AWEA 2018: Increase in cyber security attacks 'inevitable', expert warns

UNITED STATES: Cyber security attacks on wind projects will increase in frequency, according to Bruce Bailey, senior technical advisor for energy and power at UL.

"James Bond scenario": Bruce Bailey said an increase in cyber attacks was inevitable as digitalisation becomes increasingly prevalent

"It’s inevitable", he said on the sidelines of the American Wind Energy Association’s Windpower 2018 conference.

"How, when or how widespread, we have no way of knowing," he told Windpower Monthly. "It’s sort of like a James Bond scenario."

There have already been several deliberate attacks targeting wind farms, Bailey added.

But in other cases, cyber security issues have been inadvertent, he said.

In one incident, a technician logged on to his laptop in a hotel and downloaded malware by mistake. When he went to work the next day and logged on, the wind farm became infected and the turbines stopped working one-by-one, Bailey said during a talk on cyber security.

Project operators can lose as much as $50,000-$100,000 per day if a project stops operating.

Wind power projects are increasingly connected, via the internet, to their owner, possibly the OEM and certainly an operations and maintenance (O&M) provider, Bailey added.

Smart grids are a two-way system with many points of entry for cyber criminals, he said. "They’re like a reverse sieve."

A project’s power network has multiple networks for power, controls and data. Wind farms can also be remote, with weak physical security.

Apart from lost production and lost revenue, a cyber attack could cause injuries to staff or bystanders, costly damage to equipment or an owner’s reputation, and regulatory fines.

The American Wind Energy Association (AWEA) is holding its Windpower 2018 conference and exhibition in Chicago (7-10 May). Windpower Monthly will bring all of the coverage from the show across the week.