www.PDHonline.com - Your Gateway to Lifelong Learning   |   Email: PDHonline@Gmail.com   
PDH Online Course Description PDH Units/
Learning Units (Hours)

Buy Now

View Course

View or Take Quiz


Cyber Risks for Renewable Energy Infrastructure

Dale Wuokko, P.E.

The United States (U.S.) electrical power grid is critical infrastructure consisting of electrical power generating plants, renewable energy sources, transmission and distribution lines, transformers, structures, systems, and devices that create and bring electrical power to the end-user. Electricity is the “life blood” of an industrial and technology-driven nation, and the power grid functions as critical infrastructure so vital to the U.S. that its incapacity or destruction would have a significant debilitating impact on the Nation’s security, public health, safety, and economy. The design, construction, operation, and maintenance of this critical infrastructure depends on multiple engineering disciplines, including electrical, civil, mechanical, industrial, computer, hydrological, environmental, and others.

Renewable energy also commonly referred to as “green” or “clean energy,” is energy obtained from natural sources or processes that is not depleted when used and is naturally replenished. Examples of renewable energy sources include solar, wind, hydro, geothermal, and biomass. Solar and wind renewable energy which are variable renewable energy generators (VREGs) that provide variable and non-dispatchable electrical power output due to the natural variability of the sun and wind. Electrical generating plants powered by coal, natural gas, and nuclear are considered baseline electrical power generators whose source of energy production can be controlled and dispatched by operators 24/7. With the rapid growth of VREGs such as solar and wind, their connection to the electrical power grid, and their increasingly role of importance to a safe and reliable grid, it is imperative that these generating sources be protected against cyberattacks. The growing connectivity between multiple renewable energy generators and the grid increases cybersecurity vulnerabilities and broadens the threat landscape by expanding the number of potential entry points through which malicious cyberattacks can be launched. Cyber attackers are constantly probing to penetrate the weakest link in the U.S. energy sector and if the weakest link is in unsecured or poorly secured renewable energy generators that is where ultimately a cyberattack will be perpetrated.

This course focuses on the solar and wind power generating infrastructure aspects of the renewable energy sector, the cyber risks associated with it, and cyber management actions for providing for greater resilience, mitigation, and recovery. This energy sector, which is fast-growing and technology-dependent, has already been subject to cyberattacks. For example, on March 5, 2019, a Utah-based renewable energy provider experienced a "denial of service" (DOS) cyberattack that temporarily resulted in intermittent signal interruptions and lost connections with its solar and wind generators totaling 500 megawatts over a span of approximately 12 hours. While this cyberattack did not result in a blackout, it was the first publicly acknowledged disruptive cyberattack to occur on the U.S. power grid. Given the increasing role of importance in the electrical power energy industry of renewable energy generators it is vital for the industry to develop and actively implement appropriate cybersecurity strategies.

The risk environment of the electrical power grid and its renewable energy generators is complex with threats, vulnerabilities, and consequences continuing to evolve daily. The power grid has long been subject to risks associated with physical threats and natural disasters. The power grid is now increasingly exposed to cyber risks due to the integration of information and communication technologies with the operation of solar and wind electrical generating facilities and the power grid. With the addition of each solar and wind generating facility controlled by informational and operational technology and connected to the electrical power grid, the cyberattack surface is increased correspondingly resulting in additional cyber risk to the grid. Furthermore, a cyberattack perpetrator need not even be located within U.S. national boundaries. Adversaries world-wide are now focused on remotely exploiting cyber vulnerabilities of the electrical power grid in numerous countries, including the U.S.

Accordingly, solar and wind generating assets require robust cybersecurity to ensure its continued growth of integration with the electrical power grid. This is a challenging goal as solar and wind energy technologies and deployments are highly diverse, and no single cybersecurity strategy can apply to all solar and wind generating facilities. However, there should be no doubt that as solar and wind generating assets become more critical contributors to the electrical power grid, cyberattacks will aggressively target these assets intent on exploiting for ransom or intent on causing economic or public health and safety harm.

It is critical that cybersecurity be retrofitted as-appropriate to existing generating assets, proactively applied to new generating assets, and scrupulously maintained up-to-date. Because solar and wind energy technologies and deployments are highly diverse, specifically-designed cybersecurity strategies must be applied to these generating assets. Moreover, no cybersecurity is, or ever will be, completely impregnable and generating companies may never be able to defend themselves against every cyberattack. Indeed, it is quite probable that as solar and wind energy generation becomes a significant source of electricity for the power grid and thereby an attractive target for cyber perpetrators, there will be successful cyberattacks on connected solar and wind generating sources. Accordingly, solar and wind generating companies must also design robust resilience into their systems and have in place well-planned and tested mitigation and recovery plans.

This course includes a multiple-choice quiz at the end, which is designed to enhance the understanding of the course materials.

View Course Content

NY PE & PLS: You must choose courses that are technical in nature or related to matters of laws and ethics contributing to the health and welfare of the public. NY Board does not accept courses related to office management, risk management, leadership, marketing, accounting, financial planning, real estate, and basic CAD. Specific course topics that are on the borderline and are not acceptable by the NY Board have been noted under the course description on our website.