According to the International Energy Agency, offshore renewable energy represents less than 1% of global power generation. However, it represents more than 10% of the actual electrical capacity for countries like the United Kingdom, Denmark and the Netherlands, and is expected to reach 40% for Denmark by 2030. In the European Union, offshore wind capacity is expected to grow to 60 GW by 2030 and 300 GW by 2050 — compared to actual 463 GW of combustible fuel-based electrical plants and 120 GW of nuclear capacity in 2018. This is great news for the decarbonization and green energy movements.
However, it also means that such assets will become more and more critical for the electrical needs of the countries which rely on them, especially in Northern Europe. Becoming a critical asset brings with it some constraints at different levels: regulatory, security and resilience.
Known as the NIS directive, the EU network and information security directive adopted in 2016 (EU 2016/1148) is the first piece of EU-wide cybersecurity legislation to enhance cybersecurity across the EU. It includes specific national supervision including ex-ante supervision of critical sectors (energy, transport, water, health, digital infrastructure, finance) and ex-post supervision for critical digital service providers (online marketplaces, cloud, search engines).
Each country must create a list of companies subject to this supervision and underlying rules, but until now, it appears that no offshore wind farm has ever been subject to these requirements. However, it is difficult to get a comprehensive view because most EU member countries keep this information strictly confidential.
In parallel, there are also local laws for infrastructures in the US, UK and France. In France, the a military law enacted in 2013 created cyber obligations for critical infrastructure operators.
Thus, the more important offshore wind farms become to a nation’s power capacity, the more regulations and obligations will apply to them.
Aside from the increasing regulatory constraints, there are also security challenges. On the cyber and communication side, it is interesting to look at the cyberattack on Viasat in March 2022 which affected wind farms in Germany. The attack disrupted the satellite links used by wind farms for monitoring and maintenance. It may have in fact been collateral damage, as most Viasat customers using the same system were affected. Notwithstanding, it still created a significant disruption.
Similar but more targeted attacks could have a bigger impact on the offshore wind sector. Some measures that could be taken to reduce the risk include relying on multiple satellite networks belonging to different operators with different land stations, and adding other transmission technologies when possible, such as private PMR/LTE networks, microwave, HF and fiber optics.
Apart from remote attacks, there are also physical threats such as cutting undersea internet cables (as highlighted by President Joe Biden in February 2022) or attacks on undersea electric cables or concentrators. Mitigations for such threats should include closely monitoring undersea infrastructures.
Finally, some physical intrusions may be possible, either in the area of the offshore wind farm, on the masts or on the OSS (offshore substation). Different actions could be taken to counter them, such as video analytics, electromagnetic monitoring and maritime and air situational awareness.
Reducing the risks associated with such security challenges will improve resilience. To properly assess resilience, it is important to examine all SPOFs (single points of failure) across the entire chain. This includes power transmission, communication lines, security add-ons, and the potential domino effect of a supplier disruption — as demonstrated by the German wind farm example or recent disruptions of major clouds.
Energy and security policies are more closely linked than ever before. Offshore wind is now a key solution for meeting our growing electrical needs and global climate goals. As critical assets, offshore wind farms need to help deliver energy security by following a traditional risk-based approach.
The first step is to identify the threats, then evaluate the probability of their occurrence and impact. Second, we must mitigate such risks to reduce the likelihood of negative impacts by implementing technical and/or operational measures. The residual risks can either be assumed or covered by specific insurance packages. Finally, we must re-evaluate the risks and benefits of the mitigations using specific monitoring.
These three simple steps will help ensure a cleaner, greener, more secure energy supply to meet the world’s growing electricity needs for the future.
About the author
Mission-Critical Systems Business Development Manager – Critical Communications expert