BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

New iOS 18 AI Security Move Changes The Game For All iPhone Users
Microsoft Warns Windows Users Of Ongoing Russian Hack Attack
Google’s $6 A Month Chrome Security Subscription Is A Thing Now
FCC Votes To Restore Net Neutrality: A Win For Consumers And Democracy
An Ex-DOD Hacker Raises $20 Million To Stop ChatGPT-Fueled Cyberattacks
Tech Firms Pledge To Eliminate AI-Generated CSAM
Edit Story
ForbesInnovationCybersecurity
Editors' Pick

Cyber Attack On U.K. Electricity Market Confirmed: National Grid Investigates

Davey Winder
Senior Contributor
Opinions expressed by Forbes Contributors are their own.
Veteran cybersecurity and tech analyst, journalist, hacker, author
Following
This article is more than 3 years old.

The company that facilitates payments on the U.K. electricity market, tracking the trade between those who produce electricity and those who supply it and resolving the differences, has fallen victim to a cyber-attack. Elexon is at the center of the balancing and settlement system, working with Great Britain's National Grid Electricity System Operator (ESO) to keep the lights on. The lights didn't go off across the U.K. as a result of this cyber-attack, but internal IT systems and laptops at Elexon went dark.

A $2 billion energy market business

Overseeing the payments in the energy market that exists between U.K. power station operators and the companies that provide the electricity supply to consumers and businesses alike, Elexon plays a vital role in ensuring the lights really do stay on across the country. It does this by not only monitoring electricity generation and matching it to National Grid demand but ensuring that correct payments are made to those generating the juice. According to The Telegraph, which was first to break the news of this cyber-attack, that amounts to some $2.07 billion (£1.7 billion) of transactions every year. The combination of high-value transactions with being a core part of the energy supply market makes companies such as Elexon a prime target for cybercriminals and nation-state hackers alike.

Indeed, there has been a lot of global nervousness around energy market security recently, with President Trump declaring foreign cybersecurity threats to the U.S. electricity system a national emergency in an executive order signed May 1.

How details of the Elexon cyber-attack emerged

As for the nature of the cyber-attack against Elexon itself, we will have to wait for the ongoing investigations to be completed before getting a complete picture. However, pieces of that picture are already starting to emerge.

The public disclosure of the attack was tweeted by Elexon yesterday and stated that "we are currently unable to send or receive any emails," while confirming that "internal IT systems have been impacted by a cyber-attack."

MORE FROMFORBES ADVISOR

Best High-Yield Savings Accounts Of September 2023

By
Kevin Payne
Contributor

Best 5% Interest Savings Accounts of September 2023

By
Cassidy Horton
Contributor

Elexon also released a midday bulletin through its market portal yesterday which gave more information. Namely that "the attack is to our internal IT systems and ELEXON’s laptops only." This advised that the Balancing and Settlement Code (BSC) and Electricity Market Reform (EMR) payment systems were working normally. Later in the afternoon, Elexon updated that bulletin to confirm it had "identified the root cause" of the attack.

Meanwhile, the National Grid Electricity System Operator (ESO) tweeted that it was "investigating any potential impact on our own IT networks," but stated that "electricity supply is not affected," thanks to robust cybersecurity.

Was this a ransomware attack?

Jérôme Robert, a director at cybersecurity specialist Alsid, said, "as this Elexon attack shows, critical national infrastructure, such as power networks, has always been an attractive target for hackers. Although there is still much we don’t know about this specific hack, with most employees working remotely, security professionals are faced with unprecedented new threats caused by the behavior of staff and challenges around enabling remote access." Robert also said that we have to "hope this is not a ransomware event, although it would not be surprising given the current popularity of those types of attacks. If it is ransomware, Elexon could face a long and expensive road to recovery."

Jake Moore, a cybersecurity specialist at ESET, said that the attack has "all the hallmarks of ransomware," given what is known so far and that he imagines Elexon "are in a dilemma as to if or how to pay."

I have reached out to Elexon for further information about the incident and will update this article if any statement is forthcoming. One of the questions I asked was whether the company could confirm reports that an unpatched Pulse Secure VPN server might have helped facilitate the attack. Earlier this year, the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) issued an alert informing users that failed to update the VPN could "become compromised in an attack."

Any Elexon customers who have any questions and concerns are asked to contact an externally hosted help desk on 0370 010 6950 or via email to bscservicedesk@cgi.com

Follow me on Twitter or LinkedInCheck out my website or some of my other work here
Davey Winder
Davey Winder