Key UK energy company hit by cyber attack

The attack crippled the Elexon's internal IT network, with remote employees being unable to connect

Energy supply chain specialist Elexon has had its internal IT network disrupted by a cyber attack, in what appears to be further evidence of hacking groups escalating their attacks against UK infrastructure.

The incident, first reported yesterday, is said to have locked employees out of internal email accounts and has prevented them from using laptops remotely.

The company is critical to the functioning of the country’s power grid, handling approximately £1.7 billion of transactions each year as part of its role connecting power stations with their energy suppliers.

Details of the as-of-yet undefined cyber attack were published yesterday at midday, with the company revealing that only its internal IT systems and laptops were affected. The BSC Central Systems, which executes the company’s function in the supply chain, and EMR, a subsidiary company, were unaffected.

Elexon delivered an update a few hours later suggesting the root cause has been identified, with steps being taken to restore the internal IT systems.

IT Pro contacted Elexon to determine the exact nature of the cyber attack, and what potential effect this disruption may have on the energy supply to homes and offices. Currently, there is no indication that this attack will affect the nation's energy supply network.

“We’re aware of a cyber attack on Elexon’s internal IT systems,” said the UK’s National Grid Electricity Systems Operator. 

“We’re investigating any potential impact on our own IT networks. Electricity supply is not affected. We have robust cybersecurity measures across our IT and operational infrastructure to protect against cyber threats.”

Companies key to the UK’s critical national infrastructure have been on high alert throughout the coronavirus pandemic, with the National Cyber Security Centre (NCSC) issuing several stark warnings over previous weeks.

The security agency warned earlier this month, for instance, that APT groups were targeting UK bodies critical to the coronavirus response through password spraying attacks, including healthcare bodies and pharmaceutical companies.

Related Resource

Remote office networks pose a business and reliability risk

A survey of IT professionals shows that nearly every company suffers direct business impact from network service interruptions

Download now

Alarmingly, a report published in November 2018 suggested it’s “impossible” to protect critical UK infrastructure from cyber attacks, with mitigation rather than prevention becoming the new normal.

The consequences of targeted attacks against key players in the energy supply chain could range from minor disruption of day-to-day operations, to massive energy blackouts that could, in turn, hamper other critical organisations, like hospitals.

The risks are compounded with historic weaknesses in the cyber security regimes of energy companies, with the government forced to set out a robust set of requirements for companies more than two years ago.

Under the Network and Information Systems (NIS) directive, energy companies could be fined £17 million for failing to take effective action to prevent cyber attacks and breaches.

The measures followed an NCSC report from 2017 suggesting that state-backed hackers had targeted the IT systems responsible for controlling crucial arms of the country’s utilities.

A significant wave of activity, for example, registered in June of that year bore a striking resemblance to the infamous attacks against portions of the Ukrainian power grid in 2016, which hundreds of thousands of people into darkness.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020