A new Idaho National Laboratory (INL) report, titled Attack Surface of Wind Energy Technologies in the United States, takes the first comprehensive look at both cyberattack risks that could jeopardize U.S. wind energy systems and real-world events that have affected wind energy systems and organizations around the world. In the report, the authors provide operations and cybersecurity professionals with guidance for safeguarding wind energy infrastructure.
With the growth of wind power generation and associated control and monitoring systems tracking wind energy generation remotely, the risk of cyberattacks that target the wind energy sector is rising.
Recognizing this concern, the U.S. Department of Energy’s (DOE) Wind Energy Technologies Office (WETO) offered support to help INL researchers evaluate wind power plants to better understand potential threats and identify preventive measures.
Finding Weaknesses to Strengthen Protection Against Cyberattacks
“Even though disruption of wind energy hasn’t been a direct target of cyberattacks, the ripple effects of other attacks and vulnerabilities can still prove debilitating,” said Megan Culler, an INL power engineer, researcher, and project lead. “Our goal is to maximize awareness and safeguards, ultimately minimizing exposure to any future attacks.”
In a complementary study, INL and Sandia National Laboratories generalized the design of a wind power plant based on past assessments and research to simulate attack scenarios and counterstrategies.
In Attack Surface of Wind Energy Technologies in the United States, the authors recommend prioritized approaches to cyberattack prevention and mitigation for wind energy based on evaluations of risk profiles. Cybersecurity analysts highlighted the most impactful solutions for physical, remote, and hybrid cyberattacks. Through a series of case studies, the team illustrated weaknesses in wind energy system security and the aftermath of malicious actions, providing greater insight about how threat actors operate and ways to minimize cyber risks and their aftereffects.
Learning From Example
The INL study describes cyberattacks that have attempted to disrupt global wind energy operations in recent years. The study includes detailed information on how external actors exploited vulnerabilities and created disruption at facilities based in the United States, Germany, Denmark, Ukraine, and Azerbaijan.
These examples give readers a window into cyberattack tactics bad faith actors use, such as:
- Malicious phishing email attachments and links.
- Programs that record keystrokes on a computer, take screen captures, or steal credentials through remote access.
- Malware through third-party services.
Learning from examples of system weaknesses, wind power plant operators arm their teams with information vital to shoring up their defenses against cyberattacks.
The Growing Clean Energy Market ―and Cybersecurity Risks
Wind energy generates 10.3% of U.S. electricity. If wind power plants are manipulated, the U.S. power grid could be significantly compromised, impacting millions of Americans. This makes wind farms attractive targets for cyberattacks.
The geographic distribution of wind turbines, often sited across miles of remote countryside or offshore waters and connected to centralized control centers, heightens these systems’ exposure to security breaches.
“The centralized control but distributed operation of wind energy, as well as the concentration of significant power generation, results in challenges for securing wind energy systems. This heightens the requirements for secure network and plant architectures from the outset of both design and operation,” said Megan Egan, another member of the project who works at INL as a cybersecurity analyst. “Additionally, each facility may have hundreds of on-site and off-site touchpoints that require security measures.”
Cyberattacks can render wind energy systems unusable. Potential effects range from operators being unable to monitor and control wind power plant operations, to the system shutting down completely, which would cut off that energy supply to the electricity grid. Sudden changes to the wind turbines’ operation can also damage hardware, adding to unexpected maintenance needs and delaying how quickly they can get back online.
Responses Can Save Time, Money, and Energy
With so many possible points of entry, how can the wind energy industry most effectively protect its systems without burdensome costs or routines?
The INL team mapped out practical and affordable steps that can be taken by owner operators, utilities, equipment manufacturers, maintenance technicians, installers, and third-party service providers to safeguard wind systems.
“The very connectivity that makes wind systems work effectively also creates a larger attack surface for remote and synchronized attacks on multiple assets,” says Jake Gentle, manager of INL’s secure renewables and grid integration portfolio.
Developing incident response procedures can save time, money, and energy when responding to a cyberattack. That can mean lives saved when it comes to customers, like hospitals, that depend on reliable and resilient power.
In addition to examining and strengthening on-site practices and systems, wind system operators are encouraged to ensure service providers with access to sensitive data or critical systems follow similar best practices.
The INL team, in partnership with other DOE national labs, is further leveraging this intelligence by coordinating forums for wind energy industry members to exchange information on observed threat activity, best practices, defensive strategies, and other ideas to beef up cybersecurity and system resilience.
Building the Next Line of Defense
So, what are researchers’ top recommendations for wind operators to prevent cyberattacks and minimize their effects?
“The real key is the quality of operational practices that respond to cyberattacks,” says Culler. “Government and private entities must coordinate and follow through on best practices to safeguard systems and ensure network resilience. In addition, risk aversion measures need to be feasible in terms of price and staffing, allowing organizations of different sizes to adopt robust and repeatable practices.”
“Future threats could come from global adversaries, mischievous U.S. hackers, criminal organizations, or even a disgruntled former employee. More research is necessary to categorize the best methods to monitor a wind plant for all possible malicious activity,” says Gentle. “We’re constantly updating case studies, information on risks, and best practice recommendations based on trends and impacts―trying to anticipate where the next strike might occur.”
INL and partners at multiple national laboratories continue to work with the DOE Roadmap for Wind Cybersecurity to develop cutting-edge resources for network monitoring and defense. These include:
Learn more about the Wind Energy Technologies Office’s efforts in cybersecurity and subscribe to the Catch the Wind newsletter.