Blog Post

Not one energy supplier has officially reported a cyber-attack to Ofgem despite numerous hacks says Sky News investigation

Richard Simmonds • Mar 24, 2021

An investigation carried out by Sky News has shown that not one energy supplier has reported a cyberattack to Ofgem despite a law introduced three years ago obliging them to do so.

The NIS Directive

The law in question is the Network & Information Systems Regulations and is designed to boost the cybersecurity resilience of the UK energy sector by obliging electricity and gas supplier to report a cybersecurity breach.


The law puts incidents in several threshold categories such as whether an incident had the potential to disrupt the supply of energy to more than 250,000 consumers.


Also read: Elexon Hit by Cyber Attack

What’s the issue?

Since the introduction of the law, not a single report of a hacking incident has been successfully made despite numerous successful cyberattacks on energy companies over the last three years by criminal gangs and hostile states.


The main cause for this is that the thresholds used to determine whether an incident is worth reporting is too high, which in turn prevents any reports from being made.


According to the Sky News report, just one energy supplier has tried to file a report with Ofgem, but it was dismissed due to the incident not meeting the threshold required to being reported.


This is an issue as it means that the true extent of the cybersecurity challenges faced by energy suppliers is not being reported and instead many are being swept under the carpet by companies too afraid to publicly disclose a breach.


Ransomware attacks are common with Elexon suffering a major cyberattack last year and only recently Npower was forced to abandon its customer service app after hackers breached it and used it as a way to steal sensitive customer data.


Cyber-attacks on energy companies and electricity systems are a substantial and growing threat, according to the International Energy Agency (IEA).


Also read: Cyberattack forces Npower to permanently withdraw its mobile app

Blind to the threat?

The Sky investigation goes on to say that because of the high thresholds required for a cyber attack to be recorded is leaving Ofgem blind to the true scale of the problem and how energy suppliers are coping.


Currently, the thresholds depend on the impact of the hacks on the continuity of a company’s services, something that doesn’t record the energy sector’s ability to tackle cyber threats.


"Most of the concern around cybersecurity has been focused on operational technology (OT) networks that interact with physical processes and machinery, such as power plant equipment or water treatment facilities. Yet the traditional information technology (IT) networks that involve the flow of data - such as file storage or email - should not be neglected. This is because whilst the impact of malicious activity can be far more severe against OT systems, these attacks typically start out on IT networks. It is therefore vital to consider security across an entire service provider's infrastructure,” said Dr Jamie Collier, a threat intelligence consultant at FireEye.


Also read: Energy Supply companies most vulnerable to cyber-attack says new report


The government will be reviewing the Network & Information Systems Regulations within the next 12 months.

Further Reading

‘Green’ Tariffs to come under increased government scrutiny over growing ‘Greenwashing’ concerns


Busting the Cybersecurity Myths in the Energy Sector


Dyball Associates Achieves ISO27001 Certification


Dyball Associates are proud to help new supply businesses successfully launch in the UK market.

 

Through our energy market consultancy services, and the software we've developed, we're supporting new UK electricity and gas suppliers get set up and start supplying.

 

Follow us on LinkedIn to keep up to date with the latest news and updates in the energy industry.

Contact Us

More articles

Latest News

White label
By Richard Simmonds 24 Nov, 2021
We take a look at white labelling and why it could be a good source of revenue for your business.
dim bulb
By Richard Simmonds 23 Nov, 2021
The ongoing energy crisis has claimed its biggest victim as the UK’s seventh largest energy supplier, Bulb announced that it has entered administration.
investigate
By Richard Simmonds 22 Nov, 2021
Two of the UK’s largest energy supply companies could be investigated by Ofgem and possibly face fines of up to 10% of their revenue after being accused of breaching price cap rules by overcharging customers by hundreds of pounds.
More Posts
Share by: