Cyber Risks for Solar and Wind Installations

As the power grid becomes more integrated and the number of generation sites grow, the power grid has become a bigger target for cybercrime. Understanding the risks facing renewable installations can help asset management companies, building owners, and operations and maintenance (O&M) contractors protect their installations from cyber criminals.

Instead of an isolated incident, a breach of a third-party monitoring system’s data has the potential to take down an entire portfolio of properties, causing costly business interruptions. Without proper firewall and security protocols, cyber criminals can target a central server in a remote location and steal energy from multiple sites.

“This can create a tremendous disruption in operations,” said Jay Hurin, a Travelers Risk Control safety professional. “It’s one of the additional risks of a connected world.” Hackers targeting solar and wind installations have the potential to alter turbine speeds and divert energy flows. Hurin and the Risk Control cyber team work with renewable energy customers to identify their cyber risks and develop controls to minimize their exposures.

Here are some ways to protect solar and wind installations from cyber risks:

Practice Sound Cybersecurity

Perform due diligence when choosing a third-party vendor for cloud storage. Practice good password management, which is often the front line in deterring a cybercrime. Train employees to recognize spear phishing threats through malicious emails, which could compromise the network. Don’t give full network access to employees, vendors or contractors unless they specifically need it to perform their roles. Avoid storing other sensitive information along with data associated with the solar or wind installation, a practice that could increase the cost and complexity of a data breach.

Explore Contractual Risk Transfer and Other Provisions

Contractual language should clearly detail where your organization’s responsibilities begin and end. Contractual risk transfer (CRT) can help protect renewable companies when working with third-party services or products. This is especially important when hiring subcontractors to perform O&M work, and third-party companies to store data. Potential issues could include damage to equipment and loss of revenue related to disruptions caused by shutdowns.

Enforce Physical Security Measures

Beyond firewalls and electronics, physical security is also important in protecting solar and wind installations from cyber thieves. Physically secure computers and other devices with access to the network, and make sure that only authorized personnel have access to them.

Consider Cyber Insurance

Establishing a strong cyber security culture can help protect the renewable energy industry from potential attacks. But with the increasing number of threats, potential security measures alone might not be enough to prevent a breach. Renewable energy companies may want to consider cyber insurance. Specifically designed to help companies respond to a data breach, cyber coverage can be tailored based on a renewable energy company’s specific risks.

As a growing concern for renewable energy companies, cybercrime presents new challenges in identifying resources to shore up the vulnerabilities. These companies may benefit from dedicating resources to physical security, hardware and software, and a host of other concerns. A first line of defense, though, can be found in the appropriate cyber insurance coverage.