TRITON VIRUS SHUTS PLANT

The possible effects of a cyberattack range from capture of sensitive data and power outages to the destruction of a physical asset, said James Forrest, executive vice president at Capgemini, which advises companies on security risks.

He cited, in particular, the risk of malware such as the Triton virus, which hackers used to remotely take over the safety systems of a Saudi petrochemical plant in 2017 and shut it down.

While malware packages like Triton might be exotic algorithmic weapons, the most common mode of entry used by hackers looking to deliver them is more familiar, according to the executives and experts interviewed: via phishing emails designed to elicit data from employees like network passwords.

Such attacks are "more or less constant", according to Cem Gocgoren, information security chief at Svenska Kraftnaet. The Swedish grid operator has roughly quadrupled its cybersecurity team to about 60 over about the last four years and is raising awareness among staff. "We have to make them understand that we are under attack all the time. It's the new normal."

Hydro's ethical hacker Borgund echoed this sense of a relentless barrage via phishing, which she described as the "first initial vector" of cyberattackers.

CYBERATTACK ON SATELLITE

Traditional power plants like gas and nuclear typically operate on airgapped IT infrastructure that's sealed off from the outside, making them less susceptible to cyberattacks than physical sabotage, said Stephan Gerling, senior researcher at Kasperky's ICS CERT, which studies and detects cyber threats on industrial facilities.

By contrast, the ever-growing number of smaller renewable installations around Europe run on diverse third-party systems that are digitally hooked up to the power grid, and are below the power-generation monitoring threshold set by safety authorities, he added.

This kind of interconnectedness was demonstrated last February when a Russian cyberattack on a Ukrainian satellite communications network knocked out the remote monitoring of more than 5,800 wind turbines of Germany's Enercon and shut them down, said Mathias Boeswetter, head of IT security at German energy industry group BDEW.

While the incident did not affect the electricity grid, it showed the escalating cyber vulnerabilities posed by the energy transition, he added.

KEY TO HACKING A WIND FARM

Hacking into a wind farm can be relatively easy.

Researchers at the University of Tulsa conducted an experiment by hacking into unnamed wind farms in the United States in 2017 to test their vulnerabilities, with the permission of the wind farm operators, according to a report on cyber threats to energy by risk consultancy DNV.

The researchers picked a lock to gain access to a chamber in the base of a wind turbine, the report said. They accessed the turbine's server and got a list of IP addresses representing every networked turbine in the field. They then stopped the turbine from turning.

Driven by government efforts to wean nations off fossil fuels and double down on renewables, wind and solar power accounted for more than a fifth of European energy demand in 2021, according to EU data, a share expected to double by 2030.

EONGn.DE - Europe's largest operator of energy grids with a network sprawling 1 million miles - has also observed a rising risk of cyberattacks, its CEO Leonhard Birnbaum said at the group's shareholder meeting in May.

The company has expanded its dedicated cyber staff to around 200 over the years, it said in emailed comments, adding the group had long recognized the issue's relevance.

"Putting cybersecurity at the top of the priority list only after the start of the war in Ukraine and the energy crisis would have been a serious omission," it said.