The energy sector is sharpening its focus on cybersecurity amid growing concerns about IT threats.
The digitization of the grid and the proliferation of renewable energy create opportunities for hackers that haven't been fully explored. Even in the last few weeks, several notable clean energy companies have taken steps to reduce the risk of a breach.
Hackers might target renewable energy companies for the fun of it or to hold plant operations for ransom, said Menelaos Ioannidis, chief technology officer at Lightsource Labs, the research arm of one of the world’s largest solar asset holders.
Although he was not aware of any attacks to date, “It’s not difficult to hack the system,” he said.
In August, a Dutch researcher uncovered 17 solar inverter vulnerabilities that hackers could use to remotely control plant output.
A cyberattack could damage business reputation, cause disruption and loss of data, threaten the integrity of security systems, cause outages and lead to losses from ransom, said Graham Harding, managing director and chief financial officer at British Solar Renewables.
“We believe any firm dealing with technology has a duty to ensure that cybersecurity is considered in everything they do,” he said. “We are taking measures to ensure cybersecurity is baked into our designs, solutions and activities in the same way as physical security is.”
Last month, the wind turbine maker Siemens Gamesa Renewable Energy (SGRE) gave its chief information officer, Alan Feeley, an added role as chief cybersecurity officer.
“He will expand and manage the company's operational framework for cybersecurity and will consolidate all security developments in the context of the digital transformation of SGRE after the merger of Gamesa and Siemens Wind Power,” said the company in a press release.
Adding a cybersecurity role in upper management will help the company prepare for future challenges and risks, the statement says.
Meanwhile, DNV GL’s latest recommended practice manual for the safety, operation and performance of grid-connected energy storage systems, published last month, places special emphasis on cybersecurity.
“Any software that has network access, security software and data infrastructure should be continuously monitored and kept up-to-date to stay defensive against the latest cyber threats,” the guide advised.
Also last month, Berkeley Lab announced it was launching a project to mitigate cyber-vulnerabilities in rooftop solar panels integrated into the grid.
The project, which the Department of Energy is funding with $2.5 million over three years, “will develop tools to detect and counter certain types of cyberattacks on the grid,” Berkeley Lab announced.
The work will focus on smart solar inverters that use standard communication protocols to talk to the grid. Researchers hope to give the inverters a way of fighting back if a hacker tries to manipulate their settings.
The team will develop algorithms to use the system in the same way hackers might, but send opposite signals to nullify the attack, like a noise-canceling headphone, the lab said. This project is one of several backed with $50 million of DOE funding to improve the resilience and security of critical U.S. energy infrastructure.
The efforts to shore up energy infrastructure cybersecurity come as hackers redouble their efforts to penetrate plant equipment.
Since late 2015, for example, a group called Dragonfly has been targeting the European and North American energy sectors with “a new wave of cyberattacks that could provide attackers with the means to severely disrupt affected operations,” said Symantec, the IT security firm.
“The Dragonfly group appears to be interested in learning how energy facilities operate and gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to.”
This growing interest in energy-sector industrial technology is exposing vulnerabilities that were not previously apparent because supervisory control and data acquisition (SCADA) or other systems did not communicate with traditional IT networks.
SCADA systems, for example, were immune to May’s WannaCry ransomware attack, which brought down companies and public-sector bodies across Europe and Asia.
The ransomware affected computers with old Windows operating systems, whereas as most SCADA systems are based on Linux. But hackers are finding new ways to reach into generation plant controls.
At a Black Hat Europe hacker event this December, for example, David Atch, vice president of research at an industrial cybersecurity firm called CyberX, is scheduled to demonstrate how to penetrate industrial networks that are "air-gapped," or completely isolated from the internet.
The session will include an explanation of how to hack a Siemens SIMATEC S7-1200 controller, which is used in solar parks such as Pignata in Italy.