The Biden White House’s March 29 announcement that it will expedite the development of offshore wind projects along the Atlantic coast of the United States underscores the administration’s commitment to move the nation away from fossil fuels to increased dependence on renewable energy.
But the prospect of giant wind turbines sprouting up in coastal waters stretching from New England to Florida may further complicate cybersecurity concerns that are already being raised about wind power.
‘Significant Cybersecurity Concerns’
“As wind becomes an ever-increasing part of the ‘smart grid’ landscape, the bidirectional communication upon which wind energy equipment is reliant also introduces significant cybersecurity concerns,” a July 2020 report by the U.S. Department of Energy concluded.“Standards for communications, equipment, and security practices are currently underdeveloped or absent from the wind industry. Cybersecurity standards specific to the wind industry currently do not exist. The wind industry largely depends on standards developed for other energy systems and technologies, meaning that the specific cybersecurity needs of wind energy technologies are not well understood.”
- Cyber incidents targeting wind energy systems have already occurred, just as with other aspects of the Energy Sector, and will likely increase in sophistication and number.
- The wind plant life cycle involves many parties; effective cybersecurity practices are difficult to establish, maintain, and trace through the supply chain from construction to operation to repowering to decommissioning.
- Wind generation assets require robust cybersecurity practices to ensure continued integration with the bulk electric system.
- Wind energy technologies and developments are highly diverse; no single cybersecurity strategy can apply to all wind plants.
- Effective, available cybersecurity options may be cost-prohibitive for some wind installations.
- Few specific cybersecurity standards specific for wind exist.
- Few incentives for wind energy stakeholders have been established to prioritize cybersecurity over other investments (e.g., reliability, performance, etc.).
- Cyber threat, vulnerability, incident, and mitigation sharing is limited among wind energy stakeholders.
- The current market offers few and underdeveloped wind-specific cybersecurity services, products, and strategies.
“The lack of public awareness of wind farm cyber incidents has negatively affected the industry’s focus on addressing cybersecurity,” Weiss said. “Consequently, it may take a real test to demonstrate that wind turbine cyber vulnerabilities can cause damage to critical equipment such as gear boxes.” SCADA is a computer system that receives real-time data in order to control that system.
Cyberattackers generally exploit previously known vulnerabilities. The vulnerabilities of wind-energy equipment are well-known among bad actors, as their repeated attacks attest. While cybersecurity is a concern to all energy producers connected to the grid, the Biden administration’s plans to expand wind power—offshore and on land—entail risks that the public may not fully appreciate.
The White House has set a target of 30 gigawatts of wind capacity by 2030, nearly double the forecasts by the end of the decade. Currently, the United States has two small offshore wind installations—a 30-megawatt facility off Block Island, Rhode Island, and a pilot project off the coast of Virginia that hasn’t yet come online.
Chinese Interest
American wind installations, with their potential to serve as a gateway to the nation’s power grid, have already caught the attention of Beijing. Houston-based GH America Energy is a wholly owned subsidiary of Chinese Guanghui Industry Investment Group, which, since 2015, has purchased some 140,000 acres of land about 200 miles west of San Antonio, Texas.The Xinjiang-based parent company is a massive conglomerate with extensive holdings in real estate, liquified natural gas, transportation, and chemicals. Guanghui’s billionaire founder, CEO, and Communist Party member, Sun Guangxin, wants to erect hundreds of wind turbines and perhaps several giant solar arrays in the Devils River area of West Texas. Sun’s Devils River property happens to be located near Laughlin Air Force Base, a training center for pilots.
Whether carrying out cyberattacks from afar or spying from up close, America’s adversaries have a lot to gain from the expansion of wind power.