Entso-E targeted in recent cyberattack

Share

Unidentified threat actors have targeted the administrative systems of the European Network of Transmission System Operators for Electricity (Entso-E), in an incident it has described as a “successful cyber intrusion.”

The organization, which represents 43 electricity transmission system operators (TSOs) across Europe, said on Monday that it has already conducted a risk assessment in response to the incident. It added that it has implemented unspecified “contingency plans” to prevent the possibility of follow-up attacks.

“It is important to note that the Entso-E office network is not connected to any operational TSO system,” the organization claimed, without providing additional information about the cyberattack. “Our TSO members have been informed and we continue to monitor and assess the situation.”

The Finnish and Swedish transmission system operators quickly backed the representative body’s claim that operational TSO systems across the continent were not affected by the cyberattack. In a separate online statement, Fingrid said that the attack did not appear to be directed at its operations or those of other TSOs. The Finnish TSO added that the incident did not have any material impact on its customers.

“However, as a result of this security attack, the issuing time for the [Energy Identification Codes] issued by Fingrid may be longer than usual,” it said, noting that the incident only affected “file exchange policies” it has in place with Entso-E.

Svenska Kraftnät, the TSO of Sweden, said that grid operators in the country were already investigating the matter, while also working to prevent additional attacks. It said that such cyber-intrusions are a “serious” issue.

While cyber-threats are nothing new for grid operators throughout the world, the U.S. government has recently started to ramp up efforts to introduce stricter policies and implement more stringent security systems. In December – less than a year after the U.S. Department of Energy revealed that sPower, a Utah-based solar developer, had been targeted in an unprecedented cyberattack – President Donald Trump signed the National Defense Authorization Act, which included the Securing Energy Infrastructure Act. The legislation involves the creation of new strategies to protect the national grid from cyberattacks. However, some experts on digitalized energy systems have criticized the legislation for its reliance on an analog approach to ensuring grid resiliency.

In October, the U.S. Federal Energy Regulatory Commission (FERC) also agreed to evaluate the potential risk of a coordinated, grid-focused cyberattack, as recommended by the U.S. General Accounting Office. However, the nonprofit North American Electric Reliability Corporation – which develops the cybersecurity standards that FERC approves – has criticized the plan.