Cyber attack on Aussie energy services firm may hit UK CNI

Operators of critical utility infrastructure across the UK may have been affected by a developing cyber attack on the systems of Energy One, an Australia-based supplier of software and services for the energy sector.

The ongoing incident was disclosed via a statement to the Australian Securities Exchange (ASX) on the morning of Monday 21 August (Sunday evening on UK time), but appears to have begun on Friday 18 August.

In a statement, board chairman Andrew Bonwick said the organisation had established that “certain corporate systems” in Australia and the UK had been affected.

“In response, Energy One took immediate steps to limit the impact of the incident, engaged cyber security specialists, CyberCX, and alerted the Australian Cyber Security Centre and certain UK authorities,” said Bonwick.

“Energy One’s top priorities are the safety and security of its people, its customers, and its systems. Analysis is underway to identify which, if any, additional systems may have been affected by the cyber attack.”

At the time of writing, Energy One is understood to have disconnected a number of links between corporate and customer-facing systems to try to stop the incident from spreading downstream.

Its investigation continues, and it is working to establish if any personal data or customer systems have been affected, and how the unknown attacker accessed its systems.

Some of the firm’s UK customers include Good Energy, a southwest England-based renewable supplier, which uses Energy One’s enTrader service to manage its Energy Contract Volume Notifications (ECVNs); SSE, which supplies gas and electricity to seven million homes and has been using Energy One’s enVoy communications framework to interface for electronic data transfers with the National Grid; and renewables specialist Yorkshire Gas and Power.

There is no suggestion or evidence at this stage to suggest that any of these firms have been affected by the incident.

Cyber attacks that affect CNI operators are something of a nightmare scenario for the security sector due to the exceptionally painful effect that disruption to supplies of services like communications, electricity, gas and water can have.

Protecting such organisations from cyber incidents has become a key policy issue around the world since the 2021 Colonial Pipeline incident disrupted the distribution and sale of petrol across a swathe of the US for several days, while in the past 18 months, the cyber security impact of Russia’s war on Ukraine has added a new dimension to concerns around energy security. 

“CNI is at the top of the target list for adversaries, given the impact if successful, even in part,” said Exabeam EMEA security strategy head, Samantha Humphries.

“The need to understand and baseline normal in terms of critical asset/system access is absolutely key in protecting critical infrastructure. Regardless of whether systems in operational technology [OT] environments are air-gapped or not, if there’s a digital route to the system, then it’s at risk.

“We’ve got to ensure we’re monitoring OT systems far more diligently by capturing all viable log data in terms of access control, system settings and maintenance. Any abnormality, regardless of how small, should be investigated, triaged and managed accordingly. Relying on users alone for the protection of our CNI systems does not – and will not – scale,” she said.

“Working smarter with automation technologies in managing large volumes of data streams, analysing them for anomalies and reporting risk in real time, is the only way forward for CNI protection. This, in partnership with continued user education in being diligent and applying critical thinking analysis to system activity reports, is critical.”