Workshop Convenes Experts to Evaluate the Cybersecurity of U.S. Wind Farms
July 26, 2019
Earlier this month, NREL hosted a multi-stakeholder workshop to evaluate the growing potential for cybersecurity vulnerabilities on U.S. wind farms. The workshop, “Assessing the Impact of Cybersecurity on the Nation’s Wind Farms,” brought together the expertise of researchers across the national lab complex, the wind energy industry, original equipment manufacturers, cybersecurity product vendors, and standards organizations.
With support from the U.S. Department of Energy (DOE) Wind Energy Technologies Office (WETO), the primary goal of the workshop was to help inform the DOE Wind-Cybersecurity Roadmap, as well as new cybersecurity standards for the International Electrotechnical Commission Technical Committee 88. The DOE Wind-Cybersecurity Roadmap will outline the challenges and opportunities for the nation’s growing wind power industry, especially with the rising use of digital technologies on the grid.
“Wind power already represents a significant source of energy production across the nation, with some states exceeding 25% of their generation from wind,” said Jonathan White, manager of Cyber-Physical Energy Systems Security at NREL. “This dramatic growth in wind energy installations requires our due diligence to ensure these assets are secure from malicious activities.”
Opening sessions were led by NREL’s Energy Systems Integration Associate Laboratory Director Juan Torres, National Wind Technology Center Director Daniel Laird, WETO’s Acting Program Manager for Grid Integration Jian Fu, and Technical Adviser to IEC’s Technical Committee 88 Bob Sherwin. Industry panelists represented a variety of organizations, including General Electric, BP, and Siemens, that initiated productive discussion on the current state of cybersecurity for the wind industry—and where there are gaps.
During the final sessions, breakout discussions were held to identify the state of the art, gaps, and opportunities for cybersecurity across four different focus areas: lifecycle security control (or supply chain oversight), sensor integrity, security risk management, and cybersecurity strategy and automated response. Some solutions proposed improving verification of standards across different sectors, more frequent monitoring of sensor data, and incentivizing organizational cybersecurity. A report detailing discussion outputs from the workshop will be available soon.
Learn more about NREL’s work in cybersecurity.