The European Network of Transmission System Operators for Electricity (ENTSO-E) has admitted that it fell victim to a cyberattack recently. In a brief statement published on its website, the organization says that it has found evidence of a “successful cyber intrusion” that affected its office network.
ENTSO-E, which represents 42 electricity Transmission System Operators (TSOs) across Europe, emphasized that the compromised systems are not connected to any operational transmission network. The organization also said that it has duly informed its members about the security incident; all the while it continues to assess the situation.
“A risk assessment has been performed and contingency plans are now in place to reduce the risk and impact of any further attacks,” added ENTSO-E in its statement.
Speaking to CyberScoop, ENTSO-E spokesperson Claire Camus declined to provide additional comments on the issue, citing “obvious reasons”.
Meanwhile, a number of ENTSO-E members are looking into the incident as well. Erik Nordman, a security manager at Sweden’s TSO Svenska Kraftnat, said that the company was inquiring into whether the breach had had any effect on its systems. In order to limit any possible impact, the company was putting extra preventive measures in place.
Stattnet, the Norwegian TSO, is also investigating the incident, but so far it has not found any indication that the breach may have affected its own IT systems. Switzerland’s Swissgrid released a statement to much the same effect.
Fingrid, the TSO out of Finland, noted that it might have to delay the launch of its Energy Identification Codes that are needed for trading on the energy markets. The company added that the attack was neither targeted at them nor at any other TSOs, and that customers and stakeholders weren’t affected.
It’s worth noting that attacks targeting critical infrastructure providers have been a major concern in recent years. Ukraine has even suffered two attack-induced blackouts, and ESET researchers have previously analyzed pieces of malware (e.g. BlackEnergy and Industroyer) that were used in attacks against Ukraine’s energy industry, ultimately causing power outages.