Full Title: Attack Surface of Wind Energy Technologies in the United States
Author(s): Sarah G. Freeman, Matthew A. Kress-Weitenhagen, Jake P. Gentle, Megan J. Culler, Megan M. Egan, and Remy V. Stolworthy
Publisher(s): Idaho National Laboratory
Publication Date: January 22, 2024
Full Text: Download Resource
Description (excerpt):
The United States (U.S.) National Cyber Strategy, released in March 2023, highlighted the growing threats and risks that American critical infrastructure faces in cyberspace. China and Russia have become more sophisticated in their attacks and likely possess the means to put the U.S. energy sector at risk.
At the same time, the U.S. energy sector is in flux. Increasingly, renewable energy represents a core component of the U.S. national and regional generation capacities. As the percentage of power generation from wind assets grows, and attacks on the energy sector rise in complexity and frequency, cybersecurity for wind energy technology becomes increasingly and urgently important, consonant with its growing value as a target for cyber-attacks.
Low-cost, reliable electrical energy production from wind relies upon automation and control systems, arguably more so than traditional thermal generation. These same systems, however, can serve as the target of adversaries’ cyber-attacks. Idaho National Laboratory (INL) evaluated a generalized wind plant architecture to understand the classes of potential threat actors and the vectors that could enable a cyber-attack. This evaluation explores the attack surface of a representative wind plant, identifying potential methods and vectors that an adversary could leverage to conduct a cyber-attack. Included in this assessment are some recommended mitigations and approaches. Each recommendation requires a full security evaluation, cost/benefit analysis, and risk analysis by each owner and operator.