As the planet becomes more reliant on computers and more connected via the internet, our nation’s critical infrastructure is increasingly vulnerable to cyberattacks.
This is especially true for power utilities and the electric grid, which offer tempting targets to hostile actors due to the ability to cause widespread power outages or other disruptions.
Indeed, cyber criminals have already infiltrated the nation’s power infrastructure, and experts say now is the time to protect these vital assets. Critical infrastructure in the U.S., including the electric grid, is “increasingly under attack by foreign adversaries,” the head of the Federal Energy Regulatory Commission (FERC), Chairman Neil Chatterjee, told lawmakers in June 2019.
Until recently, renewables such as wind have drawn less attention from cyber criminals because they made up a small percentage of the nation’s overall power generation.
But now, the cybersecurity of wind plants is becoming increasingly important. Over 50,000 wind turbines with a combined capacity of about 100 GW are operating in the United States, providing 6.6% of the nation’s electricity in 2018.
That’s why researchers at Idaho National Laboratory are leading several U.S. Department of Energy (DOE) Wind Energy Technologies Office (WETO)-funded efforts to protect the nation’s wind generation infrastructure.
Along with industry and researchers from four national laboratories, the collaboration also seeks to explore how wind energy could reliably and resiliently contribute to military and disaster relief applications.
“As wind generation in the U.S. continues to grow, it becomes more of a critical generating asset of our bulk electric system,” said Jake Gentle, a senior power systems engineer at INL.
The current state of cybersecurity readiness at wind plants throughout the U.S. is somewhat mixed, said Gentle. But, in general, cybersecurity for wind power is behind in comparison to other types of large-scale power generation such as coal and nuclear power plants.
Part of the problem is that ownership and operation of wind plants is dispersed compared with other forms of power generation. Dozens of utility-scale wind plant owners operate across the United States and, as of 2018, independent power producers owned 83% of all wind energy assets. And, unlike conventional power plants commissioned, owned and operated by a utility, wind plants often change ownership multiple times throughout a plant’s full life cycle.
Further, wind generation facilities currently fall under less stringent federal cybersecurity rules than other sources of power, although more stringent rules are in the works.
Wind energy cybersecurity concerns are compounded by a shortage of physical security. On the ground, wind turbines are so dispersed that they’re often easy to access and rarely monitored.
“Physical access to an individual wind turbine is very simple,” said Gentle. “But because there are so many types, vendors and configurations of turbines, and they’re often located in remote parts of the country, it’s hard to protect all of them in a cost-effective manner.”
Indeed, cybersecurity researchers have shown that individual turbines are vulnerable to physical and electronic attacks that could disable or damage turbines or an entire wind plant. Moreover, because wind turbines are connected electronically to central control systems, a wind turbine hacked on the ground or through the internet could serve as an access point for cybercriminals to attack large-scale electricity infrastructure.
Without adequate protection, malicious attacks could cause severe cascading failures that go beyond the cyber and physical operations of the wind plant to impact the reliability of the electric grid.
To secure the nation’s wind infrastructure, researchers at DOE’s national laboratories are undertaking five projects:
- WETO’s Roadmap for Wind Cybersecurity
- Microgrids, Infrastructure Resilience, and Advanced Controls Launchpad (MIRACL)
- Defense and Disaster Deployable Wind Turbine (D3T)
- Hardening Wind Energy Systems from Cyber Threats
- Deployable Advanced Renewable Power System (DARPS)
WETO’s Roadmap for Wind Cybersecurity lays out a vision and a strategy that DOE will use to guide future research and development investments in partnership with industry.
The road map outlines strategic priorities based on the National Institute of Standards and Technology (NIST) cybersecurity framework. INL is responsible for developing the document in collaboration with researchers at the National Renewable Energy Laboratory (NREL) and Sandia National Laboratories (SNL).
The Microgrids, Infrastructure Resilience, and Advanced Controls Launchpad (MIRACL) looks at securing distributed wind facilities, whether they’re for defense applications, rural communities, university campuses or hospitals. As the name suggests, the project has a focus on wind infrastructure control systems and wind generation in the context of microgrids and hybrid distributed energy systems. The project is a collaboration among INL, NREL, SNL and Pacific Northwest National Laboratory.
D3T, the Defense and Disaster Deployable Wind Turbine, is a collaboration among SNL, NREL and INL to provide deployable energy in a secure fashion for military applications and disaster relief. “We know wind turbines alone won’t be the solution,” Gentle said. “We need wind solar, storage and other sources of energy to work together in a secure and reliable way.”
Hardening Wind Energy Systems from Cyber Threats is a DOE WETO-funded project that aims to help secure wind energy technologies by enhancing and developing approaches to protect wind communication networks and construct intrusion detection systems.
These techniques will be shared broadly with the wind industry to harden communication systems to cyberattacks and detect when these attacks occur, facilitating informed response and recovery efforts. This project is in partnership with SNL and industry partners.
Deployable Advanced Renewable Power System (DARPS) is a deployable 31 kW wind/battery hybrid system capable of quick installation without needing additional equipment or existing infrastructure. DARPS will have microgrid capabilities so it can operate in grid-connected or isolated off-grid modes.
The project is specifically developed as a “proof of concept” prototype for tactical military applications such as forward operating bases. The project will be developed and tested by Bergey Windpower Company and Intergrid with input from INL, Cummins Power Systems, and Department of Defense end users.
The trick is meeting the needs of the unique and diverse customer sets, Gentle said. For instance, when looking for the best deployable wind turbine for a military base, production efficiency might take a back seat to durability and portability. On the other hand, production efficiency might be essential when providing cybersecurity for a large-scale wind farm.
Regardless, the result is working with industry to conduct R&D and implement technologies in a way that makes wind energy more secure.
“Renewable energy sources, including wind technology, are poised to alter the generation makeup of the electric grid in the future,” said Sarah Freeman, an industrial control system cybersecurity analyst at INL. “This shift, however, requires that these resources remain resilient in the face of cyberattacks. This work aims to ensure the reliability of wind generation.”