In a significant incident that has raised alarm within the energy sector, Energy One, a prominent wholesale energy software provider, revealed on Friday, 18 August 2023, that certain corporate systems in Australia and the United Kingdom were affected by a cyberattack.
Operating for 15 years, Energy One is known to provide its software and services to a wide array of businesses, ranging from startups to multinational companies, including some of the leading energy retailers and generators in Australasia and Europe.
Immediate Action Taken by Energy One
Upon detecting the attack, Energy One acted promptly, taking measures to curtail the incident’s impact. The company engaged cybersecurity specialists CyberCX and notified the Australian Cyber Security Centre along with certain UK authorities. As a precaution, some links between corporate and customer-facing systems were disabled, demonstrating the company’s commitment to safeguarding its assets and those of its clients.
Investigation and Analysis
Energy One is currently undertaking a meticulous examination of its systems to identify any additional affected areas. The analysis is focused on determining if customer-facing systems or personal information have been compromised. Concurrently, the initial point of entry of the cyberattack is being investigated.
Notable customers of Energy One include global power generation firm InterGen, Good Energy, Crown Commercial Service (CCS) in the UK, and SSE. Their services span across wholesale energy, environmental, and carbon trading markets.
A Global Concern
The incident has not only affected operations within Australia but also has implications for several European customers serviced from Energy One’s UK offices. The stakes are high as the full extent of the impact, the identity of the attackers, and the initial attack vector remain unclear.
Commitment to Transparency
In a statement of reassurance, Energy One promised to “continue to provide updated information as it gains greater clarity about the incident and the likely timeframe for its resolution.”
The event underscores the increasing importance of cybersecurity measures within the energy sector, a critical infrastructure that powers nations. The timely response from Energy One is an example of best practices in incident management and a reminder for organizations to maintain vigilant cybersecurity protocols. The industry will be keenly watching the outcome of the investigation and lessons that can be drawn from this significant incident.
“The attack on Energy One follows a trend of increased cyberattacks against the energy sector. Following on from warnings to the sector from the NCSC and NSA, industries such as energy, are at a heightened risk due to playing a vital role in society’s daily functioning. Disruptions to these sectors can have far-reaching consequences, including impacting the national economy, causing shortages, and halting society’s operation.
Whilst the connection of cyber-physical systems such as OT and IoT, enhances operational efficiency, it also introduces a new vector for cyber threats. To mitigate these risks, maintaining visibility over all systems and promptly applying patches to critical assets is crucial to prevent operational downtime.
Network segmentation with asset class management has also proven an effective way of minimising the impact of cyberattacks on critical infrastructure, by restricting the spread of malware and effectively containing it.”
“The aim of such an attack is to cause as much disruption as possible, and with Energy One being forced to disable links between its corporate and customer-facing systems, it seems to have achieved this. It follows a wider trend of cyber criminals targeting the energy sector, with the UK government having warned earlier this month about the major risk of an attack on the energy network.
While Energy One investigates whether personal information was stolen during the attack, it’s important for both customers and employees not to panic. In the meantime, people should be on the lookout for any potential phishing emails or any other form of unsolicited communication.
However, one positive aspect that can be taken from the attack on Energy One is the immediate steps taking by the security team to stop the attack. Without a doubt, the quick response time will mitigate the impact of the attack. By having security measures and controls such as network segmentation, security teams can rapidly locate malware, limit its movement, and ultimately reduce the potential impact of an attack.
Quickly isolating an attack can be the difference between services and systems being available to customers or not, as well as sensitive data or personal information being stolen.”