By Staff Writer.
A fast response thwarted a ransomware attack on a major Queensland energy company last weekend. Hackers targeted the corporate network of Brisbane-based CS Energy on Saturday, November 27. The attack had the potential to disrupt the power supply to millions of homes and businesses.
CS Energy IT employees moved quickly to segregate the corporate network from other internal networks, thereby limiting the damage to some disrupted email systems. Media reports suggest the hackers were less than 60 minutes away from accessing critical networks.
At risk were 3500 megawatts of power – enough power for up to three million homes.
“Unfortunately, cyber events are a growing trend in Australia and overseas,” said CS Energy CEO Andrew Bills. “This incident may have affected our corporate network, but we are fortunate to have a resilient and highly skilled workforce who remain focused on ensuring CS Energy continues to deliver electricity to Queenslanders.”
Mr Bills said the cyberattack did not impact electricity generation at its Callide and Kogan Creek power stations. The electricity provider also explicitly called the attack a ransomware attack.
“We take this issue very seriously,” added Mr Bills. “Upon becoming aware of the incident, we took immediate preventative action to contain the corporate network and maintain security to our other networks.”
Mr Bills notes that even if there are unexpected outages of transmission lines and generators, Australia’s National Electricity Market is designed to ensure enough power generation and network capacity to meet customer demand.
Located close to Chinchilla in Southwest Queensland, CS Energy’s coal fired Kogan Creek Power Station can generate up to 750 megawatts of baseload electricity. Further north, the Callide Power Stations near Biloela, Central Queensland, pumps even more electricity into the national grid.
On Thursday, the CS Energy CEO said there was no indication state-based actors were behind the attack. However, The Daily Telegraph is reporting Chinese hackers were behind the incident.
State-based cyberattacks on civilian infrastructure are becoming increasingly common. The Office of the Director of National Intelligence (DNI) in Washington DC says China presents a prolific and effective cyber-espionage threat and has substantial cyber-attack capabilities.
“China’s cyber-espionage operations have included compromising telecommunications firms, providers of managed services and broadly used software, and other targets potentially rich in follow-on opportunities for intelligence collection, attack, or influence operations,” a recent DNI report says.
According to Thursday’s The Daily Telegraph report, the “sustained” cyberattack at CS Energy came close to shutting down Kogan Creek and Callide Power Stations. That was prevented only after the corporate network was disconnected from the operational network.
It is increasingly common for China to outsource cyberattack activities to private contractors based within China. The practise has been condemned by governments worldwide but allows China to deny an attack originated from a state-owned entity or security agency.
CS Energy says they are progressively restoring the impacted systems working closely with cyber security experts and relevant state and federal agencies.