks.

Conclusion: From Observation to Action

This field engagement represents more than an anecdote—it is a case study in real-world critical infrastructure security challenges. It underscores the urgent need for:

• SCADA-specific cybersecurity training

• Stronger baseline controls in power sector environments

• Clear attribution mechanisms for cyber incidents

• A balanced approach to transparency and security

  
  

The CyberDiplomat continues to operate as a research-driven organization dedicated to safeguarding critical infrastructure and national security. Institutions seeking rigorous, ground-truth-based research in these domains are encouraged to collaborate with us.