Worried about being hacked? You need to improve the cybersecurity on your windfarm

Cybersecurity in the energy industry is a relatively quiet topic that has received some exposure recently due to high profile hacks.

Often, the companies owning and running windfarms have assumed that protecting their assets in the same way as IT infrastructure was robust enough.

Wind turbines and their monitoring and control systems can be hacked in much the same way as a computer can, resulting in loss of reputation and potentially huge costs and disruption. So it is essential to assess and mitigate against cybersecurity threats to wind projects adequately.

Individual turbines use a SCADA system (Supervisory Control and Data Acquisition) to communicate with the wind farm control systems. Commonly, these are commercial, ‘off-the-shelf’ systems to minimise costs and increase compatibility with other systems.

Using standardised software makes it easier for hackers to access a wind farm’s control system. Once a vulnerability has become known, or worse still, used in one attack, it is only a matter of time before it is exploited again. Hackers are a significant risk on energy sites, and they can demand substantial amounts of money to release their control over an operation once they have it.

With the drive towards renewable energy increasing the size and number of new wind generation projects, there is a genuine requirement to improve the cybersecurity of the windfarm to cope with modern threats.

Is this a real threat? Why isn’t there more attention paid to it?

It is not common to read about cyber-attacks on windfarms. Operators don’t want to draw attention to their security issues as negative press about their project or technology can draw regulators and shareholders’ attention.

Also, it’s quite possible for hackers to simply be hacking for the fun of it. Having accessed a system and seeing what they can do with it may simply disconnect from it, leaving the operator unaware that an intrusion caused an issue. Any issues that the intrusion caused could easily be attributed to a bug in the software or a configuration error fixed by a simple reconfiguration or reset.

Building a new windfarm is a large, expensive project. Building a business case, gaining the relevant permissions and finally building the plant take huge amounts of time and resource. The SCADA system can be viewed as a standard component only required when the plant is ready to enter an operational state, so it is easy to imagine that there is not too much attention given to it, especially if the plant operator has used the same software previously on other sites.

Even if the control systems were secure at the time of installation, the long lifecycle for windfarm projects makes it essential that continual development of the security systems surrounding it are implemented to reduce the risk as new exploits are discovered.

As a result of the increasing risk posed by hackers to essential services such as electricity generation companies, the UK energy regulator (OFGEM) introduced new cybersecurity regulations in 2018. These have been made into UK law as The Network and Information Systems Regulations 2018 (‘NIS Regulations’). It applies to the water, health, transportation, digital and energy sectors. It imposes new responsibilities on the owners of windfarms to follow security best practices and requires disclosure of security incidents to relevant authorities.

Securing windfarms with a secure overlay network

Netlinkz Virtual Secure Network (VSN) technology provides physical and virtual secure ‘network as a service’ capabilities suitable for windfarms of any size. Deploying the VSN delivers a massive leap forward in security, speed, simplicity and cost-effective connectivity over fixed-line, wireless and mobile-based (2G, 3G, 4G, 5G) networks.

The VSN protects windfarm operations and their communications by using the VSN to secure connections between facilities, such as local management systems and operation control centres so that traffic cannot be intercepted. VSN overlays across any existing network and does not require any hardware. The overlay provides encrypted peer-to-peer and mesh connections, reducing bandwidth consumption and allowing individuals to securely control how they share or block data within the organisation, increasing the reliability and speed of data transfer.