Renewable energy companies at high risk from cyberattack, claims report

JP Casey 15 February 2018 (Last Updated February 15th, 2018 13:12)

The Renewables Consulting Group (RCG) and cybersecurity specialist Cylance have published a report on cybersecurity concerns for renewable energy companies, urging them to assess and update their IT infrastructure.

Renewable energy companies at high risk from cyberattack, claims report
Wind farms are some of the most vulnerable organisations, according to the report. Credit: Daxis

The Renewables Consulting Group (RCG) and cybersecurity specialist Cylance have published a report on cybersecurity concerns for renewable energy companies, urging them to assess and update their IT infrastructure.

The report is quick to point out the dangers faced by renewable energy companies, saying in its introduction: “the potential impact of cyber-attacks is particularly noteworthy in the energy industry, as conventional electrical energy infrastructure moves towards more distributed but integrated and ‘smart’ electrical grid systems.”

Forbes noted that costs incurred as a result of cybercrime quadrupled from 2013 to 2015, and economic losses as a result of cyberattacks will reach $2 trillion by 2020.

The report foes on to explain that there are two kinds of risk posed to companies. The first covers physical damage, as the often remote locations of renewable energy assets mean it is difficult for damage to fences, locks and CCTV systems to be quickly repaired. Furthermore, ‘maloperation’ of machinery by hackers – forcibly making machines perform tasks that are wasteful or damaging to themselves – is named as another key threat.

“The remote management risk for renewable energy assets that convert kinetic energy into electricity, such as wind turbines, is inherently greater over more static power generation methods, such as solar PV [photovoltaic systems], as attackers could cause physical damage through repetitive operational commands on moving components at undesirable times,” the report says.

The second type of risk involves dangers posed to software and internet connectivity. The report states that ‘multiple wind and solar farms are now controlled from great distances away from the sites themselves’, control that is often exerted through public IP addresses, which can leave operations, maintenance and monitoring software open to attack.

The Enterprise Strategy Group, an integrated IR research and strategy firm, conducted a survey which reported that 63% of technology organisations predict they will spend more on cybersecurity than they did in 2017, with only 2% of respondents claiming that spending would decrease. The RCG and Cylance report encourages companies to invest in updated cyber-defences, reassess how access to sensitive systems and data is managed, and take advantage of predictive tools, such as machine learning and artificial intelligence, to be proactive in their defences.

“RCG is not aware of any other piece of research which draws together two expert companies to produce a joint report on the cyber threat to renewable project infrastructure,” said Sam Park of RCG, and co-author of the report.

“If this report offers a pause for thought to all the renewable asset owners, manufacturers and maintainers; and subsequently even a single project strengthens its resistance to the obvious and increasing cyber threat out there, then Cylance and RCG will have done their job.”