This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Offshore wind farms not prepared to fend off cyberattacks

29 January 2024

A new study has revealed that the communication architecture of offshore wind farms in Glasgow has multiple cybersecurity weak spots.

From left: Hang Du, Jun Yan and Juanwei Chen
From left: Hang Du, Jun Yan and Juanwei Chen

The hurrying pace of societal electrification is encouraging from a climate perspective. But the transition away from fossil fuels toward renewable sources like wind presents new risks that are not yet fully understood.

Researchers from Concordia and Hydro-Quebec presented a new study on the topic in Glasgow, United Kingdom at the 2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). 

Their study explores the risks of cyberattacks faced by offshore wind farms. Specifically, the researchers considered wind farms that use voltage-source-converter high-voltage direct-current (VSC-HVDC) connections, which are rapidly becoming the most cost-effective solution to harvest offshore wind energy around the world.

"As we advance the integration of renewable energies, it is imperative to recognise that we are venturing into uncharted territory, with unknown vulnerabilities and cyber threats," says Juanwei Chen, a PhD student at the Concordia Institute for Information Systems Engineering (CIISE) at the Gina Cody School of Engineering and Computer Science.

"Offshore wind farms are connected to the main power grid using HVDC technologies. These farms may face new operational challenges," Chen explains.

"Our focus is to investigate how these challenges could be intensified by cyber threats and to assess the broader impact these threats might have on our power grid."

Complex and vulnerable systems
Offshore wind farms require more cyber infrastructure than onshore wind farms, given that offshore farms are often dozens of kilometres from land and operated remotely. 

Offshore wind farms need to communicate with onshore systems via a wide area network. Meanwhile, the turbines also communicate with maintenance vessels and inspection drones, as well as with each other.

This complex, hybrid-communication architecture presents multiple access points for cyberattacks. If malicious actors were able to penetrate the local area network of the converter station on the wind farm side, these actors could tamper with the system's sensors. This tampering could lead to the replacement of actual data with false information. As a result, electrical disturbances would affect the offshore wind farm at the points of common coupling.

In turn, these disturbances could trigger poorly dampened power oscillations from the offshore wind farms when all the offshore wind farms are generating their maximum output. 

If these cyber-induced electrical disturbances are repetitive and match the frequency of the poorly dampened power oscillations, the oscillations could be amplified. These amplified oscillations might then be transmitted through the HVDC system, potentially reaching and affecting the stability of the main power grid. 

While existing systems usually have redundancies built in to protect them against physical contingencies, such protection is rare against cybersecurity breaches.

"The system networks can handle events like router failures or signal decays. If there is an attacker in the middle who is trying to hijack the signals, then that becomes more concerning," says Yan, the Concordia University Research Chair (Tier 2) in Artificial Intelligence in Cyber Security and Resilience.

Yan adds that considerable gaps exist in the industry, both among manufacturers and utilities. While many organisations are focusing on corporate issues such as data security and access controls, much is to be done to strengthen the security of operational technologies.

He notes that Concordia is leading the push for international standardisation efforts, but acknowledges the work is just beginning.

"There are regulatory standards for the US and Canada, but they often only state what is required without specifying how it should be done," he says. 

"Researchers and operators are aware of the need to protect our energy security, but there remain many directions to pursue and open questions to answer."

Print this page | E-mail this page