Enhancing the Cyber Resilience of Offshore Wind
Executive Summary
This Research Report explores how the resilience of offshore wind farms could be reinforced by artificial intelligence (AI) and intelligent automation, and what actions policymakers and industry should take to enhance the cybersecurity of offshore wind. The findings are the result of a collaborative project between The Alan Turing Institute’s CETaS and Data-Centric Engineering (DCE) programme, which was funded by the Lloyd’s Register Foundation.
Cyberattacks directly or indirectly affecting offshore wind are happening already with companies like Enercon, Vestas, Nordex and Deutsche Windtechnik reporting malware and ransomware attacks. On the day of Russia’s invasion of Ukraine, the cyberattack on ViaSat satellite communications affected space-based assets engaged for command and control of Enercon’s wind turbines in Germany, leading to the loss of remote monitoring access to more than 5,800 wind turbines. With plans to significantly scale offshore wind capacity in the UK, resilience to similar cyberattacks must be reinforced.
Some areas in the cyber-physical infrastructure require more attention from a security perspective because they could lead to cascading damage. This includes areas where the grid integrates new and legacy offshore wind infrastructure, the control centre, intersections with external actors along the offshore wind supply chain and points of integration with the Internet.
Harnessing AI and intelligent automation will reinforce the resilience of offshore wind if swift action is taken by government and industry. The AI and intelligent automation applications identified as the most promising in this report were: anomaly-based intrusion detection systems (IDS), anomaly detection, intrusion protection systems (IPS), and hardening and predictive maintenance. While AI and intelligent automation could be introduced to protect access points that result in the most cascading damage, there are systemic, supply chain and physical risks which also need to be mitigated. There is an opportunity to integrate systems that enhance security in the design and construction of offshore wind systems before offshore wind infrastructure projects are completed.
Bolstering resilience requires a radical overhaul of systems-engineering practices towards resilience-based engineering and a range of systemic changes to wind industry operations, regulation, intelligence sharing and research. Offshore wind design and engineering choices can explore increasing heterogeneity in systems designs within a wind fleet, as well as increased network segmentation to prevent cascading damage when one turbine faces an attack.
Organisational emergency response plans, cross-border intelligence sharing, and security response protocols are also required. This report proposes mitigative actions to address the main resilience challenges, which are summarised in Table 1 within the executive summary. The rationale and promising practice informing these recommendations are presented in Section 4 of the report.