In April 2022, a few months after the start of the Russia-Ukraine war, three wind-energy companies in Germany were hit with cyber-attacks that disabled thousands of digitally managed wind turbines. In one case, the company wasn’t even the target but “collateral damage” after attackers took down the Ukrainian satellite system ViaSat. This is just one example of the cyber-risks now facing digital renewable energy systems.
It is estimated that by 2050, global power systems will be 70% reliant on renewable energy – derived mainly from solar, wind, tidal, rain, and geothermal sources. These energy sources are generally distributed, geographically remote, and relatively small scale. They are often managed and operated using under-secured digital technologies that plug directly into the legacy infrastructure of national power grids. This creates a broad cyber-attack surface for threat actors to target.
From risk to resilience
To build robust cyber-resilience into digital renewable energy systems we first need to understand the areas of risk. These include, but are not limited to:
- Code vulnerabilities and misconfigurations in embedded software. The demand for renewable energy means…
