Three national labs analyze threats, vulnerabilities, and impacts—and offer solutions.

More than 70,800 wind turbines produce nearly 400 terawatt-hours of generation in the United States, and these numbers continue to grow. These turbines generated 9.2% of the nation’s electricity in 2021. In March 2022, 14 states in the Midwest hit a new record when 88.5% of total electricity demand was served by wind. As wind energy becomes a larger part of the country’s renewable energy generation, keeping wind power plants—and individual wind turbines—secure, safe, and reliable becomes increasingly important.

Wind energy-specific cybersecurity research and development is critical to the defensive protection of wind assets from cyber threats. The U.S. Department of Energy’s (DOE) Wind Energy Technologies Office (WETO) recognizes the need to assess risks and consequences associated with malicious activities—whether physical or cyber—and has prioritized the strengthening of the wind energy industry’s cyber resiliency. Although cybersecurity measures are incorporated into wind turbine designs, malicious threats continue to evolve, and consequences range from reduced energy generation to loss of communications between wind turbines and operators—or even a complete loss of a wind turbine’s ability to function.

"As wind energy continues to play an increasing role in our nation's energy infrastructure, it is imperative that we remain cognizant of the real threat that cyber and other attacks can pose to our energy systems,” said Jim Ahlgrimm, WETO’s acting director. “DOE and its national laboratories support R&D initiatives that will help identify, protect, detect, respond to, and recover from such attacks.”

Currently, WETO-funded research teams from three national laboratories are working proactively to strengthen security measures, policies, and information technology infrastructure for wind turbines.

Wind turbines with glowing dots superimposed over them.

WETO-funded research teams from three national laboratories are working proactively to strengthen security measures, policies, and information technology infrastructure for wind turbines.

Idaho National Laboratory Researchers Analyze Threats to Renewable Energy

An Idaho National Laboratory (INL) effort led by Megan Egan, a control systems cybersecurity analyst in the lab’s Cybersecure Integration Center, has been analyzing an increase in wind energy cyberattacks worldwide since 2021. These incidents include multiple ransomware attacks on wind turbine manufacturers, maintenance companies, and communications links.

In a pending publication, Egan’s team identified these key findings:

  • The remote and distributed nature of wind turbines makes communications not only critical for control and maintenance but also vulnerable to cyberattacks. The highly reliable communications infrastructure required by wind turbines enables workers to operate, monitor, and control both wind turbines and the electric power grid in real time.
  • Multiple entities can control and collect data on wind farms remotely, which provides more ways to penetrate the system during a cyberattack. Vendors, operators, maintenance companies, and utilities require these connections, which makes securing them a necessary challenge.
  • Offshore wind farms and wind turbines used in distributed applications present specific challenges for cybersecurity. The growth of offshore wind energy accelerates cybersecurity concerns, especially regarding remote control and maintenance, because physically accessing the turbines is both difficult and expensive.
  • Wind turbine efficiency (i.e., maximizing the overall power produced by each wind turbine) is key for the wind energy industry. Wind energy economic models rely on wind turbine efficiency and health—attributes that are vulnerable to disruption from a cyberattack.
  • A cyberattack on an individual wind turbine poses little threat; however, the impact of a cyberattack on groups of wind turbines is far greater.

“For existing wind power system owners and operators, it’s important to implement basic cybersecurity best practices right away and ensure safe and efficient response and recovery from a cyberattack,” Egan said. “Beyond that, the current growth of wind energy, and the future role wind energy will play in the nation’s energy mix, demand that new wind energy installations—whether land based, offshore, or distributed—integrate cybersecurity and cyber-informed engineering into the design, build, and installation phases.”

Learn more about INL’s cybersecurity research.

Ongoing Threats Require Ongoing Vigilance

Cyber threats to the nation’s power infrastructure are not new—they’re real and ongoing. WETO, in collaboration with DOE’s Office of Cybersecurity, Energy Security, and Emergency Response, is working to ensure that wind power plants are designed and equipped to manage such threats, and their owners and operators are vigilant in preparing for them.

Learn more about DOE’s work in cybersecurity.

The National Renewable Energy Laboratory Simulates Cyber Threats

At DOE’s National Renewable Energy Laboratory (NREL), a research team of wind energy and cybersecurity experts examined cybersecurity risks and consequences for wind power plants and wind turbines to determine how to protect them from potential threats.

“NREL’s research was designed to understand and address cybersecurity risks so we can use that information to strengthen the U.S. electric grid against threats,” said NREL researcher Jonathan Keller, who led the work. “We identified vulnerabilities to wind energy systems to raise awareness among wind industry professionals so they’ll take proactive measures to make sure their systems are more secure.”

The team’s work, discussed in a 2022 report, Securing Wind Energy Design: Proactive Cyber Risk Evaluation, focused on the general architecture of a wind turbine (rather than specific models). Using their knowledge of wind turbines and cybersecurity, the team identified hypothetical attack scenarios an adversary might take to damage or destroy one or more wind turbines.

One approach was to look at rare accidents that have actually happened (albeit rarely), such as when a wind turbine blade strikes the tower, causing the turbine to collapse. In this scenario, researchers studied how the strike happened and how the same damage might take place through a cyberattack.

“We studied historical events to brainstorm hypothetical cybersecurity threats,” said NREL cybersecurity researcher Zoe Dormuth, who coauthored the report. “Through reverse engineering, we figured out how the event could happen on purpose instead of by accident. That was the coolest part of this project.”

The team also developed a threat profile that addressed who might be behind a cyberattack—and how much commitment and determination this adversary would need to accomplish real damage. By identifying steps an adversary might take, this research helps inform the development of mitigation strategies to ensure that wind energy systems and technologies are secure.

Learn more about NREL’s cybersecurity research.

Sandia National Laboratories and Idaho National Laboratory Determine Cost-Benefit Trade-Offs for Wind Cybersecurity Technologies

Wind power plant operators often lack the information needed to both assess cyber risks and invest in a broad range of cybersecurity technologies—such as encryption capabilities, access control, intrusion detection systems, security information and event management tools, and other software and hardware technologies.

To fill that information gap, Sandia National Laboratories (Sandia) and INL determined the cost-benefit trade-offs for cybersecurity technologies in wind power plants and calculated defensive tactics for plant operators to detect and mitigate cyberattacks.

The team, led by Sandia cybersecurity researcher Jay Johnson, modeled how the components of a wind power plant are connected. They then developed a standardized methodology to score cybersecurity technologies for wind power plants and identify possible improvements for cybersecurity of a wind power plant site to prevent, detect, and respond to cyberattacks.

“We created a virtualized environment to assess the cybersecurity position of several wind power plants using different cybersecurity technologies,” Johnson said. “We found that adding cybersecurity technologies had a reasonable pay-back period when comparing their cost to the average cost of a breach, which is very expensive.”

According to Johnson, the off-the-shelf cybersecurity technologies the team evaluated required fine-tuning to work for wind power plants.

“Proper training for the implementers of these technologies is key,” Johnson said. “This research shows that adding new cybersecurity technologies improves the overall security of a wind power plant by giving plant operators greater visibility into cyberthreat operations and by providing new capabilities to remove adversaries from wind networks.”

In their results, the Sandia and INL teams identify cybersecurity technologies that show the best chances for defending wind power plants and compare costs to the average cost of a cybersecurity breach.

Learn more about Sandia’s cybersecurity research.

Spring 2023 R&D Newsletter


Explore previous editions of the Wind R&D Newsletter or browse articles by topic: