Offshore Wind Farms are Vulnerable

As renewable energy becomes more prominent, it brings with it a new landscape of potential cyber threats and vulnerabilities that are not yet fully comprehended. Juanwei Chen, a PhD student at the Concordia Institute for Information Systems Engineering (CIISE), emphasizes the importance of understanding these risks as part of the transition to renewable energy. This transition necessitates a careful assessment of potential vulnerabilities and threats to guarantee a secure and sustainable future.

The ongoing climate crisis has hastened society’s electrification and shift towards renewable energy. However, this shift, specifically towards wind power, comes with its own set of challenges. A collaborative study from researchers at Concordia and Hydro-Quebec, presented at a renowned conference, underscored the cyber vulnerabilities faced by offshore wind farms using VSC-HVDC connections. It is essential to tread carefully in this new territory, acknowledging and addressing potential vulnerabilities to ensure a secure renewable energy transition.

The research team included Hang Du, a PhD student at Concordia, associate professor Jun Yan, and Dean Mourad Debbabi of the Gina Cody School. Rawad Zgheib from the Hydro-Quebec Research Institute (IREQ) also contributed. This study forms part of a joint project led by Prof. Debbabi and the IREQ cybersecurity research group, helmed by Dr. Marthe Kassouf. Dr. Zgheib and the rest of the research team worked collaboratively to achieve these results.

Examining the Vulnerabilities of Wind Farms

Offshore wind farms, compared to their onshore counterparts, demand more cyber infrastructure due to their remote locations. They rely on extensive communication with onshore systems via wide area networks and with each other, including with maintenance vessels and inspection drones.

This complex communication system provides multiple entry points for potential cyberattacks. If adversaries gain access to the converter station’s local area network, they can manipulate the system’s sensors and replace real data with false information. This can cause electrical disturbances throughout the offshore wind farm, potentially resulting in power oscillations when all offshore farms are operating at full capacity.

These oscillations, if aligned with the frequency of the cyber-induced electrical disturbances, can intensify and spread through the HVDC system, potentially jeopardizing the stability of the main power grid. While physical safeguards are commonly in place to respond to such occurrences, cybersecurity breaches often lack these provisions.

System networks are equipped to manage events like router failures or signal decay. However, the potential of an attacker hijacking the signals is a cause for concern. Jun Yan, the Concordia University Research Chair in Artificial Intelligence in Cyber Security and Resilience, points out that there are significant gaps within the industry among manufacturers and utilities. While much focus is on corporate issues such as data security and access controls, more work needs to be done to secure operational technologies.

Concordia University is spearheading international standardization efforts, but Yan acknowledges that much more work lies ahead. Existing regulatory standards for the United States and Canada specify what is required but often do not provide guidance on how to accomplish it. Both researchers and operators understand the criticality of energy security, but the path forward is still riddled with unexplored avenues and unresolved questions.