Repeated cyberattacks cause concern about German wind industry’s IT security
Tagesspiegel Background
A string of apparently targeted cyberattacks on German wind farms has led to worries that the country’s main future power source is not sufficiently protected, Simon Frost reports for energy policy newsletter Tagesspiegel Background. Turbine manufacturers Nordex and maintenance provider Deutsche Windtechnik both grappled with attacks on their IT infrastructure earlier this year, with the latter attack quickly being linked to possible Russian perpetrators, a cause the company so far neither has ruled out nor confirmed, Frost writes. Wind power industry association BWE said its member companies are experiencing “a new quality of cyber threats” since Russia launched its invasion of Ukraine. An earlier incident this year, shortly after the invasion began on 24 February, led to roughly 5,800 turbines by manufacturer Enercon being cut off from remote control. While the Enercon case might have been “collateral damage” of an attack on a US satellite provider, this could not be said of the two later incidents.
The wind industry said it is well prepared to deal with IT security challenges, citing the decentralised nature of renewable power sources as an asset for system resilience. But energy system IT expert Hagen Lauer of research institute Fraunhofer SIT warned that renewables have become part of the country’s critical infrastructure, adding that many are operated by small companies with limited security resources. Lauer said the Federal Office for Information Security (BSI) should strive to better integrate small companies and also private solar power “prosumers” in its IT security architecture. “Instead of a centralized steering unit, we need smart local grids that can be disconnected in case of an attack to avoid malware from spreading over the entire system,” he argued.
The increasing digitalisation of the power system is seen as a prerequisite for the smooth integration of renewable power sources, which due to their intermittent production patterns require more intervention and load management than conventional power plants. Smart power meters that can help to better balance supply and demand at a micro level, and are supposed to be installed in every company and household, have repeatedly led to concerns that the energy transition comes with new challenges for IT security.