Replication of cyberattacks on energy sector a threat to renewables


Researchers have managed to successfully hack five different US wind projects with 2,000 turbines in total, each with different OEMs. Credit: Scatec Solar

Despite no publicly declared major incidents of cyberattack in the renewable energy sector to date, successful attacks on the wider energy industry are expected to be replicated in the future, according to the chief of an insurer now offering cover for such threats to clean energy.

Fraser McLachlan, CEO, GCube Insurance, a major provider of insurance for renewable energy projects across the globe, told PV Tech: “There have been a number of recent attacks, but perhaps the most significant was the Triton attack a few months ago in which hackers infiltrated the safety systems used in energy plants thereby halting operations in at least one facility (rumoured to be in the Middle East). In this attack the safety systems were ‘fooled’ into thinking everything was functioning normally, while hackers were actually taking control covertly. Significantly, intelligence experts have predicted that this attack will likely be replicated.”

This article requires Premium SubscriptionBasic (FREE) Subscription

Unlock unlimited access for 12 whole months of distinctive global analysis

Photovoltaics International is now included.

  • Regular insight and analysis of the industry’s biggest developments
  • In-depth interviews with the industry’s leading figures
  • Unlimited digital access to the PV Tech Power journal catalogue
  • Unlimited digital access to the Photovoltaics International journal catalogue
  • Access to more than 1,000 technical papers
  • Discounts on Solar Media’s portfolio of events, in-person and virtual

Or continue reading this article for free

The worry is that such attacks could easily infiltrate the renewables sector as well.

Saudi Aramco had to conduct business via the use of typewriters and fax machines

As a result, GCUBE has launched a first-in-market insurance product, with wording created specifically for the protection of renewable energy projects – by including coverage for things like SCADA, and excluding things like client data breaches, added McLachlan. It’s the “natural next step” and the firm’s clientele has shown significant demand for such a product.

The Cyber Risk policy covers owners and operators in any circumstance where the ability to generate power – and the associated revenue – is impacted by a cyberattack on proprietary or third-party IT or OT (operational technology) systems. Cover can also be extended to include a cyberattack on assets not actually owned by the insured, such as damage to a third-party substation or transmission infrastructure that prevents the export of power.

In terms of best practice in avoiding cyber attacks, McLachlan broadly listed some of the most pertinent actions that plant operators and owners can take:

  • Requiring authentication and role based access control;
  • Using firewall rulesets;
  • Maintaining air gaps between assets (i.e. restricting internal access to other assets in case one asset is successfully hacked);
  • And of course straightforward measures like keeping IT systems and antiviruses up to date.

The GCube CEO also detailed some spine-chilling results of tests on renewable energy project vulnerability:

“Researchers from the University of Tulsa proved last year the ease with which they could hack and halt entire renewable energy projects (in this case wind farms)…. In fact over the last three years these researchers have managed to successfully hack five different US wind projects with 2,000 turbines in total, each with different OEMs. Given the rapid rise in cyber-attacks across the energy sector as a whole, and the vulnerability of renewable energy assets in particular, we expect it is only a matter of time before RE projects come to see non-damage cyber cover as an essential part of their insurance package.”

McLachlan also recounted an older but highly destructive example of a cyber attack on the power industry: 

“While not one of the recent spate of attacks, it’s also worth mentioning a case in the same region a number of years earlier in which Saudi Aramco were attacked. This case was noteworthy because the devastation to the companies’ computers was such that Aramco was forced, over the five following months, to disconnect all their devices from the internet and conduct business via the use of typewriters and fax machines. Just goes to show how debilitating such attacks can be…”

Read Next

Subscribe to Newsletter

Most Read

Upcoming Events