Elexon, a firm that oversees payments between electricity generators and suppliers for the UK’s National Grid, has suffered a cyberattack that took down its internal IT network and employee laptops.
While the UK’s electricity supply was unaffected by the cyberattack, it is another reminder of how a connected supply chain is “only as robust as its weakest link”.
In a statement Elexon said “the attack is to our internal IT systems and ELEXON’s laptops only”.
It added that its Balancing and Settlement Code systems, the crucial mechanism for the flow of payments that keep electricity flowing, was unaffected.
The company has since said that it managed to get some systems back online and has identified the “areas that the cyberattack has impacted”. However, its email system is still down.
Cybersecurity experts said the cyberattack demonstrates the importance of protecting all points of the supply chain.
“Supply chain dependency means it is critical to protect both big and smaller players when delivering critical national infrastructure (CNI) – the supply chain is only as robust as its weakest link,” said Ian Heritage, cloud security architect at cybersecurity firm Trend Micro.
“The bad news is that many companies frequently are part of the supply chain that feeds resources to deliver CNI; thus, a cyberattack against one part of this chain can indirectly affect the supply of services.
“Ensuring suppliers have in place adequate security processes, including employee training and awareness programmes, data handling and more is a must.”
We’re aware of a cyber attack on ELEXON’s internal IT systems. We’re investigating any potential impact on our own IT networks. Electricity supply is not affected. We have robust cybersecurity measures across our IT and operational infrastructure to protect against cyber threats. https://t.co/7R2NeIB57l
— National Grid ESO (@ng_eso) May 14, 2020
Jake Moore, cybersecurity specialist at internet security firm ESET said:
“Being connected to the essential services such as energy means that you will always be a lucrative and interesting target to threat actors. However, many organisations keep a close eye on their own protection and can easily forget about the supply chain.”
Elexon cyberattack: Ransomware suspected
Each year Elexon handles £1.5bn worth of transactions for power plants on the electricity market. As part of working out the price difference between generators and suppliers it takes 1.25 million meter readings per day.
“Cyberattacks against the energy sector can have rippling effects to other critical infrastructure that depends heavily on energy such as hospitals without power, logistics on hold and transportation delays, which could easily lead to chaotic events,” said Joseph Carson, chief security scientist at cybersecurity firm Thycotic.
The Elexon cyberattack, which was first reported by the Daily Telegraph, has “all the hallmarks of a ransomware” attack, said Moore.
However, Elexon has not commented on the type of attack.
“We have to hope this is not a ransomware event, although it would not be surprising given the current popularity of those types of attacks,” said Jérôme Robert, director at cybersecurity specialist directory firm Alsid.
“If it is ransomware, Elexon could face a long and expensive road to recovery.”