I became aware yesterday that several sources are reporting Energy Services Group was “hacked” or “attacked.” There’s been a little saber rattling about hackers getting control of the US energy markets. Being that I’ve had some dealings with ESG over the years, I thought I might speak to this.
Here’s what we know at this point: ESG suffered a massive outage, but the cause is not known. ESG appears to have gotten some systems related to competitive energy providers back online, however that is all I know at this time.
What does ESG do? According to their website, the provide various services to the energy industry ranging from data management, retail billing, pipeline and storage management, and market management. My experience with them to date is as an EDI provider handling the competitive energy provider data communication with utility companies. They process the enrollments, billing, payment, and usage data sent by the utility to the CEP. CEP’s operate in a low profit margin market, making outsourcing the backend functions almost mandatory.
The services ESG provides do not equate to them having any direct control over the energy grid (gas or electric) - to my knowledge. ESG does have access to a treasure trove of PII such as names, addresses, metering and billing information, gas and electric wholesale orders and pricing information. I do not believe ESG has any direct influence over the ICS systems in use by their customers. At this time, I think we need to keep FUD to a minimum but ESG needs to inform their customers of the possible risks.
The electric utility companies who serve customers directly impacted by the ESG breach as also victims here - they will undoubtedly have to deal with an influx of customer and regulatory inquires over this matter. However, they have absolutely no control over who signs up for competitive supply, nor who the supplier uses for their backend systems. All of these expenses will be passed directly on to the rate payers in the end - both by ESG and the various regulated entities affected by this.
There are a couple scenarios here: Whatever happened caused ESG to be knocked totally offline - even requiring them to use a Gmail account for communication. My suspicion is this was a ransomware attack that got out of hand, as they appear to have been able to get back up and running in a relatively short time. But the company as yet has not released any public information.