ArticlePDF Available

Wind farm security: Attack surface, targets, scenarios and mitigation

Authors:

Abstract

As modern society grows more reliant on wind energy, wind farm deployments will become increasingly attractive targets for malicious entities. The geographic scale of wind farms, remoteness of assets, flat logical control networks and insecure control protocols expose wind farms to myriad threats. This paper attempts to clarify the gaps in the understanding of wind farm threats and their implications. The paper describes the anatomy of a generic wind farm and the attack vectors that can be leveraged to target its information technology, industrial control system and physical assets. It discusses attack scenarios involving unauthorized wind turbine control, wind turbine damage, wind farm disruption and damage, and substation disruption and damage. Additionally, the paper highlights mitigation techniques that provide robust security coverage and reduce the negative cyber and physical impacts. The attack surface, targets, scenarios and mitigation techniques presented in this paper are common across wind farm deployments. However, it is still possible to add details about the unique aspects of wind farm assets, configurations and operations in order to develop a holistic risk management program geared for a specific wind farm deployment.
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
Power Grid
Substation
Grounding
Transformer
Grounding
Transformer
Step-Up
Transformer
Collector
Step-Up
Transformer
Step-Up
Transformer
Step-Up
Transformer
Wind Farm
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
Operations
Control
System
------------
Wind Farm
Management
Transmission
Control
System
-----------
Energy
Management
Ring Ring Ring
Control Center
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
Nacelle
Gear Box
Generator
Main Bearing
Anemometer
Transformers
Hydraulic Unit
Generator Cooler
Yaw Motor
Brake
Pitch Gears
Rotor
Tower
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
OPC : Request
OPC : Response
PAC/PLC
(Master)
OPC
Server
FTPTelnet HTTP
PLCs
(Slave)
ICS Switch
PAC/PLC
(Master)
OPC
Server
FTPTelnet HTTP
PLCs
(Slave)
ICS Switch
CAN Bus/Modbus
Operations Control Network
Operator/
Engineering
Stations
HMI
Historian
Operations Control Network
Transmission Control Network
ICS Switch
PLCs
Circuits
Relays
Operator/
Engineering
Stations
HMI
DNP3
Historian
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
OPC : Request
OPC : Response
OPC Client
HMI
Attacker
Wind Turbines
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
Attacker
2. OPC:Request
3. Malicious
OPC:Response
3. Malicious
OPC:Request
2. OPC:Response
1. ARP Poison 1. ARP Poison
OPC Client
HMI
Wind Turbines
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
Compromised
Turbine
Targeted Turbines
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
Secure VPN
Tunnels
Substation
Compromised
Turbine
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
... These attacks compromise not only the cyber aspects of the system but also have significant repercussions on the physical layer. The stealthy and sophisticated nature of these cyber-attacks makes their detrimental effects more challenging to detect than standard operational faults [2,3]. In the absence of robust monitoring and protective measures, such cyber-attacks pose a severe risk to the security and availability of wind farms. ...
... Two primary methods dominate the field of cyber-attack and intrusion detection: signature-based and anomaly-based detection [2][3][4]. The former relies on identifying known patterns or "signatures" of attacks, necessitating a continuously updated database as new patterns emerge. ...
... Therefore, to enhance the detection of anomalies due to cyber-attacks, the residuals are subjected to further analysis using the MSD and LOESS statistical methods to refine the residuals [14]. The MSD is calculated in (2), and the regression weights for each data point in LOESS are expressed by: ...
Conference Paper
Full-text available
As the global power landscape increasingly incorporates wind energy, wind turbine infrastructure has become a target for sophisticated cyber-attacks. These cyber-attacks, ingeniously crafted to infiltrate the cyber layer of wind turbine cyber-physical systems, can significantly impair system performance and potentially lead to severe cascading damages, aligned with the attackers' nefarious objectives. The stealthy nature of these sophisticated cyber-attacks renders their anomalous behaviors and patterns more challenging to identify than conventional faults, highlighting the urgent need for novel, specialized anomaly detection strategies tailored to wind turbine cyber-attacks. Addressing this critical concern, this paper proposes a machine learning-based normal behavior modeling approach designed to effectively detect anomalies induced by a new coordinated type of stealthy cyber-attack on wind turbines. This is achieved through advanced analysis and processing of the system's measured data, along with precise residual generation and evaluation. The efficiency of the proposed approach is demonstrated using an offshore wind turbine benchmark, factoring in wind turbulence, measurement noise, and complex cyber-attack scenarios.
... For example, in 2017, hackers used the Triton virus malware to remotely take over the safety systems of a Saudi petrochemical plant and shut it down (Buli et al., 2023). Researchers [11] have also inserted malicious code to demonstrate ability to manipulate physical wind turbines, which could induce emergency shutdowns and mechanical strain. ...
Article
Full-text available
In recent years, notable incidents have highlighted the vulnerability of wind energy infrastructure, making cybersecurity crucial for the offshore wind industry. However, justifying the costs of cybersecurity measures is essential. A cost benefit analysis (CBA) is commonly utilised to support decision-making for risk mitigation. With a cost benefit analysis, risk mitigation strategies that strike an optimal balance between the costs of mitigation measures and the resulting risk reduction can be identified. This survey of literature was carried out to identify the existing proposed solutions for cost benefit analysis on cyber risk mitigation measures for offshore wind cyber physical systems. After narrowing the area scope, a systematic search across Scopus and Web of Science, yielded 18 articles, of which six met the selection criteria. It was found that the there was a lack of cost benefit analysis of cybersecurity solutions for, or set in, the area of offshore wind directly. From the analysis of the surveyed works, suggestions on future directions were given. The existing literature found lacks detailed cost modelling for offshore wind, beyond general breakdowns encompassing capital, maintenance, and labour/installation expenses, risk and scenario loss. Some of the literature used contextual factors such as compatibility and effectiveness of mitigation measures, effects on OT performance, geographical location, geopolitical context, and installed rated power which could be adapted to suit offshore wind. Since offshore operations contribute significantly to costs, cost modelling and consideration of other relevant factors pertaining to this area would be beneficial if explored. As an emerging area, in the future we expect this research to be a basis and a methodology that can be expanded with a larger data set from other publications in the field. Thus, it represents an opportunity to advance knowledge in offshore wind cyber-physical systems.
