Cyberattack hits internal IT systems of key player in British power market

Employees don't have email access, but external systems aren't affected.
A spokesperson for National Grid ESO — Britain’s national electricity system operator — said the organization was investigating the incident. (Getty Images)

Elexon, a company that facilitates transactions on the British electricity market, said Thursday that a cyberattack had hit its internal computers, cutting off email access for employees.

The company grappled with the digital attack throughout Thursday, tweeting that it had identified the “root cause” of the incident.

“The attack is to our internal IT systems and Elexon’s laptops only,” the company said. It was unclear who was responsible for the cyberattack.

The attack didn’t affect the external IT systems that the company uses to track trading between producers and suppliers of electricity, Elexon said. The company manages transactions worth some $2 billion a year, resolving the difference between what electricity generators and suppliers say they will produce or use and what they actually do.


A spokesperson for National Grid ESO — Britain’s national electricity system operator — said the organization was investigating the incident, calling it a “cyber intrusion on Elexon’s internal IT systems.”

“Electricity supply is not affected,” the National Grid ESO spokesperson said. “We have robust cybersecurity measures in place across all our IT and operational infrastructure to protect against cyber threats and ensure we can continue to reliably supply electricity.”

Elexon plays an important role in tying together supply and demand in the U.K. power grid, said Joe Slowik, senior adversary hunter at industrial cybersecurity company Dragos. The opportunity to disrupt the communications and processes that support that power market makes the organization a high-value target for hackers, he said.

While the cyberdefense of utilities that deliver electricity often get public attention, the attack on Elexon is an example of how lesser-known players in the power market also face threats.

In March, the European Network of Transmission System Operators for Electricity, which helps coordinate electricity markets across Europe, announced that its IT network had been breached by hackers. The attackers had access to the organization’s email server for weeks and used a remote-hacking tool to communicate with it, CyberScoop reported.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts