Securing the Renewable Energy Grid Against Cyberattacks

According to a report by the International Energy Agency (IEA), the current global energy crisis has sparked an unprecedented surge in renewable energy adoption. 

 

A surge in renewable energy (solar panels) to address the global energy crisis. Image used courtesy of Pexels

 

In fact, the world is projected to add as much renewable power in the next five years as it has in the previous two decades. This rapid acceleration in renewable installations is expected to nearly double the total capacity growth worldwide, passing coal as the primary source of electricity generation.

Energy security concerns prompted by the war in Ukraine have forced countries to seek alternatives to imported fossil fuels. However, as the renewable energy industry grows, so does the threat and frequency of cyberattacks targeting it.  

This concern is particularly significant in the European Union with the proximity of the conflict and the involvement of Russia, a country known for its expertise in cyber warfare.

 

Cyberattacks on Renewables

The European Union is actively and significantly increasing its wind and solar power generation capacity to achieve its decarbonization targets. Reaching this capacity has a heavy dependence on software. Unfortunately, the presence of software brings with it the inherent vulnerability to cyber threats.

The cyber risks associated with renewable energy assets are particularly severe. 

Many power generation facilities are directly connected to regional or national grids, and a majority rely on smart systems for digital management. Unfortunately, these connections create potential points of cyber risk, which must be carefully addressed and managed.

In 2022, three European wind energy companies experienced a significant attack that temporarily disabled the remote-control systems of approximately 7,800 wind turbines for about a day.

Experts anticipate a rise in such attacks throughout 2023. These attacks can originate from various sources, including ransomware groups seeking financial gains, cybercriminals with nation-state affiliations aiming to disrupt critical infrastructure and society, or individual hackers with malicious intent.

 

Significant cyber incidents worldwide, 2006-2019. Light blue shows electricity-related incidents, and dark blue shows other significant incidents. Image used courtesy of IEA

 

In 2017, there were cyber intrusions at multiple U.S. nuclear power generation sites. Fortunately, these intrusions were limited to the business systems and did not impact power delivery or pose safety risks. However, the fact that U.S. nuclear power plants were targeted raises concerns. In March 2019, a cyberattack in the Western Interconnection caused a temporary loss of visibility into supervisory control and data acquisition systems (SCADA). 

While the affected utilities were able to ensure a sufficient electricity supply, the attack did disrupt internal operations. This incident marked the first successful attack on grid operations in the United States.

The United States Department of Energy recently conducted a study to evaluate the risks posed to the electric grid due to the growth of distributed energy resources (DERs). 

These DERs often need an internet connection to work and have few regulations about keeping them safe from cyberattacks. Companies that control lots of DER devices have power over each one, and they don't have to follow the same cybersecurity regulations as other electricity sources connected to the main power system.

If a cyberattack is successful, it can lead to losing control over devices and processes, resulting in physical damage and widespread disruptions in services. Apart from affecting critical services and electricity-dependent households and businesses, these attacks can result in substantial financial losses for electric utilities. 

These losses encompass the expenses incurred in responding to the cyberattack (such as detection, investigation, containment, and recovery) and the consequences that follow (business disruptions, information loss, revenue decline, and equipment damage). The overall damages could amount to millions or even billions of dollars.

 

Investing in Cyberdefense

Companies like Norwegian Hydro have started employing “ethical hackers” to build up their cyber defenses and find holes in their systems from the inside, hoping to protect against outside threats. 

Similar actions have been taken at the German power utility EnBW, which has taken measures to enhance its cybersecurity capabilities in response to the growing cyber threat landscape.

The company has bolstered its cybersecurity team of 200 staff and has been closely monitoring the cyberattacks conducted by Russia on Ukrainian infrastructure. EnBW officials have expressed concern about the sophistication of these attacks, particularly in the context of highly digitalized grids.

The core principles of cyber resilience, fostering a culture of cyber resilience within an organization, and implementing effective risk management strategies are relevant to many sectors and industries. In the electricity sector, considerations for these strategies include real-time requirements and high availability expectations, interdependencies and cascading effects, and a mix of new technologies and legacy assets.

According to the IEA, fully enhancing the cyber defense systems of the electricity sector will be a continuous process because cyber threats are continually evolving. However, if the organizations in charge of rolling out renewable energy can establish risk identification and management strategies, robust response and recovery procedures, and be transparent regarding cyber threats, the electricity sector will be more resilient against attacks.