Ireland's state-owned electricity provider EirGrid hit by 'state-sponsored' hackers

EirGrid, an electricity provider that manages power across Ireland and Northern Ireland, was allegedly compromised by 'state-sponsored' hackers in April 2017.

The culprits hacked the state-owned operator after infiltrating a Vodafone network used by the company. They installed malicious software to intercept all unencrypted communications flowing through its web routers in Wales and Northern Ireland, Independent.ie reported.

Last month, Vodafone uncovered the breach with the help of the National Cyber Security Centre (NCSC), an arm of British intelligence, before telling the electricity provider. The security services have reportedly claimed the incident was a 'state-sponsored' attack.

No public evidence has been released to back up the assertion, however known hacking groups have been known to target national infrastructure including electric grids. The most high-profile case occurred in Ukraine back in 2015, allegedly the work of Russia.

Independent.ie reported on Sunday (6 August) that "all communications", and files leaving an EirGrid interconnector site in Wales that relied on Vodafone's hacked Direct Internet Access (DIA) service were "monitored and maybe interrogated".

Sources told the Irish newspaper that it remains unclear if any malicious software had been installed on the grid's control systems, but they noted the consequences – if that turned out to be the case – could include a blackout scenario. The breach, the paper said, took place on 20 April.

Since 2006, EirGrid has operated the high voltage electricity grid across Ireland. According to its website, it operates the flow of power on the grid while a separate entity, called the Electricity Supply Board (ESB), is responsible for carrying out maintenance and repairs.

The EirGrid Group also owns the electricity System Operator for Northern Ireland (SONI), which supplies the distribution network operated by Northern Ireland Electricity (NIE). Both groups, its website states, are legally separate and independent from one another.

Independent.ie reported that the network of SONI – which is headquartered in Belfast – was also compromised by the hackers, but it remained unclear to what extent. The hackers' IP addresses were in Ghana and Bulgaria, however these were likely obfuscated by software.

David Martin, spokesperson for EirGrid Group, said: "At EirGrid Group, the security of our computer network and of the electricity control system is an utmost priority.

"It is EirGrid Group's policy not to comment publicly on specific operational matters related to cyber security, however, we are aware of the currently reported focus on energy companies and national infrastructure and wish to state that our computer systems have not been breached."

A Vodafone spokesman said: "Vodafone does not comment on specific security incidents."

On 17 July 2017, an official NCSC report obtained by technology website Motherboard revealed that GCHQ was warning its partners about energy sector hacking.

"The NCSC is aware of connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors," the leaked report stated, without naming individual targets.