Wind farms act as an entry point for grid hackers
Cyber-attacks are often thought of with the association of some large breach such as Target or Anthem. However, hackers are not just targeting credit card information and social security numbers; some are persistently targeting our nation’s infrastructure.
What many people may not know is that grid power control systems are interconnected, via the web. While the grid has various cyber protection mechanisms in place, any vulnerability within a single wind farm’s cybersecurity can serve as a gateway for hackers to systems that control larger portions of the grid. For example, high voltage power lines transfer enormous amounts of power over large distances, making them a prime target for hackers to infiltrate.
In order to gain access, however, hackers turn their sights to wind farms and other less threatening targets as a point of entry. If someone were to gain access to multiple plants at the same time, in an effort to take as much off line as possible, the resulting impact would be catastrophic. Systems that could potentially go offline would be power, clean water, electricity, and transportation systems to name a few. In regards to the facility directly impacted, damage caused by a hacker takes a significant amount of time to repair and has exorbitant costs, not to mention potential profits lost due to business interruption. Even just reversing the turbine’s direction can cut power and cause enough damage that repairs would take weeks or months to accomplish.
Wind farms typically have a small number of employees on site, and even more facilities are remotely operated. These farms can be secured if the proper cybersecurity measures are taken to prevent mishaps, which are more often than not human error. Some of the most common mistakes include industrial control systems being connected directly to the Internet, weak passwords, and failure to separate control-system assets from the business network and secure them behind a firewall. While these issues are easy to address and resolve, failure to do so puts a facility, and thus the whole power grid, at great risk.
Cyber attacks are happening more frequently on wind farms and power plants. Secured measures such as SCADA/ICS modeling are helping to provide these plants with more protection against these cyber hackers. Placing a plan like this within a company is becoming as important as having property coverage. We are seeing less and less wind farms and power companies purchasing cyber coverage when they are in fact the companies that are being targeted the most. When it comes to the grid, attack opportunities are endless and having the proper coverage in place is essential for business to continue should an attack take place.
About the Author
Charlie Long is a Client Executive and leader of the Renewable Energy and Clean Technology Practice at Gallagher WGA. He works with independent power developers, owner operators and manufacturers in the business of power generation.