Cybersecurity in renewable energy is a less explored topic, so we’re bringing together recent examples of cyber threats to wind and solar energy and offering recommendations from cybersecurity professionals as renewables shift from emerging technology to critical infrastructure.
Renewables arguably now critical infrastructure
The United States Cybersecurity & Infrastructure Security Agency (CISA) identifies 16 critical infrastructure sectors “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” Energy is one of those sectors. “The reliance of virtually all industries on electric power and fuels means that all sectors have some dependence on the Energy Sector.”
While energy such as oil and gas has long been an attractive target for cybercriminals and nation-states, attackers are increasingly setting their sights on and taking direct aim at renewables like wind and solar, which now generate over a tenth of the world’s electricity.
Outside of the U.S. it’s already happening. In April 2022, cyberattacks on three German wind-energy companies raised alarms that attackers sympathetic to Russia were trying to disrupt in a sector set to benefit from efforts to lessen reliance on Russian oil and gas. In reporting from The Wall Street Journal, one of the companies, Deutsche Windtechnik AG, which specializes in the maintenance of wind turbines, was hacked. Remote-control systems for about 2,000 wind turbines in Germany were down for about a day after the attack, the company said in the article.
Experts at security awareness training leader KnowBe4 have covered how renewable energy is not immune to the cybersecurity woes. Here are some of their most interesting blog posts, which also offer some best practices:
- European Wind-Energy Sector Is the Latest Target of Russian State-Sponsored Attacks
- Phishing targets industrial control systems
- Mobile Phishing Attacks Surge 161% in the Energy Industry
- So, How Did Russia Succeed In Hacking Our Energy Systems?
- U.S. warns about phishing attacks on nuclear, energy, aviation, water, and manufacturing industries
- Spear Phishing Campaign Targets Energy Companies
What needs to change?
Accenture, a global professional services company with leading security capabilities, has a solid, 18-page report on building greater cyber resilience for renewables. In brief, the report highlights that:
- Digital transformation in renewables brings new vulnerabilities and will require new architectures, models and thinking around cybersecurity.
- As renewables operators look to evaluate how they can boost cyber resilience, key paradigm shifts are needed.
- Improving cyber resilience requires a program with an evolving playbook of people, process and technology initiatives coupled with constant vigilance.
- Renewables operators should embed security in the renewables DNA to strengthen cyber resilience in their business, operations and infrastructure.
You can read the full report here (no registration required).
Cybersecurity preparedness and resilience requires insight, vigilance and expertise. With renewables increasingly becoming critical to the energy needs of the United States and other countries, attackers are taking notice. The renewable energy sector should work together to ensure safety and security of this emerging and valuable energy resource.
Amshore is a renewable energy developer focused on helping energy companies create projects that reduce climate change risk, increase energy independence, and provide cleaner air for future generations. Over the past 20 years, Amshore has originated and developed wind and solar energy facilities generating 2.9 gigawatts of power covering over a half a million acres.