The development and use of renewable energies is on the rise across the globe and experts forecast this will bring with it more cyber security risks.
Ahead of CS Hub’s Government and Critical Infrastructure Digital Sumit, Anuj Sanghvi, Technical Lead at the National Renewable Energy Laboratory (NREL), spoke about why renewables are lucrative targets for cyber criminals and what can be done to overcome cyber challenges.
“Renewable energy penetration to the grid across the globe is on the rise, and with their critical role of supporting sustainability, energy independence as well as quicker demand response, they are being incorporated not only by utilities but also residentially,” Sanghvi says.
“This adoption makes them a lucrative target for cyber-attacks due to the interconnectedness with the power grid and their potential catastrophic consequences.”
Energy targets
In November 2021, Vestas, a Danish wind turbine manufacturer, was targeted by cyber criminals and saw its internal IT infrastructure and data compromised.
Meanwhile, according to data released by Check Point One, the utilities industry saw a 46 per cent year-on-year increase in cyber-attacks in 2021, with an average of 736 attacks per week.
In addition, nation states are more aware than ever that energy is a target since a 2016 incident which saw malware strike an electric transmission station in Ukraine, sending automated commands that blacked out a portion of Kiev.
With renewable energies continuing to increase in adoption and the number of cyber-attacks following suit there are many challenges for the industry to overcome.
One of which is the lack of manpower with the relevant cyber security skills combined with the knowledge of power system operations, according to Sanghvi.
“This can be improved by cross departmental trainings and cybersecurity awareness organization wide,” he says.
Supply chain issues
The supply chain is not exclusively centered on getting food to supermarkets or amazon parcels to customers’ doors. It also involves the supply and distribution of energy.
With the many moving parts in logistics networks, supply chain silos can make cyber threats hard to identify and monitor.
“I think there is lack of visibility at different segments of the supply chain. From hardware equipment to software libraries, renewable energy and OT systems depend on these assets and systems which are manufactured, programmed, procured, and fit-in to the power generation, distribution and transmission stations,” Sanghvi says.
“A centralized approach to ensure all the ancillary characteristics are identified, monitored, and updated might be one mitigation strategy,” Sanghvi offers.
The US National Renewable Energy Laboratory
During his presentation at the Government and Critical Infrastructure Digital Sumit Sanghvi will discuss some of the solutions and practices the NREL has put in place in order to protect against cyber-attacks.
“NREL’s energy security and resilience center has been looking at these challenges and have been working on an emulation platform which is known as the cyber range,” he says.
The laboratory’s cyber range provides system-level security evaluation for bulk power renewables and distributed energy systems. Powered by Cyber-Energy Emulation Platform (CEEP), the cyber range simulates complex energy systems for the evaluation of emerging threats, natural hazards, and impacts of energy disruption.
The cyber range supports proactive defense and automated response, improved situational awareness, and telecommunications innovation.
To find out more register here for the Government and Critical Infrastructure Digital Sumit.