In our race towards a more sustainable energy future, the cyber resilience of energy infrastructure, including wind power, has become imperative. Some 71% of power and renewables professionals globally expected their organisations to increase investment in cybersecurity throughout 2023, according to DNV’s Energy Cyber Priority research.By Shaun Reardon, Principal Cybersecurity Consultant, DNV, Norway
Advances in digital and connected technologies have revolutionised how we harness wind energy, making operations safer and more efficient. Simultaneously, the energy industry is developing smart grids capable of accommodating variable energy sources. However, with these opportunities come new risks, as greater interconnectivity creates vulnerabilities that can be exploited by malicious actors, resulting in wider potential impacts.
One of the most alarming discoveries is how easily wind farms can be hacked. In a revealing experiment conducted by researchers at the University of Tulsa in 2017, it took mere minutes to infiltrate wind farms across the USA. Such breaches underscore the urgent need to secure operational technology, particularly the control systems responsible for managing, monitoring, automating and controlling wind operations. The consequences of a successful cyberattack extend beyond mere data theft; they could disrupt entire wind farms or compromise sections of the grid.
Across the wider energy industry, 64% of professionals worry that their organisations are more vulnerable to cyberattacks on their operational technology networks than ever before. Recent cybersecurity incidents in the energy industry serve as stark reminders of these vulnerabilities. For example, the repercussions of losing remote connections to thousands of turbines can be profound and far-reaching. The wind industry must prioritise building cyber resilience to mitigate these risks effectively.
The strategic importance of cybersecurity continues to grow in the energy sector. Indeed, 89% of energy professionals believe cybersecurity to be a prerequisite for the digital transformation initiatives enabling the industry’s future.
One crucial aspect of enhancing cyber resilience is addressing vulnerabilities within the supply chain. Incorporating cybersecurity considerations into the procurement and development processes of new technologies is critical when defending against potential threats. Around half (57%) of energy professionals are confident their company has good oversight of supply chain vulnerabilities, but this leaves a good proportion of the sector in doubt that they are sufficiently managing third-party cyber risk.
Additionally, adopting a ‘security by design’ approach, whereby protections are integrated into assets and networks from the beginning, is essential in the wind energy sector, where rapid development is the norm. For example, we expect global wind capacity to double to around 2,000GW by 2030 and to subsequently reach 6,400GW by mid-century, as forecast in DNV’s Energy Transition Outlook 2023.
Furthermore, compliance with stringent cybersecurity regulations is non-negotiable. The wind sector must brace itself for a wave of new requirements, and this requires a proactive mindset, a supportive company culture, and access to specialised skills. As the energy industry digitalises and connects its assets at pace, it must ensure that greater awareness of cyber risks translates into action to build cyber resilience.
