But the prospect of giant wind turbines sprouting up in coastal waters stretching from New England to Florida may further complicate cybersecurity concerns that are already being raised about wind power.

Wind energy recently surpassed 7 percent of U.S. power production and, thanks to generous taxpayer subsidies and renewable energy mandates in some states, its percentage is likely to continue rising. The more wind installations that come into service, the more cybersecurity challenges their integrated control systems and related technologies will pose. For cyber criminals/terrorists, wind power—whether offshore or land-based—makes for an inviting target.

‘Significant Cybersecurity Concerns’

“As wind becomes an ever-increasing part of the ‘smart grid’ landscape, the bidirectional communication upon which wind energy equipment is reliant also introduces significant cybersecurity concerns,” a July 2020 report by the U.S. Department of Energy concluded.

“Standards for communications, equipment, and security practices are currently underdeveloped or absent from the wind industry. Cybersecurity standards specific to the wind industry currently do not exist. The wind industry largely depends on standards developed for other energy systems and technologies, meaning that the specific cybersecurity needs of wind energy technologies are not well understood.”

Underscoring the seriousness of the problem, the DOE report, “Roadmap for Wind Cybersecurity,” makes several additional points:

  • Cyber incidents targeting wind energy systems have already occurred, just as with other aspects of the Energy Sector, and will likely increase in sophistication and number
  • The wind plant life cycle involves many parties; effective cybersecurity practices are difficult to establish, maintain, and trace through the supply chain from construction to operation to repowering to decommissioning
  • Wind generation assets require robust cybersecurity practices to ensure continued integration with the bulk electric system
  • Wind energy technologies and developments are highly diverse; no single cybersecurity strategy can apply to all wind plants
  • Effective, available cybersecurity options may be cost prohibitive for some wind installations
  • Few specific cybersecurity standards specific for wind exist
  • Few incentives for wind energy stakeholders have been established to prioritize cybersecurity over other investments (e.g., reliability, performance, etc.)
  • Cyber threat, vulnerability, incident, and mitigation sharing is limited among wind energy stakeholders
  • Current market offers few and underdeveloped wind-specific cybersecurity services, products, and strategies.

Joseph W. Weiss, an international authority on cybersecurity, control systems, and system security, confirms that wind turbines have been targeted, though the attacks have not been widely reported. The attackers went after wind installation SCADA (Supervisory Control and Data Acquisition) networks and wind turbine gear boxes, he said.

“The lack of public awareness of wind farm cyber incidents has negatively affected the industry’s focus on addressing cybersecurity,” Weiss said. “Consequently, it may take a real test to demonstrate that wind turbine cyber vulnerabilities can cause damage to critical equipment such as gear boxes.” SCADA is a computer system that gets real-time data about a system in order to control that system.

Cyber attackers generally exploit previously known vulnerabilities. The vulnerabilities of wind-energy equipment are well known among bad actors, as their repeated attacks attest. While cybersecurity is a concern to all energy producers connected to the grid, the Biden administration’s plans to expand wind power—offshore and on land—entail risks that the public may not fully appreciate.

The White House has set a target of 30 gigawatts of wind capacity by 2030, nearly double the forecasts by the end of the decade. Currently, the United States has two small offshore wind installations—a 30-megawatt facility off Block Island, Rhode Island and a pilot project off the coast of Virginia that has not yet come online.

Coastal wind turbines recently received another boost, when Rep. Elaine Lucia (D-Va.) established the bipartisan Congressional Offshore Wind Caucus. “In addition to helping us avoid the most severe impacts of climate change, expanding offshore wind energy would create long-term job opportunities for countless Americans,” Lucia said in a statement.

Chinese Interest

American wind installations, with their potential to serve as a gateway to the nation’s power grid, have already caught the attention of Beijing. Houston-based GH America Energy is a wholly-owned subsidiary of Chinese Guanghui Industry Investment Group, which, since 2015, has purchased some 140,000 acres of land about 200 miles west of San Antonio, Texas.

The Xinjiang-based parent company is a massive conglomerate with extensive holdings in real estate, liquified natural gas, transportation, and chemicals. Guanghui’s billionaire founder, CEO, and Communist Party member, Sun Guangxin, wants to erect hundreds of wind turbines and perhaps several giant solar arrays in the Devils River area of West Texas. Sun’s Devils River property happens to be located near Laughlin Air Force Base, a training center for pilots.

If Sun’s project comes to fruition, Chinese-owned wind turbines reaching hundreds of feet into the air will be in close proximity to a U.S. military base. As Daniel M. Hoffman, a former chief of station with the CIA, wrote in the Washington Times (Aug. 14): “GH America would use the cover of a windmill farm renewable energy business to spy on behalf of China’s ruthless dictatorship.”

Whether carrying out cyber attacks from afar or spying from up-close, America’s adversaries have a lot to gain from the expansion of wind power.