Replication of cyberattacks on energy sector a threat to renewables

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email
Researchers have managed to successfully hack five different US wind projects with 2,000 turbines in total, each with different OEMs. Credit: Scatec Solar

Despite no publicly declared major incidents of cyberattack in the renewable energy sector to date, successful attacks on the wider energy industry are expected to be replicated in the future, according to the chief of an insurer now offering cover for such threats to clean energy.

Fraser McLachlan, CEO, GCube Insurance, a major provider of insurance for renewable energy projects across the globe, told PV Tech: “There have been a number of recent attacks, but perhaps the most significant was the Triton attack a few months ago in which hackers infiltrated the safety systems used in energy plants thereby halting operations in at least one facility (rumoured to be in the Middle East). In this attack the safety systems were ‘fooled’ into thinking everything was functioning normally, while hackers were actually taking control covertly. Significantly, intelligence experts have predicted that this attack will likely be replicated.”

The worry is that such attacks could easily infiltrate the renewables sector as well.

Saudi Aramco had to conduct business via the use of typewriters and fax machines

As a result, GCUBE has launched a first-in-market insurance product, with wording created specifically for the protection of renewable energy projects – by including coverage for things like SCADA, and excluding things like client data breaches, added McLachlan. It’s the “natural next step” and the firm’s clientele has shown significant demand for such a product.

The Cyber Risk policy covers owners and operators in any circumstance where the ability to generate power – and the associated revenue – is impacted by a cyberattack on proprietary or third-party IT or OT (operational technology) systems. Cover can also be extended to include a cyberattack on assets not actually owned by the insured, such as damage to a third-party substation or transmission infrastructure that prevents the export of power.

In terms of best practice in avoiding cyber attacks, McLachlan broadly listed some of the most pertinent actions that plant operators and owners can take:

  • Requiring authentication and role based access control;
  • Using firewall rulesets;
  • Maintaining air gaps between assets (i.e. restricting internal access to other assets in case one asset is successfully hacked);
  • And of course straightforward measures like keeping IT systems and antiviruses up to date.

The GCube CEO also detailed some spine-chilling results of tests on renewable energy project vulnerability:

“Researchers from the University of Tulsa proved last year the ease with which they could hack and halt entire renewable energy projects (in this case wind farms)…. In fact over the last three years these researchers have managed to successfully hack five different US wind projects with 2,000 turbines in total, each with different OEMs. Given the rapid rise in cyber-attacks across the energy sector as a whole, and the vulnerability of renewable energy assets in particular, we expect it is only a matter of time before RE projects come to see non-damage cyber cover as an essential part of their insurance package.”

McLachlan also recounted an older but highly destructive example of a cyber attack on the power industry: 

“While not one of the recent spate of attacks, it’s also worth mentioning a case in the same region a number of years earlier in which Saudi Aramco were attacked. This case was noteworthy because the devastation to the companies’ computers was such that Aramco was forced, over the five following months, to disconnect all their devices from the internet and conduct business via the use of typewriters and fax machines. Just goes to show how debilitating such attacks can be…”

Read Next

July 20, 2021
The US solar industry could face significant losses this summer unless steps are taken to mitigate wildfire risk over the coming months, renewables underwriter GCube has warned.
June 9, 2021
In the face of rising materials costs and natural disasters impacting output, solar manufacturers should heighten their focus on insurance placement to protect against large losses, a Chinese insurance broker has told PV Tech.
June 8, 2021
Solar asset underperformance continues to worsen, with projects “chronically underperforming” P99 estimates and modules degrading faster than previously anticipated, risk management firm kWh Analytics has found.
June 23, 2020
A round-up of recent news from the US solar market, as US government bodies launch a new initiative to boost the cybersecurity of solar developments while an ex-First Solar president joins a California-based tracker company.
December 4, 2019
PV Evolution Labs (PVEL), Lloyd's of London syndicate Ariel Re (a member of Argo Group), and Beecher Carlson Insurance Services, LLC have launched PV PlantProtect. This is the first-of-its-kind risk mitigation and insurance program using technical due diligence best practices to improve solar project economics for developers.
April 26, 2019
Facility would offer insurance protection to small and mid-sized renewable energy projects in Madagascar's bid to double power by 2030 through clean energy.

Subscribe to Newsletter

Upcoming Events

Upcoming Webinars
August 19, 2021
At 9am (PT) | 6pm (CEST)
Solar Media Events
August 25, 2021
Solar Media Events
October 6, 2021
Solar Media Events
October 19, 2021