IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Key UK energy company hit by cyber attack

The attack crippled the Elexon's internal IT network, with remote employees being unable to connect

Energy supply chain specialist Elexon has had its internal IT network disrupted by a cyber attack, in what appears to be further evidence of hacking groups escalating their attacks against UK infrastructure.

The incident, first reported yesterday, is said to have locked employees out of internal email accounts and has prevented them from using laptops remotely.

The company is critical to the functioning of the country’s power grid, handling approximately £1.7 billion of transactions each year as part of its role connecting power stations with their energy suppliers.

Details of the as-of-yet undefined cyber attack were published yesterday at midday, with the company revealing that only its internal IT systems and laptops were affected. The BSC Central Systems, which executes the company’s function in the supply chain, and EMR, a subsidiary company, were unaffected.

Elexon delivered an update a few hours later suggesting the root cause has been identified, with steps being taken to restore the internal IT systems.

IT Pro contacted Elexon to determine the exact nature of the cyber attack, and what potential effect this disruption may have on the energy supply to homes and offices. Currently, there is no indication that this attack will affect the nation's energy supply network.

“We’re aware of a cyber attack on Elexon’s internal IT systems,” said the UK’s National Grid Electricity Systems Operator. 

“We’re investigating any potential impact on our own IT networks. Electricity supply is not affected. We have robust cybersecurity measures across our IT and operational infrastructure to protect against cyber threats.”

Companies key to the UK’s critical national infrastructure have been on high alert throughout the coronavirus pandemic, with the National Cyber Security Centre (NCSC) issuing several stark warnings over previous weeks.

The security agency warned earlier this month, for instance, that APT groups were targeting UK bodies critical to the coronavirus response through password spraying attacks, including healthcare bodies and pharmaceutical companies.

Related Resource

Remote office networks pose a business and reliability risk

A survey of IT professionals shows that nearly every company suffers direct business impact from network service interruptions

Download now

Alarmingly, a report published in November 2018 suggested it’s “impossible” to protect critical UK infrastructure from cyber attacks, with mitigation rather than prevention becoming the new normal.

The consequences of targeted attacks against key players in the energy supply chain could range from minor disruption of day-to-day operations, to massive energy blackouts that could, in turn, hamper other critical organisations, like hospitals.

The risks are compounded with historic weaknesses in the cyber security regimes of energy companies, with the government forced to set out a robust set of requirements for companies more than two years ago.

Under the Network and Information Systems (NIS) directive, energy companies could be fined £17 million for failing to take effective action to prevent cyber attacks and breaches.

The measures followed an NCSC report from 2017 suggesting that state-backed hackers had targeted the IT systems responsible for controlling crucial arms of the country’s utilities.

A significant wave of activity, for example, registered in June of that year bore a striking resemblance to the infamous attacks against portions of the Ukrainian power grid in 2016, which hundreds of thousands of people into darkness.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022