View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Industrial cybersecurity weaknesses found in wind farms

As conversation builds on the topic of critical infrastructure being weak on cybersecurity, will a widescale review be prompted?

By Tom Ball

Major oversights in the cybersecurity of wind farms have been revealed, as researchers find that only one needs to be compromised to control an entire farm.

A major concern sparked by this finding pertains to the massive losses that could be accrued by a wind farm being out of action, even for a short period of time.

This finding is also concerning as wind energy is becoming responsible for an increasing percentage of renewable energy. For example, energy contributed by wind farms is 4.7% in the United States, a figure expected to rise to 20% by 2030, according to a Black Hat 2017 presentation.

The weakness of cybersecurity at wind farms was exposed by a researcher, Jason Staggs, Ph.D, from the University of Tulsa. Mr Staggs had little difficulty in accessing turbines both from a cybersecurity standpoint, and from a physical one as well.

Cyber attacks on critical infrastructure are becoming a trend, with news regarding hackers targeting U.S. nuclear power plants emerging recently for example. There were also stand out examples of SCADA cyber attacks on power grids in the Ukraine in 2015 and 2016.

David Emm, Principal Researcher at Kaspersky Lab said: “In this morning’s news, findings from the recent Black Hat conference have predicted that hackers could exploit weak security in industrial control systems to devastating effect. It’s clear that the world isn’t ready for cyber-attacks against critical infrastructure – this includes governments, law enforcement agencies, those who run such facilities and those who design and build them. Attackers, on the other hand, are clearly ready and able to launch attacks on these facilities. We’ve seen attacks on power grids, oil refineries, steel plants, financial infrastructure, seaports and hospitals. #

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?
READ MORE: Google ransomware warning: How to keep your business secure

With high levels of international political tension, it is likely that we will see an increase in cyber attacks on critical infrastructure.

“It’s not sufficient to simply protect endpoints and networks, not least because no two facilities are the same; security must be tailored to the specific needs of each organisation and be seen as an ongoing process,” said Emm.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU