Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity NewsInfrastructure:Electric,Gas & Water

European Electricity Association Confirms Hackers Breached its Office Network

electric-enews
March 13, 2020

ENTSO-E, the European Network of Transmission System Operators, has announced that it found evidence of a successful cyber intrusion in its office network. 

ENTSO-E represents 43 electricity transmission system operators from 36 countries across Europe, thus extending beyond EU borders. According to the organization, a risk assessment has been performed and contingency plans are now in place to reduce the risk and impact of any further attacks. "It is important to note that the ENTSO-E office network is not connected to any operational TSO system. Our TSO members have been informed and we continue to monitor and assess the situation," says a press release. 

According to security firm Dragos, electric energy-associated organizations are at great risk of cyber intrusions and recently, these organizations have been experiencing more attacks. For example, in January 2020, the New Mexico Public Regulation Commission (NMPRC) experienced an alleged cyberattack, publicly reported to be ransomware, that compromised its web servers. Limited information exists at this time regarding the strain of ransomware or the full scope of the attack.

The commission, says Dragos, notes that the malware attack caused the website and electronic filing system to go offline, but no sensitive or confidential data was compromised. However, it's important to note that the commission keeps records of technical information on power plants and operations networks of the utilities and other entities it regulates - and if attackers were able to obtain such information, it could be used to facilitate operations against the utilities directly, claims Dragos. 

Security Magazine spoke to Steve Durbin, managing director of the Information Security Forum, about the implications of this breach. Durbin notes that, "As our dependence on technology and our use of technology increases, so too does the need for sound risk management, assessment and mitigation increase in line with complexity. The dangers to an organization from cyber threats have increased in frequency and severity; more organizations are understanding that cyber is entirely embedded across the business and so a cyber threat is actually a threat to business as opposed to something that can be managed from an IT department. 

This, Durbin notes, is particularly the case with critical infrastructure. "And cybercriminals know this. In the future, organizations of all sizes will need to make sure they are fully prepared to deal with attacks on their valuable data and reputations. The faster you can respond to these problems, the better your outcomes will be.

"Some key questions to ask are:

  • Can your core business survive a prolonged degradation or total loss of service?  Have you identified single points of failure, decoupled core functions, rehearsed the doomsday scenario?
  • How would you restart your business?  Have you created a reboot plan, rediscovered manual operations, documented your business processes and backed up your critical data?
  • How is your backup and recovery plan? Have you recently tested your plans, do they reflect the actual environment you are operating today?
  • How well designed are your systems for resilience (as opposed to security)? What are your black swans? What are your supply chain dependencies and do you have workarounds?
  • Finally, people.  Your people will be key to the survival and recovery of your systems and business – how resilient are they?  Have you tested their response under pressure?

"The time for running cyber incident response exercises based on breach and ransomware scenarios has never been more important," Durbin adds. "Coupling these with business continuity planning and rehearsal for the current Covid-19 outbreak will only result in a more crisis-ready organization, able to respond to attacks."

Joseph Carson, chief security scientist and Advisory CISO at Thycotic, also told Security Magazine that, "It appears to have been fortunate that the attackers were detected early within the office network and it is very likely that this was at an early stage of the security incident typically part of the reconnaissance.  The attackers were most likely probing for ways to hack and laterally move into the operational network. That could have a serious impact to critical infrastructure such as ransomware attacks or turn off the power to several countries as once.   

"The risks from attackers gaining access to critical infrastructure can have devastating effects," Carson warns. He says that if successful, this could result in the power outages. "In this particular situation," Carson says, "it could have the potential of turning off the power to a number of European countries.  Power is crucial. If disrupted, it can result in life threatening situations resulting from cyberattacks."   

Carson adds that it is critical that "a risk assessment is performed to determine any further risks from attackers gaining access. Also, organizations must put best practices in place. This includes strong privileged access security, multi-factor authentication (MFA) and network segmentation to ensure attackers are unable to gain access to critical systems." 

KEYWORDS: cyber security cybersecurity electric grid security risk analysis

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • New Newswire Feature Image 3/8/2012

    Hackers Breached Security Firm Bit9, then Attacked its Customers

    See More
  • It's Time to Change Your Perception of the Cybersecurity Professional

    Cybersecurity Company Avast Breached by Hackers

    See More
  • attack-cyberenews

    FireEye breached by nation-state hackers

    See More

Related Products

See More Products
  • Career Network (60 days)

  • Career Network (30 days)

  • intelligent.jpg

    Intelligent Network Video: Understanding Modern Video Surveillance Systems, Second Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing