Protecting Wind Energy Systems From Cyberattacks
A new report from the Idaho National Laboratory (INL), titled Attack Surface of Wind Energy Technologies in the United States, offers the first comprehensive examination of cyberattack risks that could threaten U.S. wind energy systems, along with real-world incidents affecting wind energy systems and organizations globally. The report provides operations and cybersecurity professionals with guidance on protecting wind energy infrastructure.
According to the Department of Energy, in a complementary study, INL and Sandia National Laboratories generalized the design of a wind power plant based on past assessments and research to simulate attack scenarios and counterstrategies.
In Attack Surface of Wind Energy Technologies in the United States, the authors recommend prioritized approaches to cyberattack prevention and mitigation for wind energy based on evaluations of risk profiles. Cybersecurity analysts highlighted the most impactful solutions for physical, remote, and hybrid cyberattacks. Through a series of case studies, the team illustrated weaknesses in wind energy system security and the aftermath of malicious actions, providing greater insight about how threat actors operate and ways to minimize cyber risks and their aftereffects.
Learning From Example
The INL study describes cyberattacks that have attempted to disrupt global wind energy operations in recent years. The study includes detailed information on how external actors exploited vulnerabilities and created disruption at facilities based in the United States, Germany, Denmark, Ukraine, and Azerbaijan.
These examples give readers a window into cyberattack tactics bad faith actors use, such as:
- Malicious phishing email attachments and links.
- Programs that record keystrokes on a computer, take screen captures, or steal credentials through remote access.
- Malware through third-party services.