A string of apparently targeted cyber attacks on German wind farms has led to worries that the country’s main future power source is not sufficiently protected, according to a report in the energy policy newsletter Tagesspiegel Background. Turbine manufacturers Nordex and maintenance provider Deutsche Windtechnik both sufffered attacks on their IT infrastructure earlier this year, with the latter attack quickly being linked to possible Russian perpetrators, although the cause has not yet been finally ascertained.
Wind power industry association BWE said its member companies are experiencing ‘a new quality of cyber threats since Russia launched its invasion of Ukraine. An earlier incident this year, shortly after the invasion began on 24 February, led to roughly 5800 turbines by manufacturer Enercon being cut off from remote control. While the Enercon case might have been ‘collateral damage’ of an attack on a US satellite provider, this could not be said of the two later incidents.
The wind industry says it is well prepared to deal with IT security challenges, citing the decentralised nature of renewable power sources as an asset for system resilience. But energy system IT expert Hagen Lauer of research institute Fraunhofer SIT warned that renewables have become part of the country’s critical infrastructure, adding that many are operated by small companies with limited security resources. Lauer said the Federal Office for Information Security (BSI) should strive to better integrate small companies, and also private solar power ‘prosumers’ in its IT security architecture. “Instead of a centralised steering unit, we need smart local grids that can be disconnected in case of an attack to avoid malware from spreading over the entire system,” he argued.
The increasing digitalisation of the power system is seen as a prerequisite for the smooth integration of renewable power sources, which due to their intermittent production patterns require more intervention and load management than conventional power plants. The use of smart power meters that can help to better balance supply and demand at a micro level, and are intended eventually to be installed in every company and household, has repeatedly led to concerns that the energy transition comes with new challenges for IT security.