Ireland’s state-owned power provider, EirGrid, suffered a security breach in April this year at the hands of state-sponsored hackers.
The breach, which was first reported by the Irish Independent, saw hackers carry out a man-in-the-middle attack to compromise routers used by EirGrid. Using IP addresses from Ghana and Bulgaria, the hackers gained access to the routers by compromising Vodafone’s network, which is used by EirGrid in the UK.
The breach was discovered last month by Vodafone and the UK’s National Cyber Security Centre (NCSC), which informed EirGrid. Vodafone and the NCSC regard this as a sophisticated and devious state-sponsored attack.
No personal data was believed to have been accessed, as household customer information was not stored on EirGrid computers. However, commercial customer information was transferred over the compromised network and may have been monitored and interrogated.
EirGrid is still unsure whether malicious software was installed on its systems during the attack, but if it was then it could result in power outages across Ireland.
With attacks on national and international infrastructure increasing and cyber terrorism playing a more prominent role in today’s society, the European Parliament has adopted a new directive known as the NIS (Network and Information Security) Directive. The NIS Directive entered into force in August 2016 and sets out security requirements and incident notification rules for organisations such as EirGrid which are vital for the economy. EU member states have until May 2018 to translate this directive into national law.
With state-sponsored attacks increasing and malware the weapon of choice for hackers, are your systems safe?
ISO 27001 certification can help you mitigate cyber risks while winning new business and delivering information assurance. Learn more about our courses >>