Dependency on the critical national infrastructure supply chain means the attack on Elexon yesterday (14 May) could indirectly affect other companies, a security expert has warned.

The attack targeted the code administrator’s internal IT systems, although the balancing and settlement code’s (BSC) central systems and EMR were unaffected and working as normal.

Responding to the attack Ian Heritage, cloud security architect at cyber security firm Trend Micro, said: “Supply chain dependency means it is critical to protect both big and smaller players when delivering critical national infrastructure (CNI) – the supply chain is only as robust as its weakest link.

“The bad news is that many companies frequently are part of the supply chain that feeds resources to deliver CNI; thus, a cyberattack against one part of this chain can indirectly affect the supply of services.”

Elexon said shortly before 4pm on Thursday that it had identified the root cause of the attack and was taking steps to restore its systems.

Meanwhile National Grid ESO said it was aware of the attack and that it was investigating any potential impact on its own IT networks. The ESO added that electricity supply was not affected and that it was protected by “robust cyber security measures” across its own IT and operational infrastructure.