Offshore wind farms – which are crucial to the UK’s move towards more renewable energy - are vulnerable to cyberattacks, according to new research from The Alan Turing Institute published today (Thursday 20 June).
Wind farms are particularly at risk of cyberattacks due to their remote location, meaning they require more digital infrastructure to communicate with onshore systems. Many wind farms also rely on older software and communication systems that were not designed with cybersecurity in mind.
The integration of modern digital solutions alongside the older legacy infrastructure can further increase their susceptibility to a cyberattack. The researchers found that AI and intelligent automation, however, could be used to reinforce these systems by helping human operators recognise and predict threats to offshore wind.
The research, a joint publication between The Alan Turing Institute’s Centre for Emerging Technology (CETaS) and Data Centric Engineering (DCE) programme, also recommended actions policymakers and industry could take to enhance the cybersecurity of offshore wind.
The authors make key recommendations to improve the security of offshore wind, including integrating AI into offshore digital systems; creating organisational emergency response plans; enabling cross-border intelligence sharing of attacks; and establishing security response protocols if an attack were to happen.
As offshore wind becomes a key part of the UK’s critical energy infrastructure, potential cyberattacks pose a serious risk if combined with attacks of other parts of the energy sector. In a worst-case scenario this could lead to power outages that could lead to critical services such as hospitals unable to function.
The UK currently has more offshore wind capacity than any other nation and it forms a crucial part of the UK’s plans for reaching net zero by 2030. Offshore wind already accounts for 13% of the UK’s electricity production and in 2023 surpassed the proportion of electricity produced by gas for the first time.
There is concern that successful cyberattacks could lower public trust in wind energy or other renewable energy if they cause disruption to power supplies or disrupt critical services.
Cyberattacks directly or indirectly affecting offshore wind are happening already with companies like Enercon, Vestas, Nordex and Deutsche Windtechnik reporting malware and ransomware attacks.
Anna Knack, Lead Researcher for CETaS and report author, said: “As offshore wind becomes a larger part of the UK’s energy supply, it is essential that more is done to protect it from disruption and cyberattacks.
“New regulation, innovative technical solutions and international collaboration across sectors will be crucial to making these systems more resilient in the future and ensuring the nation can safeguard its access to an important source of renewable energy.”
Dr Alexander Babuta, Director of CETaS: “The UK’s offshore wind production is set to significantly increase over the coming years. However, the more it becomes integrated into our energy supplies the greater the potential for serious disruption if it were to come under a cyberattack.
“Incorporating AI into these systems is one way that cybersecurity could be improved. However, to make offshore wind more resilient we need to consider the robustness of the entire system, such as rapid power recovery, as well as eliminating cybersecurity threats.”
Header image: Nicholas Doherty via Unsplash