Key UK energy company hit by cyber attack

The attack crippled the Elexon's internal IT network, with remote employees being unable to connect

Energy supply chain specialist Elexon has had its internal IT network disrupted by a cyber attack, in what appears to be further evidence of hacking groups escalating their attacks against UK infrastructure.

The incident, first reported yesterday, is said to have locked employees out of internal email accounts and has prevented them from using laptops remotely.

The company is critical to the functioning of the country’s power grid, handling approximately £1.7 billion of transactions each year as part of its role connecting power stations with their energy suppliers.

Details of the as-of-yet undefined cyber attack were published yesterday at midday, with the company revealing that only its internal IT systems and laptops were affected. The BSC Central Systems, which executes the company’s function in the supply chain, and EMR, a subsidiary company, were unaffected.

Elexon delivered an update a few hours later suggesting the root cause has been identified, with steps being taken to restore the internal IT systems.

IT Pro contacted Elexon to determine the exact nature of the cyber attack, and what potential effect this disruption may have on the energy supply to homes and offices. Currently, there is no indication that this attack will affect the nation's energy supply network.

“We’re aware of a cyber attack on Elexon’s internal IT systems,” said the UK’s National Grid Electricity Systems Operator. 

“We’re investigating any potential impact on our own IT networks. Electricity supply is not affected. We have robust cybersecurity measures across our IT and operational infrastructure to protect against cyber threats.”

Companies key to the UK’s critical national infrastructure have been on high alert throughout the coronavirus pandemic, with the National Cyber Security Centre (NCSC) issuing several stark warnings over previous weeks.

The security agency warned earlier this month, for instance, that APT groups were targeting UK bodies critical to the coronavirus response through password spraying attacks, including healthcare bodies and pharmaceutical companies.

Related Resource

Remote office networks pose a business and reliability risk

A survey of IT professionals shows that nearly every company suffers direct business impact from network service interruptions

Download now

Alarmingly, a report published in November 2018 suggested it’s “impossible” to protect critical UK infrastructure from cyber attacks, with mitigation rather than prevention becoming the new normal.

The consequences of targeted attacks against key players in the energy supply chain could range from minor disruption of day-to-day operations, to massive energy blackouts that could, in turn, hamper other critical organisations, like hospitals.

The risks are compounded with historic weaknesses in the cyber security regimes of energy companies, with the government forced to set out a robust set of requirements for companies more than two years ago.

Under the Network and Information Systems (NIS) directive, energy companies could be fined £17 million for failing to take effective action to prevent cyber attacks and breaches.

The measures followed an NCSC report from 2017 suggesting that state-backed hackers had targeted the IT systems responsible for controlling crucial arms of the country’s utilities.

A significant wave of activity, for example, registered in June of that year bore a striking resemblance to the infamous attacks against portions of the Ukrainian power grid in 2016, which hundreds of thousands of people into darkness.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021