Cybersecurity of Wind Power a Growing Concern

Cybersecurity of Wind Power a Growing Concern
Wind turbines are shown on a wind farm in Colorado City, Texas, on Jan. 21, 2016. (Spencer Platt/Getty Images)
Bonner R. Cohen

The Biden White House’s March 29 announcement that it will expedite the development of offshore wind projects along the Atlantic coast of the United States underscores the administration’s commitment to move the nation away from fossil fuels to increased dependence on renewable energy.

But the prospect of giant wind turbines sprouting up in coastal waters stretching from New England to Florida may further complicate cybersecurity concerns that are already being raised about wind power.

Wind energy recently surpassed 7 percent of U.S. power production and, thanks to generous taxpayer subsidies and renewable energy mandates in some states, its percentage is likely to continue rising. The more wind installations that come into service, the more cybersecurity challenges their integrated control systems and related technologies will pose. For cybercriminals and terrorists, wind power—whether offshore or land-based—makes for an inviting target.

‘Significant Cybersecurity Concerns’

“As wind becomes an ever-increasing part of the ‘smart grid’ landscape, the bidirectional communication upon which wind energy equipment is reliant also introduces significant cybersecurity concerns,” a July 2020 report by the U.S. Department of Energy concluded.

“Standards for communications, equipment, and security practices are currently underdeveloped or absent from the wind industry. Cybersecurity standards specific to the wind industry currently do not exist. The wind industry largely depends on standards developed for other energy systems and technologies, meaning that the specific cybersecurity needs of wind energy technologies are not well understood.”

Underscoring the seriousness of the problem, the DOE report, “Roadmap for Wind Cybersecurity,” makes several additional points:
  • Cyber incidents targeting wind energy systems have already occurred, just as with other aspects of the Energy Sector, and will likely increase in sophistication and number.
  • The wind plant life cycle involves many parties; effective cybersecurity practices are difficult to establish, maintain, and trace through the supply chain from construction to operation to repowering to decommissioning.
  • Wind generation assets require robust cybersecurity practices to ensure continued integration with the bulk electric system.
  • Wind energy technologies and developments are highly diverse; no single cybersecurity strategy can apply to all wind plants.
  • Effective, available cybersecurity options may be cost-prohibitive for some wind installations.
  • Few specific cybersecurity standards specific for wind exist.
  • Few incentives for wind energy stakeholders have been established to prioritize cybersecurity over other investments (e.g., reliability, performance, etc.).
  • Cyber threat, vulnerability, incident, and mitigation sharing is limited among wind energy stakeholders.
  • The current market offers few and underdeveloped wind-specific cybersecurity services, products, and strategies.
Joseph M. Weiss, an international authority on cybersecurity, control systems, and system security, confirms that wind turbines have been targeted, though the attacks haven’t been widely reported. The attackers went after wind installation SCADA (Supervisory Control and Data Acquisition) networks and wind turbine gearboxes, he said.

“The lack of public awareness of wind farm cyber incidents has negatively affected the industry’s focus on addressing cybersecurity,” Weiss said. “Consequently, it may take a real test to demonstrate that wind turbine cyber vulnerabilities can cause damage to critical equipment such as gear boxes.” SCADA is a computer system that receives real-time data in order to control that system.

Cyberattackers generally exploit previously known vulnerabilities. The vulnerabilities of wind-energy equipment are well-known among bad actors, as their repeated attacks attest. While cybersecurity is a concern to all energy producers connected to the grid, the Biden administration’s plans to expand wind power—offshore and on land—entail risks that the public may not fully appreciate.

The White House has set a target of 30 gigawatts of wind capacity by 2030, nearly double the forecasts by the end of the decade. Currently, the United States has two small offshore wind installations—a 30-megawatt facility off Block Island, Rhode Island, and a pilot project off the coast of Virginia that hasn’t yet come online.

Coastal wind turbines recently received another boost when Rep. Elaine Luria (D-Va.) established the bipartisan Congressional Offshore Wind Caucus. “In addition to helping us avoid the most severe impacts of climate change, expanding offshore wind energy would create long-term job opportunities for countless Americans,” Luria said in a statement.

Chinese Interest

American wind installations, with their potential to serve as a gateway to the nation’s power grid, have already caught the attention of Beijing. Houston-based GH America Energy is a wholly owned subsidiary of Chinese Guanghui Industry Investment Group, which, since 2015, has purchased some 140,000 acres of land about 200 miles west of San Antonio, Texas.

The Xinjiang-based parent company is a massive conglomerate with extensive holdings in real estate, liquified natural gas, transportation, and chemicals. Guanghui’s billionaire founder, CEO, and Communist Party member, Sun Guangxin, wants to erect hundreds of wind turbines and perhaps several giant solar arrays in the Devils River area of West Texas. Sun’s Devils River property happens to be located near Laughlin Air Force Base, a training center for pilots.

If Sun’s project comes to fruition, Chinese-owned wind turbines reaching hundreds of feet into the air will be in close proximity to a U.S. military base. As Daniel N. Hoffman, a former chief of station with the CIA, wrote in the Washington Times on Aug. 13, 2020: “GH America would use the cover of a windmill farm renewable energy business to spy on behalf of China’s ruthless dictatorship.”

Whether carrying out cyberattacks from afar or spying from up close, America’s adversaries have a lot to gain from the expansion of wind power.

Bonner R. Cohen, Ph.D., is a senior fellow at the National Center for Public Policy Research and a senior policy analyst with the Committee for a Constructive Tomorrow.
Views expressed in this article are opinions of the author and do not necessarily reflect the views of The Epoch Times.
Bonner R. Cohen is a senior fellow at the National Center for Public Policy Research, where he concentrates on energy, natural resources, and international relations.