Cyberattacks on Offshore Wind Farms Pose Major Risks

Against the background of climate change, there's a push to make offshore wind a much bigger part of the UK's energy supply in coming years.

Author

  • Kimberly Tam

    Associate Professor in Cyber Security, University of Plymouth

But offshore wind farms are already being affected by cyberattacks, according to a recent report. And unless the vulnerabilities are addressed, cyberattacks could cause power outages, leading to critical services such as hospitals being unable to function.

Successful cyberattacks could lower public trust in wind energy and other renewables, the report from the Alan Turing Institute says. The authors add that artificial intelligence (AI) could help boost the resilience of offshore wind farms to cyber threats. However, government and industry need to act fast.

The fact that offshore wind installations are relatively remote makes them particularly vulnerable to disruption. Land turbines can have nearby offices, so getting someone to visit the site is much easier than at sea. Offshore turbines tend to require remote monitoring and special technology for long distance communication. These more complicated solutions mean that things can go wrong more easily.

One of the technologies that could reduce the vulnerability of wind farms to cyberattacks is called anomaly-based intrusion detection. This uses machine learning, a subset of AI, to build up a picture of normal activity on a computer network and then identify patterns of unusual activity that could signal a cyberattack.

Another is predictive maintenance, which relies on AI to detect and flag small vulnerabilities in IT systems and operational technology - the hardware and software that monitors and controls infrastructure - so that they can be fixed before they become bigger problems.

In general, this enhanced security and resilience could be supported by an approach called intelligent automation, where AI and other technologies are combined to streamline the operation of offshore wind installations.

Why hackers target wind farms

Most cyberattacks are financially motivated, such as the ransomware attacks that have targeted the NHS in recent years. These typically block the users' access to their computer data until a payment is made to the hackers.

But critical infrastructure such as energy installations are also exposed. There may be various motivations for launching cyberattacks against them. One important possibility is that of a hostile state that wants to disrupt the UK's energy supply - and perhaps also undermine public confidence in it.

There have already been attacks on offshore wind farms outside the UK. The Danish wind power company Vestas was hit by a ransomware attack in 2021. Reports suggest Vestas had to shut down IT systems across multiple locations to contain the issue.

German wind power company Deutsche Windtechnik faced a ransomware attack the following year. The attack forced the company to disable around 2,000 of its 7,500 wind turbines across Germany to prevent them from being damaged. Normally, turbines adjust their movement to the speed and direction of the wind. If a turbine's ability to do this is disrupted, for example, by a cyberattack that affects control systems, it could cause stress and structural damage to the blades.

In a worst-case scenario, cyberattacks could lead to the functioning of critical systems at wind farms being lost. Power outages could result if cyberattacks on offshore wind farms are combined with attacks on other energy sources.

It could even lead to loss of life if, for example, hospitals were to lose their power supplies. If control systems at offshore wind farms are lost, and turbine blades move too fast in the wind, the stress on the motor can also cause a fire, and put first responders at risk.

The potential negative effects of such attacks on public trust in renewables are significant. During the 2021 "big freeze" in Texas, when the winter cold led to power outages and other disruption, some critics blamed frozen wind turbines.

At the time, Texas agriculture commissioner Sid Miller commented: "We should never build another wind turbine in Texas. The experiment failed big time."

However, Miller's claims were contradicted by the Electric Reliability Council of Texas, which operates the state's power grid. It said that failures in natural gas, coal and nuclear energy systems were responsible for nearly twice as many outages as frozen wind turbines and solar panels.

Climate challenge

A loss of confidence in renewable sources such as offshore wind among the public and policymakers could seriously undermine the UK's climate change efforts.

The UK has committed itself to reaching the target of net zero by 2050, which means that the total greenhouse gases emitted equal the emissions removed from the atmosphere.

In order to achieve this, it's necessary to wean the country off fossil fuels, by switching to electric vehicles, for example, and ensuring homes are more energy efficient. But a major step is decarbonising Britain's energy supply.

Here at the University of Plymouth, we have started a project called Crown, which stands for cyber-resilience of offshore wind networks.

This will support the study of offshore wind technology and its control networks. Researchers will focus on understanding the vulnerability of these wind farms to cyberattacks, and on enhancing security and resilience to attacks.

This is probably one of the best times to analyse and discuss how to mitigate the threats posed by cyberattacks on offshore wind. Any earlier, and the engineering and operations aspects would not be advanced enough to explore the risks. Any later, and the installation of infrastructure on multiple planned projects might proceed apace with vulnerabilities that are difficult to fix retrospectively.

The Conversation

Kimberly Tam receives funding from The Alan Turing Institute.

/Courtesy of The Conversation. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).