Cyberattack hits internal IT systems of key player in British power market
Elexon, a company that facilitates transactions on the British electricity market, said Thursday that a cyberattack had hit its internal computers, cutting off email access for employees.
The company grappled with the digital attack throughout Thursday, tweeting that it had identified the “root cause” of the incident.
“The attack is to our internal IT systems and Elexon’s laptops only,” the company said. It was unclear who was responsible for the cyberattack.
The attack didn’t affect the external IT systems that the company uses to track trading between producers and suppliers of electricity, Elexon said. The company manages transactions worth some $2 billion a year, resolving the difference between what electricity generators and suppliers say they will produce or use and what they actually do.
A spokesperson for National Grid ESO — Britain’s national electricity system operator — said the organization was investigating the incident, calling it a “cyber intrusion on Elexon’s internal IT systems.”
“Electricity supply is not affected,” the National Grid ESO spokesperson said. “We have robust cybersecurity measures in place across all our IT and operational infrastructure to protect against cyber threats and ensure we can continue to reliably supply electricity.”
Elexon plays an important role in tying together supply and demand in the U.K. power grid, said Joe Slowik, senior adversary hunter at industrial cybersecurity company Dragos. The opportunity to disrupt the communications and processes that support that power market makes the organization a high-value target for hackers, he said.
While the cyberdefense of utilities that deliver electricity often get public attention, the attack on Elexon is an example of how lesser-known players in the power market also face threats.
In March, the European Network of Transmission System Operators for Electricity, which helps coordinate electricity markets across Europe, announced that its IT network had been breached by hackers. The attackers had access to the organization’s email server for weeks and used a remote-hacking tool to communicate with it, CyberScoop reported.