A new Idaho National Laboratory (INL) report, titled "Attack Surface of Wind Energy Technologies in the United States", provides a comprehensive look at the cyberattack risks that could jeopardise US wind energy systems, and examines real-world events that have affected wind energy systems globally. The report offers guidance for operations and cybersecurity professionals to safeguard wind energy infrastructure.With the growth of wind power generation and remote tracking systems, the risk of cyberattacks targeting the wind energy sector is increasing. The US Department of Energy’s Wind Energy Technologies Office supported INL researchers in evaluating wind power plants to understand potential threats and identify preventive measures.
The report recommends prioritised approaches to cyberattack prevention and mitigation based on evaluations of risk profiles. It highlights impactful solutions for physical, remote, and hybrid cyberattacks. Case studies illustrate weaknesses in wind energy system security and the aftermath of malicious actions, providing insights into how threat actors operate and ways to minimise cyber risks.
The report details cyberattacks that have disrupted global wind energy operations, describing how vulnerabilities were exploited in facilities in the United States, Germany, Denmark, Ukraine, and Azerbaijan. Tactics used by attackers include malicious phishing emails, programs that steal credentials, and malware through third-party services.
Wind energy generates 10.3% of U.S. electricity, making wind farms attractive targets for cyberattacks. The geographic distribution of wind turbines and their connection to centralised control centres heightens exposure to security breaches. Cyberattacks can render wind energy systems unusable, prevent operators from monitoring and controlling operations, and cause hardware damage, leading to unexpected maintenance needs and delays.
The INL team outlined practical and affordable steps for protecting wind systems, including developing incident response procedures and ensuring service providers follow best practices. The team is also coordinating forums for industry members to exchange information on threat activity, best practices, and defensive strategies.
The report emphasises the importance of quality operational practices in responding to cyberattacks and recommends that government and private entities coordinate to safeguard systems. Future threats could come from global adversaries, U.S. hackers, criminal organisations, or disgruntled employees, highlighting the need for ongoing research and updates to best practices based on emerging trends and impacts.
