EDP data breach highlights need for cybersecurity
EDP, which had a revenue of almost €17.5bn in 2018, is being extorted by cybercriminals for 1,580 BTC (Bitcoin - a value of €9.9mn). Using ‘RagnarLocker’ ransomware, the attackers have encrypted the company’s systems and rendered them unusable.
The compromisation of EDP’s systems is of great significance for the global energy market - it is one of the largest electricity and gas providers in Europe, as well as the fourth-largest producer of wind energy in the world.
Defending against ransomware
With over 11mn customers in 19 countries on four continents, the scale of the attack is of truly international significance. So far, the perpetrators have threatened to leak 10 TB of sensitive information if their demands are not met.
Rob Fitzsimons, field applications engineer at Telesoft, a firm specialising in cybersecurity, said that EDP’s predicament underscores the necessity for robust digital defences, particularly as more and more people work remotely.
“EDP’s span is so vast that suffering a data breach would have huge ramifications for its reputation. That’s why it and other critical national infrastructure suppliers are prime targets.”
Whilst conceding that paying the ransom can be tempting, Fitzsimons strongly urges against taking this action, “Of course, there’s no guarantee that hackers will unencrypt data once ransoms have been paid – these aren’t typical business transactions governed by ethics.”
The sophistication of modern malware is such that it can easily pass unnoticed at the point of infection if due diligence is not being paid. Because of this, Fitzsimons states that employers and employees must coordinate a security strategy as the first line of defence.
“Defending against ransomware, particularly a highly targeted strain such as RagnarLocker which undertakes comprehensive reconnaissance of its targets before it’s actually deployed, necessitates complete visibility into network traffic.
“Any irregular activity, no matter how seemingly insignificant, could be malicious actors carrying out the groundwork for future attacks, so they must be investigated,” he said.
Making a cybersecurity plan
In a previous article, Energy Digital explored Siemens’ recommendations for enhancing cybersecurity for remote workers. As a dominant trend for contemporary workforces because of the COVID-19 pandemic, companies need to ensure that staff are adequately prepared:
Secure connections: Knowingly giving access to strictly confidential or important systems to workers who cannot guarantee security is unacceptable, therefore companies must carefully assess what plant operators require access to in order to mitigate the risk of infiltration.
Monitor anomalies: Because remote working is currently outside general ‘normal working conditions’, it may be difficult to differentiate between a cyberattack and legitimate operator usage. Careful monitoring of the system will help to establish a baseline to measure this.
Prepare an incident response plan: Workers may be off-site, ill or otherwise not able to respond in their normal capacity during a cyberattack event. Plants must factor in these changes and alter response plans accordingly.
“While the COVID-19 crisis makes these steps urgent, several long-term trends that pre-date the pandemic will drive similar changes,” Simonovich states.
These changes will include new operating models, automation and advanced training for remote workforces. Due to the unknown length of the current pandemic and its effect on global lifestyles, companies should prepare for these changes over the long-term.
For more information on energy digital topics - please take a look at the latest edition of Energy Digital Magazine.
Ofwat allows retailers to raise prices from April
Retailers can recover a portion of excess bad debt by temporarily increasing prices from April 2022, according to an Ofwat statement.
The regulator confirmed its view that levels of bad debt costs across the business retail market are exceeding 2% of non-household revenue, thereby allowing "a temporary increase" in the maximum prices. Adjustments to price caps will apply for a minimum of two years to reduce the step changes in price that customers might experience.
Measures introduced since March 2020 to contain the spread of Covid-19 could lead to retailers facing higher levels of customer bad debt. Retailers’ abilities to respond to this are expected to be constrained by Ofwat strengthening protections for non-household customers during Covid-19 and the presence of price caps.
In April last year, Ofwat committed to provide additional regulatory protection if bad debt costs across the market exceeded 2% of non-household revenue.
Georgina Mills, Business Retail Market Director at Ofwat said: “These decisions aim to protect the interests of non-household customers in the short and longer term, including from the risk of systemic Retailer failure as the business retail market continues to feel the impacts of COVID-19. By implementing market-wide adjustments to price caps, we aim to minimise any additional costs for customers in the shorter term by promoting efficiency and supporting competition.”
There are also three areas where Ofwat has not reached definitive conclusions and is seeking further evidence and views from stakeholders:
- Pooling excess bad debt costs – Ofwat proposes that the recovery of excess bad debt costs is pooled across all non-household customers, via a uniform uplift to price caps.
- Keeping open the option of not pursuing a true up – For example if outturn bad debt costs are not materially higher than the 2% threshold.
- Undertaking the true up – If a 'true up' is required, Ofwat has set out how it expects this to work in practice.
Further consultation on the proposed adjustments to REC price caps can be expected by December.
"While it’s great that regulators are helping the industry deal with bad debt in the wake of the pandemic, raising prices only treats the symptoms. Instead, water companies should head upstream, using customer data to identify and rectify the causes of bad debt, stop it at source and help prevent it from occurring in the first place," she said.
"While recouping costs is a must, water companies shouldn’t just rely on the regulator. Data can help companies segment customers, identify and assist customers that are struggling financially, avoiding penalising the entire customer in tackling the cause of the issue."
United Utilities picks up pipeline award
A race-against-time plumbing job to connect four huge water pipes into the large Haweswater Aqueduct in Cumbria saw United Utilities awarded Utility Project of the Year by Pipeline Industries Guild.
The Hallbank project, near Kendal, was completed within a tight eight-day deadline, in a storm and during the second COVID lockdown last November – and with three hours to spare. Principal construction manager John Dawson said the project helped boost the resilience of water supplies across the North West.
“I think what made us stand out was the scale, the use of future technology and the fact that we were really just one team, working collaboratively for a common goal," he said.
Camus Energy secures $16m funding
Camus Energy, which provides advanced grid management technology, has secured $16 million in a Series A round, led by Park West Asset Management and joined by Congruent Ventures, Wave Capital and other investors, including an investor-owned utility. Camus will leverage the operating capital to expand its grid management software platform to meet growing demand from utilities across North America.
As local utilities look to save money and increase their use of clean energy by tapping into low-cost and low-carbon local resources, Camus' grid management platform provides connectivity between the utility's operations team, its grid-connected equipment and customer devices.