In a significant incident that has raised alarm within the energy sector, Energy One, a prominent wholesale energy software provider, revealed on Friday, 18 August 2023, that certain corporate systems in Australia and the United Kingdom were affected by a cyberattack.
Operating for 15 years, Energy One is known to provide its software and services to a wide array of businesses, ranging from startups to multinational companies, including some of the leading energy retailers and generators in Australasia and Europe.
Immediate Action Taken by Energy One
Upon detecting the attack, Energy One acted promptly, taking measures to curtail the incident’s impact. The company engaged cybersecurity specialists CyberCX and notified the Australian Cyber Security Centre along with certain UK authorities. As a precaution, some links between corporate and customer-facing systems were disabled, demonstrating the company’s commitment to safeguarding its assets and those of its clients.
Investigation and Analysis
Energy One is currently undertaking a meticulous examination of its systems to identify any additional affected areas. The analysis is focused on determining if customer-facing systems or personal information have been compromised. Concurrently, the initial point of entry of the cyberattack is being investigated.
Notable customers of Energy One include global power generation firm InterGen, Good Energy, Crown Commercial Service (CCS) in the UK, and SSE. Their services span across wholesale energy, environmental, and carbon trading markets.
A Global Concern
The incident has not only affected operations within Australia but also has implications for several European customers serviced from Energy One’s UK offices. The stakes are high as the full extent of the impact, the identity of the attackers, and the initial attack vector remain unclear.
Commitment to Transparency
In a statement of reassurance, Energy One promised to “continue to provide updated information as it gains greater clarity about the incident and the likely timeframe for its resolution.”
The event underscores the increasing importance of cybersecurity measures within the energy sector, a critical infrastructure that powers nations. The timely response from Energy One is an example of best practices in incident management and a reminder for organizations to maintain vigilant cybersecurity protocols. The industry will be keenly watching the outcome of the investigation and lessons that can be drawn from this significant incident.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.