Wind farm security: attack surface, targets, scenarios and mitigation

As modern society grows more reliant on wind energy, wind farm deployments will become increasingly attractive targets for malicious entities. The geographic scale of wind farms, remoteness of assets, flat logical control networks and insecure control protocols expose wind farms to myriad threats. This paper attempts to clarify the gaps in the understanding of wind farm threats and their implications. The paper describes the anatomy of a generic wind farm and the attack vectors that can be leveraged to target its information technology, industrial control and physical assets. It discusses attack scenarios involving unauthorized wind turbine control, wind turbine damage, wind farm disruption and damage, and substation disruption and damage. Additionally, the paper highlights mitigation techniques that provide robust security coverage and reduce the negative cyber and physical impacts. The attack surface, targets, scenarios and mitigation techniques presented in this paper are common across wind farm deployments. However, it is still possible to add details about the unique aspects of wind farm assets, configurations and operations in order to develop a holistic risk management program geared for a specific wind farm deployment.