UK offshore wind farms urgently need protection from cyberattacks

New research from the Alan Turing Institute suggests glaring holes in tech protections for some of the country’s most vital energy infrastructure.

The remote locations of offshore windfarms makes them particularly vulnerable to cyberattacks. Extensive digital infrastructure is needed to  ensure they can communicate effectively with onshore systems, but many facilities continue to rely on outdated systems.

This combination of legacy and modern IT support is especially problematic in cybersecurity terms due to the way different platforms link up. Researchers have suggested AI and intelligent automation could offer greater protection, helping human operators recognise and predict when threats are surfacing. Other solutions include new emergency response plans, cross-border intelligence sharing, and security response protocols. 

The analysis, conducted by the Alan Turing Institute’s Centre for Emerging Technologies [CETaS] and Data Centric Engineering [DCE] comes at a particularly difficult time for offshore wind in the UK. Experts recently warned that value for money is being prioritised in developments, which means new facilities are not as effective or future proof as they could be. 

Another report in June revealed manufacturing of turbines and other components is falling where it needs to be for Britain to meet targets. Meanwhile, the new Labour Government has already removed a de-facto ban on onshore wind in England, which is set to introduce a glut of competition into the market. 

Nevertheless, the UK is the world leader in offshore wind power, with more capacity operational than any other nation, accounting for 13% of overall electricity production. In 2023, more electricity was produced in this way than via gas for the first time in the country’s history.

‘The UK’s offshore wind production is set to significantly increase over the coming years. However, the more it becomes integrated into our energy supplies the greater the potential for serious disruption if it were to come under a cyberattack,’ said Dr Alexander Babuta, Director of CETaS.

‘Incorporating AI into these systems is one way that cybersecurity could be improved,’ they continued. ‘However, to make offshore wind more resilient we need to consider the robustness of the entire system, such as rapid power recovery, as well as eliminating cybersecurity threats.’

Not only could a rise in cyberattacks take facilities offline, it also risks damaging public trust in the technology. Recent months have seen cybersecurity, malware and ransomware incidents reported by a number of wind energy firms. These include Vestas, Nordex, Deutsche Windtechnik, and Enercon.  

‘As offshore wind becomes a larger part of the UK’s energy supply, it is essential that more is done to protect it from disruption and cyberattacks,’ said Anna Knack, Lead Researcher at CETaS and author of the new report. ‘New regulation, innovative technical solutions and international collaboration across sectors will be crucial to making these systems more resilient in the future and ensuring the nation can safeguard its access to an important source of renewable energy.’