In February, wind energy converters maintained by ENERCON Service, a leading wind energy company in Europe, fell victim to a cyber attack by suspected Russian hackers. The attack resulted in the disruption of satellite communications that remotely monitored and controlled the company’s 5,800 wind turbines along the European coastline. It took two months for the majority of the wind farms to be back online.
The incident coincided with the invasion of Ukraine by Russian troops, leading to suspicions that the cyber attack was politically motivated. Around 30,000 satellite terminals used by various companies and organizations across Europe were affected, with ENERCON’s wind energy converters being one of the primary targets. The company reported that the loss of communication services via satellite occurred at the same time as the Russian invasion.
The incident highlights the vulnerability of the energy sector, particularly the growing green energy systems, to cyber threats. As renewable energy gains traction, the interconnected nature of these systems creates attractive targets for hackers. During times of conflict or heightened tensions, the reliance on these systems for power generation and distribution makes them even more susceptible to wide-scale cyber attacks.
A report by Cyble emphasizes the interconnected nature of green energy systems, including power grids, energy storage facilities, and smart technologies, and the vulnerabilities and misconfigurations that make them enticing for malicious actors to exploit. The energy sector, particularly electric power and gas companies, are particularly vulnerable to cyber attacks.
McKinsey & Company identified three broad characteristics that make the energy sector especially vulnerable to modern cyber threats. Firstly, there are increasing threats and actors targeting utilities, including nation-state actors, cybercriminals, and hacktivists. Secondly, utilities have expansive and complex attack surfaces due to their geographic and organizational complexities. Lastly, the interdependencies between physical and cyber infrastructure in the sector make companies susceptible to various exploitations.
One specific area vulnerable to cyber attacks is photovoltaic (PV) monitoring and diagnostic solutions. These systems play a critical role in monitoring and managing renewable energy systems by providing real-time performance information, data efficiency, and fault detection. However, the exposure of PV diagnostic and monitoring systems to the internet creates potential risks. Research indicates that over 130,000 of these systems are exposed, providing threat actors with a large attack surface. Exploiting vulnerabilities in these systems can lead to reduced energy production, system instability, physical damage, and other cybersecurity challenges.
Securing PV monitoring and measuring solutions requires addressing vulnerabilities and challenges such as outdated firmware, misconfigurations, and compromised endpoints. Outdated firmware and misconfigurations, such as unsecured communication, lack of updates, improper network segmentation, and poor access control, make these systems more accessible to intruders. Compromised endpoints, where access credentials are stolen and sold on the dark web, pose a significant threat to the security of PV monitoring solutions.
The energy sector, including utilities and critical infrastructure, is a prime target for various threat actors, including nation-state actors, cybercriminals, and hacktivists. Cyber attacks can cause extensive damage, disrupt operations, and lead to financial losses. Hacktivists, in particular, often utilize publicly available attacks like distributed denial of service (DDoS) to disrupt electric power and gas operations. They have also targeted climate leaders and stole personal data, which can be used for cybersecurity attacks against industry leaders.
While most utilities are aware of the cybersecurity risks, inconsistencies exist in their ability to secure funding for cybersecurity controls. Regulators often lack the necessary talent to review cybersecurity budgets, leading to limited investments in cyber capabilities. Municipalities offering independent energy services may also lack resources to deploy sufficient cybersecurity controls, further increasing the risk.
The energy sector faces several challenges in securing its IT and OT systems. The visibility and maintenance of these systems are challenging, especially with the diversification of work and remote working options due to COVID-19. Consumer electronics, such as wireless smart meters, also pose vulnerabilities and have been targeted for tampering. The emergence of new technologies like electric-vehicle charging stations increases the stakes, as coordinated attacks against these stations could bring down an entire power grid. Organizational complexity within utilities and the use of untested IoT technology further complicate network security.
In conclusion, the energy sector, particularly green energy systems, is increasingly exposed to cyber threats. The interconnected nature of these systems and their reliance on technology make them attractive targets for hackers. Photovoltaic monitoring and diagnostic solutions face specific vulnerabilities, requiring attention to outdated firmware, misconfigurations, and compromised endpoints. Addressing these vulnerabilities and improving overall network security within utilities are crucial steps in mitigating the risks associated with cyber attacks on the energy sector.