Offshore wind farms located in the North Sea are becoming increasing vulnerable to cyber attacks, according to a new report.

Wind farms located in remote areas rely heavily on digital connections to communicate with land-based systems. But many are equipped with out-dated technology and lack proper security measures, according to a report from the Alan Turing Institute Centre for Emerging Technology and Security (CETaS).

Anna Knack, lead researcher for CETaS and report author, said: “As offshore wind becomes a larger part of the UK’s energy supply, it is essential that more is done to protect it from disruption and cyberattacks.”

The UK government has taken steps to tackle the issue of the physical safety of wind farms in April this year, when the Britain became a signatory to a declaration on the protection of critical underwater energy and telecommunication infrastructure in the North Sea.

It includes subsea fibre optic cables, oil and gas pipelines, electrical interconnectors, and offshore wind farm installations because of concerns that physical attacks might put the energy assets and supply into jeopardy.

The CETaS report warns that the UK should, with plans to significantly increase renewable capacity in the UK, also reinforce its resilience to cyber-attacks. The report added that beyond power disruption, not implementing secure systems could impact business operations, finances, and even lead to lawsuits.

The United States has also recognised the threat and the Department of Energy released a guide to help secure clean energy supplies from cyberattacks.

Jake Sullivan, U.S. National Security Advisor, said in a statement: “As new digital clean energy technologies are integrated, we must ensure they are cyber secure to prevent destruction or disruption in services.” 

The concerns about cyber attacks extend beyond wind farms as the entire renewable energy sector is becoming a growing target for malicious actors, such as terrorists and hostile states. The report warns that successful cyber attacks could lead to power outages that could disrupt key services.

It is estimated that by 2050, global power systems will be 70% reliant on variable renewable energy sources, such as wind, solar and tidal. As these renewable energy sources are connected to the power grid, it creates more ways for attackers to get in and cause disruptions.

Cyber Energia, a renewable energy security company, found that UK renewables firms face up to 1,000 attempted cyber-attacks per day. The company stated: “Our analysis shows that in the wind sector alone, only 1% out of around 10,000 sites has some sort of cyber solution.”

RenewableUK, a not for profit renewable energy trade association, said that the success of the global renewable energy sector over the past decade has made it an attractive target for hackers.

The main motivation for cyber attacks is financial gain but now that renewable power is essential to global energy security the industry is also attracting geopolitically motivated actors seeking to destabilise national infrastructure, according to the association.

Indirect cyber attacks can also have an impact on the sector. In 2022, on the day of Russia’s invasion of Ukraine, American satellite company ViaSat, which supplies internet access to tens of thousands of people in Ukraine and Europe, suffered a cyber attack. The attack affected the satellites used to control Enercon’s wind turbines in Germany, cutting off remote access to over 5,800 wind turbines.

Executives of Europe’s top energy companies agreed that Russia’s cyberattacks on Ukraine exposed a weakness, showing how digital and interconnected power systems are vulnerable to attacks.

The risk management company SecurityScorecard also said that 90% of the world’s largest energy companies suffered breaches in 2023 as a result of third parties. The attacks resulted in leak of sensitive information, financial damage, and damaged reputations.