In brief

In brief

  • As renewable energy assets mature to include digital capabilities, an increased risk of cyber-attacks threatens individual assets and the grid.
  • Renewables operators need to clearly understand the gaps in their security practices to comply with new regulations and address any weaknesses.
  • In Accenture’s view, cybersecurity investments should extend beyond compliance to look for leading practices for resilience against attacks.
  • Performing a security risk assessment, including resilience diagnostics and capability assessments, can improve cybersecurity and event response.

The cyber risk for renewables

A recent wave of renewables modernization and digitization is increasing connectivity between assets and their owners, operators and operations and maintenance (O&M) providers. This growing connectedness means renewables are not only digitally linked to each other, but also to the larger electricity system.

Electronic monitoring and control of utility-scale renewables without cybersecurity for sensors and wind turbines creates opportunities for new cybersecurity threats. These risks are magnified by the fact that many renewables assets are geographically dispersed, making attack detection difficult. The increasing capacity of renewables in the electricity system also poses a greater threat to the entire grid if asset security is compromised.

Renewables' growing capacity in the electricity system makes any threats a greater risk to the entire grid.

The many faces of cyber-attacks

Renewables can be impacted by several different types of cybersecurity attacks. Some examples include:

  • Hijacking physical control – The attacker takes control of the wind turbine or solar inverter, aiming to damage, disable or destroy it.
  • Hard stop of death – The attacker flips the wind turbine to and from emergency shutdown mode, causing damage that could lead to destruction.
  • Man-in-the-middle – The attacker uses software to take control of all traffic between the operator and assets without the operator knowing, creating the illusion that a wind farm is functioning normally while it is under attack.
  • Ransom – The attacker uses a cryptovirus or hardware to gain control of assets, disables remote control of the power plant and holds it for ransom.
  • Horus scenario – The attacker disrupts the supply balance by taking a large portion of solar generation offline at once, potentially leading to the breakdown of the electricity grid and threatening overall energy supply.

How Accenture can help

Accenture Security helps utilities build resilience with deep industry expertise to advise on strategy, implement innovative digital solutions and help companies continuously manage their security operations. We are continuously innovating to provide comprehensive, next-generation cybersecurity services at each step of the infrastructure lifecycle.

Strategy and risk

Assess your cyber risks and IT/OT information security strategy to help protect your entire value chain.

Cyber defense

Build resilience into your extended environment, including the cloud, mobile devices and the internet of things.

Digital identity

Get a highly scalable identity and access management system that dramatically accelerates time-to-market.

Application security

Accelerate release cycles while developing, running and maintaining applications with security built in.

Managed security

Scale security and compliance operations with our innovative technologies, as-a-service capabilities and expertise.

View All

Start your cyber resilience journey

Begin cybersecurity improvements by performing a security risk assessment composed of two parts:

  • Resilience diagnostics to identify weak areas and attack flows hackers are likely to follow to determine a strategy for improving defensive capabilities.
  • Capability assessments to examine an operator’s current cyber-defense capabilities across all dimensions of the business to develop a roadmap for improvement.

The outcome of a security risk assessment provides the required steps for a renewables operator to achieve regulatory and industry-standard compliance and will help build a more cyber-resilient business in a world of ever-increasing cyber threats.

Subscription Center
Stay in the Know with Our Newsletter Stay in the Know with Our Newsletter