European Electricity Association Confirms Hackers Breached its Office Network

ENTSO-E, the European Network of Transmission System Operators, has announced that it found evidence of a successful cyber intrusion in its office network. 

ENTSO-E represents 43 electricity transmission system operators from 36 countries across Europe, thus extending beyond EU borders. According to the organization, a risk assessment has been performed and contingency plans are now in place to reduce the risk and impact of any further attacks. “It is important to note that the ENTSO-E office network is not connected to any operational TSO system. Our TSO members have been informed and we continue to monitor and assess the situation,” says a press release.

Security Magazine spoke to Steve Durbin, managing director of the Information Security Forum, about the implications of this breach. Durbin notes that, “As our dependence on technology and our use of technology increases, so too does the need for sound risk management, assessment and mitigation increase in line with complexity. The dangers to an organization from cyber threats have increased in frequency and severity; more organizations are understanding that cyber is entirely embedded across the business and so a cyber threat is actually a threat to business as opposed to something that can be managed from an IT department.

This, Durbin notes, is particularly the case with critical infrastructure. “And cybercriminals know this. In the future, organizations of all sizes will need to make sure they are fully prepared to deal with attacks on their valuable data and reputations. The faster you can respond to these problems, the better your outcomes will be.

“Some key questions to ask are:

• Can your core business survive a prolonged degradation or total loss of service?  Have you identified single points of failure, decoupled core functions, rehearsed the doomsday scenario?
• How would you restart your business?  Have you created a reboot plan, rediscovered manual operations, documented your business processes and backed up your critical data?
• How is your backup and recovery plan? Have you recently tested your plans, do they reflect the actual environment you are operating today?
• How well designed are your systems for resilience (as opposed to security)? What are your black swans? What are your supply chain dependencies and do you have workarounds?
• Finally, people.  Your people will be key to the survival and recovery of your systems and business – how resilient are they?  Have you tested their response under pressure?

“The time for running cyber incident response exercises based on breach and ransomware scenarios has never been more important,” Durbin adds. “Coupling these with business continuity planning and rehearsal for the current Covid-19 outbreak will only result in a more crisis-ready organization, able to respond to attacks.”