Cyberattacks On Renewables: Fears For Europe's Electricity Sector In The Midst Of War

Criminals are targeting a country that is leading the world in clean energy. They infiltrate susceptible wind and solar power installations. They take out digitalized energy grids. They cause chaos.

Henriette Borgund knows attackers can find flaws in a large renewable energy company's defenses since she has discovered them herself. She joined Norway's Hydro (NHY.OL) as a "ethical hacker" in April, bringing years of military cyberdefence experience to bear at a time when Europe is at war and energy markets are in upheaval.

"I'm not sure I want to comment on how frequently we discover flaws in our system." But what I can tell is that we have discovered gaps in our system," she told Reuters at Hydro's Oslo headquarters, declining to elaborate on the nature of the flaws for security concerns.

According to Reuters interviews with a dozen executives from seven of Europe's biggest players, Hydro is among several large power producers beefing up their cyberdefences in response to Russia's invasion of Ukraine, which they say has increased the threat of hacker attacks on their operations.

"We determined last year, after the beginning of the Ukraine war, that the risk of cyber sabotage has increased," said Michael Ebner, information security chief at German utility EnBW (EBKG.DE), which is expanding its 200-strong cyber security team to protect operations ranging from wind and solar to grids.

The sophistication of Russian cyberattacks against Ukraine, according to the executives, has served as a wake-up call to how vulnerable digitalized and networked power infrastructure might be to attackers. They are nervously watching a hybrid war in which physical energy infrastructure, such as the Nord Stream gas pipelines and the Kakhovka dam, has already been targeted.

"Russia's cyber campaigns against Ukraine have been extremely targeted at Ukraine." But we were able to monitor and learn from it," said Torstein Gimnes Are, cybersecurity chief at Hydro, Norway's fourth-largest power provider as well as an aluminum producer.

Gimnes Are expressed concern that a nation state could collaborate with hacker groups to infect a network with dangerous software, but he, like the other CEOs, declined to discuss particular attacks or threats, citing company confidentiality.

According to Ukraine's SBU security service, Russia launches more than ten cyberattacks each day on average, with the Ukrainian energy industry a top target. According to the report, Russia attempted to destroy digital networks and induce power outages, and missile assaults on sites were frequently accompanied by cyberattacks.

Russian officials have stated that the West regularly blames Moscow for cyberattacks without presenting evidence, and that the US and its allies conduct offensive cyber operations against it. The Russian foreign ministry did not immediately react to a request for comment on the power companies' positions or the Ukrainian SBU's accusations.

The European power corporations, along with a half-dozen independent tech security experts, emphasized that the digitalized and interconnected technology of the thousands of renewable assets and energy networks rising up across Europe presented significant - and growing - vulnerabilities to infiltration.

"The new energy world is decentralized." This implies that we have numerous small units - such as wind and solar plants, but also smart meters - that are digitally connected," said Swantje Westpfahl, director of Germany's Institute for Security and Safety.

"This networking raises the risks because there are far more potential entry points for attacks, with far greater potential impact."

PLANT CLOSES DUE TO TRITON VIRUS

According to James Forrest, executive vice president of Capgemini, which advises firms on security risks, the potential consequences of a cyberattack vary from the theft of critical data and power interruptions to the destruction of a physical asset.

He specifically mentioned the threat of malware like the Triton virus, which hackers used to remotely take over and shut down a Saudi petrochemical complex in 2017.

While malware packages like Triton may be novel algorithmic weapons, the most common route of entry employed by hackers attempting to deploy them is more basic, according to the CEOs and specialists interviewed: via phishing emails designed to elicit data from employees such as network passwords.

According to Cem Gocgoren, information security chief at Svenska Kraftnaet, such attacks are "more or less constant." Over the last four years, the Swedish grid operator has almost tripled its cybersecurity team to around 60 people, and it is improving employee knowledge. "We have to make them understand that we are constantly under attack." "This is the new normal."

Borgund, an ethical hacker at Hydro, echoed this notion of a never-ending barrage through phishing, which she described as the "first initial vector" of cyberattackers.

SATELLITE CYBERATTACK

According to Stephan Gerling, senior researcher at Kasperky's ICS CERT, which studies and detects cyber threats on industrial facilities, traditional power plants like gas and nuclear typically operate on airgapped IT infrastructure that is sealed off from the outside, making them less vulnerable to cyberattacks than physical sabotage.

In contrast, the ever-increasing number of smaller renewable installations across Europe are powered by a variety of third-party systems that are digitally connected to the power grid and fall below the power-generation monitoring threshold imposed by safety regulators, he added.

Last February, a Russian cyberattack on a Ukrainian satellite communications network disrupted and shut down the remote monitoring of more than 5,800 wind turbines owned by Germany's Enercon, according to Mathias Boeswetter, head of IT security at German energy industry group BDEW.

While the event had no impact on the power grid, it demonstrated the increasing cyber dangers faced by the energy transition, he continued.

HOW TO HACK A WIND FARM ?

It is relatively simple to hack into a wind farm.

According to a report on cyber threats to energy published by risk consultancy DNV, researchers at the University of Tulsa undertook an experiment in 2017 by hacking into undisclosed wind farms in the United States to assess their vulnerabilities.

According to the report, the researchers picked a lock to obtain access to a compartment in the base of a wind turbine. They obtained a list of IP addresses for each networked turbine in the field by accessing the turbine's server. They then brought the turbine to a halt.

Wind and solar power accounted for more than a fifth of European energy demand in 2021, according to EU data, and this share is forecast to treble by 2030, driven by government initiatives to wean nations off fossil fuels and double down on renewables.

E.ON - (EONGn.DE) Europe's largest electricity grid operator, with a 1 million-mile network, has also seen an increase in cyberattacks, according to CEO Leonhard Birnbaum, who spoke at the group's shareholder meeting in May.

The corporation has grown its dedicated cyber team to roughly 200 people over the years, according to emailed responses, and the group has long recognized the issue's importance.

"Putting cybersecurity at the top of the priority list only after the start of the Ukraine war and the energy crisis would have been a serious omission," it stated.

According to a separate DNV survey of around 600 energy professionals conducted in February and March, the European power sector as a whole may be unprepared for the scale of the security challenge. This is the opinion of many workers in the sector, who say a lack of in-house cybersecurity skills is the biggest barrier to effectively guarding against attack.

"Companies in the energy space, their core business is producing energy, not cybersecurity," said Jalal Bouhdada, CEO of DNV's cybersecurity section Applied Risk.

"This means they must work hard to secure every aspect of their infrastructure, because malicious actors only need to find one gap to exploit."