... 6). Generally speaking, beyond military and defense forces concerns, security risks exist for wind park infrastructures per se attributable to "cyber-physical threats" such as malicious control of a wind turbine as well as disruption in the industrial control system, which could even impact the physical parts of the turbine, and disruption in a wind park, which could cause direct physical damage to a wind turbine (Staggs et al., 2017). ...
Article
Wind energy is becoming an essential part of the energy system in the Baltic Sea region (BSR). There has been a tremendous development of offshore wind energy in the early 21st century in this region, and the plan for further growth in the coming years is ambitious. The development and implementation of offshore wind energy is a complex process involving many physical and sociopolitical aspects. These aspects have their own characteristics in the BSR. Therefore, they have their unique impact and constraints on the regional development and implementation of the strategic energy technology (SET) plans. This includes implementing next-generation wind turbine technology, offshore wind farms and system integration, floating offshore wind and wind energy industrialization, wind energy operation, maintenance and installation, ecosystems, social impact and human capital agendas, and basic wind energy sciences. Climate change is an important issue to address in relation to future development. Among the questions that may arise are: How would climate change affect the wind resource, extreme wind, and several meteorological and oceanic variables relevant to the offshore wind energy sector? What does this effect imply for the development of offshore wind energy in the BSR? It is encouraging to acknowledge that there have been numerous relevant, good quality, pertinent studies on the subject of the BSR, and many more are ongoing. It is also inspiring to see that in the wind energy sector, there are already many technologies, methods, and tools that are sufficiently mature, and many of them, together with lessons learned through studies in other offshore regions, can be applied to support the urgent and extensive scale development of offshore wind in the BSR.
... This data is transmitted to a control center for monitoring and control purposes [8]. The control system can alter various turbine parameters like pitch and yaw of the turbine blades, it can also set the maximum rotor speed and can apply emergency breaks in case of fast winds [18]. In the case of floating wind turbines, the ballast tanks can also be controlled. ...
Preprint
Full-text available
There has been an unprecedented digitization drive in the industrial sector, especially in the maritime industry. The profusion of intelligent electronic devices and IOT-enabled cyber-physical systems (CPS) has helped in the efficient use of resources and increased convenience. CPS has enabled real-time remote command and control of industrial assets. Unlike the relatively isolated legacy systems, the intertwined nature of Information Technology(IT) and Operations Technology(OT) brought by Industry 4.0 has increased the complexity of the systems, thereby increasing the attack surface. This work explores the possible consequences of these attacks from a more holistic view, focusing on high-risk assets such as offshore oil rigs, offshore wind farms, and autonomous vessels. The attacks have become more aggressive with the proliferation of such technologies, disrupting the physical process, causing fire and explosion hazards, and endangering human life and environmental health. The possible attack scenarios, the attack vectors, and their physical consequences have been discussed from the perspective of personnel safety and health, along with known security breaches of such nature. To the best of the authors' knowledge, seldom has any work been done that accentuates the possible human and environmental impacts of such attacks.
Article
Wind power is of strategic importance for reducing carbon dioxide emissions, minimizing environmental pollution, and enhancing the sustainability of energy supply. Health monitoring of wind turbines is a crucial technology to ensure the quality of grid-connected power. Insufficient labeled data and class imbalance problems are two critical issues for intelligent fault diagnosis of wind turbines. In this article, an intelligent fault diagnosis method based on stacked capsule autoencoders is proposed to address the issues of inadequate labeled data and class imbalance. A prior knowledge-based convolution layer is applied to optimize the initialization of capsules, making it more conducive to learning spectral information. The pose representations of parts and objects can be improved, and a method for embedding spectral templates is proposed. The stacked capsule autoencoder in this study can learn partial templates unsupervised through likelihood estimation and establish the mapping between capsules and fault types. The experimental results, obtained from the CWRU dataset and a private dataset from a wind turbine drive-train simulation platform, demonstrate that the proposed method is robust to imbalanced and small-sized datasets. It can perform stable and effective unsupervised training by utilizing a sufficient amount of normal class data to expedite learning convergence.
Article
Inspired by the continued focuses on renewable energy cybersecurity issues, this paper aims to propose a cyber-resilient torque control framework for wind turbines to defend against the hybrid attack. The cyber threat model is established combining denial-of-service and data manipulation attacks, which attempts to destabilize the wind turbine system by implementing the attacks on the communication link from the rotor speed sensor to the controller. Particularly, the impact of hybrid attack is analyzed and classified into two cases, and the corresponding compensatory measures are developed. To mitigate the impact of the hybrid attack and stabilize the wind turbine system, a cyber-resilient torque control scheme combining zero-order holder and anomaly observer is proposed, which requires simple computational ability of the wind turbine system. Using the Lyapunov theory, the control target of optimal rotor speed tracking is guaranteed and the tolerable attack range under the proposed method is derived. Extensive studies are carried out on a 1.5 MW doubly-fed induction generator-based wind turbine, and the simulation results indicate that the proposed control strategy could effectively reduce the impacts caused by the hybrid attack.
ResearchGate has not been able to resolve any references for this publication.