Security Experts:

UK Electricity Market Administrator Elexon Targeted by Hackers

Elexon, a company involved in the management of the electricity market in the United Kingdom, has been hit by a cyberattack that impacted its internal IT systems.

Elexon manages the Balancing and Settlement Code (BSC) on behalf of the electricity sector in the UK. The BSC defines the rules and governance for the balancing mechanism and imbalance settlement processes of electricity in Britain.

“We compare how much electricity generators and suppliers said they would produce or consume with how much electricity they actually generated and supplied. After calculating these volumes, we work out a price for the imbalances and charge organisations accordingly. This involves taking 1.2 million meter readings every day and handling over £1.5 billion of our customers’ funds each year,” Elexon says on its website.Elexon suffers data breach

Elexon initially revealed that its internal IT systems, including its ability to send and receive email, were affected by a cyberattack, but noted that the BSC central systems and EMR (Electricity Market Reform) systems were not affected.

In a later update, the company said it identified the root cause and it had started restoring impacted systems.

While Elexon says only its internal systems are impacted, the UK’s National Grid electricity system operator (ESO) said on Twitter that it’s investigating any potential impact on its own networks, but pointed out that electricity supply was not affected by the incident.

“We have robust cybersecurity measures across our IT and operational infrastructure to protect against cyber threats,” National Grid ESO said.

Learn more about electric sectors threats at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

It’s not uncommon for organizations in the electricity sector to be targeted in cyberattacks. Earlier this year, the European Network of Transmission System Operators for Electricity (ENTSO-E) admitted that hackers breached its corporate network, and an electric utility in Massachusetts reported being hit by ransomware.

Industrial cybersecurity firm Dragos reported in January that an increasing number of threat groups had been targeting electric utilities in North America.

Related: Security of North American Energy Grid Tested in GridEx Exercise

Related: Hackers Behind 'Triton' Malware Target Electric Utilities in US, APAC

Related: DoS Attack Blamed for U.S. Grid Disruptions: Report

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.