Critical infrastructureCybercriminals Are Now Targeting Critical Electricity Infrastructure

By Henri van Soest

Published 5 June 2020

Amid the constant stream of news on the coronavirus pandemic, one event passed relatively unnoticed. On the afternoon of May 14, a company named Elexon was hacked. You probably haven’t heard of it, but Elexon plays a key role in the UK’s electricity market, and though the attack did not affect the electricity supply itself, as an academic who researches cybersecurity in the electricity system, I am worried. This near miss reveals just how vulnerable our critical infrastructure is to such attacks – especially during a pandemic.

Amid the constant stream of news on the coronavirus pandemic, one event passed relatively unnoticed. On the afternoon of May 14, a company named Elexon was hacked. You probably haven’t heard of it, but Elexon plays a key role in the UK’s electricity market, and though the attack did not affect the electricity supply itself, as an academic who researches cybersecurity in the electricity system, I am worried. This near miss reveals just how vulnerable our critical infrastructure is to such attacks – especially during a pandemic.

Elexon plays an important role in the operation of the country’s electricity system. In such a system, the levels of supply and demand need to be balanced at all times. Otherwise, the system becomes unstable, which can lead to blackouts. To avoid this, Elexon compares the amount of electricity that generators promise they will produce, with the amount of electricity that suppliers say will be consumed. Where needed, the company determines the difference in price and transfers funds between the parties on either side of the transaction.

The lockdown has made Elexon’s role significantly more difficult. Usually, electricity demand is pretty fixed, as people broadly go to work, return home, cook dinner and watch TV at roughly the same hour every day. However, the lockdown has ripped up the rule book on all this. Despite many people staying at home, electricity demand has also dropped by about 20% compared to this time last year due to the closure of factories and businesses. In sum, it is a lot harder to correctly predict demand.

The drop in demand also means that less electricity is needed. The drop in demand also means that less electricity is needed. Because wind and solar power are now the cheapest forms of electricity available, coal and gas plants are generating less, and there has lately been a big increase in renewable energy sources in the overall mix. However, wind and solar power experience large swings in supply, depending on whether the sun shines and the wind blows. This again makes supply and demand more complicated to manage.

Held to ransom
The Elexon attack used ransomware, in which a computer virus encrypts the contents of a computer, and it can only be decrypted after a ransom has been paid, typically in bitcoin or another cryptocurrency. The most famous ransomware attack is no doubt the 2017 WannaCry attack, which particularly affected the UK’s National Health Service.