Addressing the cybersecurity needs of the renewable energy sector

In the present context, cyber threats are not just limited to the banking and financial sector. Apart from these critical industries, cybersecurity is critical for the renewable energy industry too. The renewable energy segment is expected to grow 55% in the next five years, powered by the boost in the solar energy segment. As More than 1.9 million people still do not have a standard electricity connectioncon, the growth of solar, as well as the renewable energy sector, is pertinent. With increasing popularity and penetration of such use cases, the cyberthreats have also increased. Hackers and cybercriminals are increasingly targeting the energy sector with unique ways such as ransomware and other money laundering techniques.

There has been a huge increase in the number of cyber threats in renewable sector in the past few years. Ransomware, zero-footprint attacks, advanced persistent attacks, trojans, phishing are some of the techniques hackers use to target the industry. The most common form of attack, zero footprint, does not require installation of malicious software but instead infects pre-installed applications that are deemed to be secured by the stakeholders.

Internet of Things (IoT) & Industrial Internet of Things (IIoT) is catering to the scalability requirement of the industry by providing a credible way to scale for wind farms, hydroelectric dams, water farms and other establishments in the renewable energy segment. Currently, thousands of sensors and gateways collect a vast amount of data at these establishments. From the resistance of blades to wind energy at the base of solar panel, temperature to condition, IoT sensors are improving efficiency by providing a way to understand, measure, monitor and control different components.

On the one hand the manufacturers and operators in the energy industry are leveraging technologies like smart inverters to reduce operational costs, but at the same time, intercommunication abilities between the grid and inverters have opened avenues for vulnerability. Hackers can use remote devices to control electrical flow. They can also cause blackouts, overload the system, stop grid operations and, in turn, ask for a ransom by exploiting vulnerabilities in the communication systems. On the other hand, companies are also offering smart automation and home systems to customers. As devices in automation systems are connected to the internet and involve data transfers, this also makes the companies and customers vulnerable to data breach and cyberattacks.?

Common Cyber Vulnerabilities within the Renewable Energy Sector

·????? CVE-2019-11367 The web portal makes use of basic HTTP authentication with an account/password to the www-example attribute. Anyone can log in to the system using the account/password.

·?????? CVE-2018-12735 Hackers can create a direct request to inverterinfo.htm file or the admin page as the solar inverter supports the sharing of potentially sensitive information via a direct request alone. This makes the work of hackers easier.

·?????? CVE-2017-9851 The application can be crashed by transmitting garbage data or fixing TELNET in SMA Explorer’s database port. ?

·?????? CVE-2017-9853 Most of the inverters have a very weak policy for setting user passwords. There is no length requirement and the passwords are often limited to 10 characters. This makes it easy to crack the passwords and enter the system.?

·?????? CVE-2017-9855

A grid protection system serves as a secondary authentication system for the installer. This system makes use of approximate codes and single security code can be used on any of the installed inverter. This makes the system vulnerable to unauthorized changes as anyone can use a security code combining it with the installer account.

·?????? CVE-2017-9852 SMA solar technology products also suffer from an incorrect password management vulnerability. Mostly, default passwords are not changed by anyone and stay the same during the installation by the same company. Hidden user accounts use a fixed password for all the devices which cannot be changed by a user. This paves the way for a vulnerability that enables hackers to get access to passwords for the hidden user account.

·?????? VE-2017-9861 SIP implementation doesn’t make use of any encrypted authentication. This makes it vulnerable to cyberattacks and hackers try to packet injection attacks and other attacks. Such attacks allow hackers to use SIP for communication with any device within the local area networks. Hackers use this issue to exploit known vulnerabilities or for obtaining sensitive information from SIP communication. Additionally, they use vulnerabilities to communicate with the SMA server or to prevent the device from crashing. As the SIP communication channel in non-encrypted, hackers can understand the protocol and see critical information such as passwords and other operational information which they can remove at a later stage. All these vulnerabilities can be exploited remotely if any device is connected to a network. If the hacker or attacker is on same LAN, he can access any device from anywhere in the world.

?

Why are wind farms vulnerable?

Modern wind farms are managed by industrial control systems that connect turbines, substations, equipment to a central computer system just like a nerve center. Most of these systems were designed to promote efficiency and are not very good with security and safety. Several of these systems are also connected to IoT, making them cost-effective but makes them vulnerable to hacking attempts.

If a system or a meter is not embedded with security features, any hacker can make use of syringes to infuse a malicious code into a device’s memory chip. The code interrupts electrical signals in a memory chip. Hackers can access the signals to play with the device’s programming. Even when a meter or a system is embedded with safety features, hackers may still use custom devices to extract information.

The two-way radio chip on smart meter allows devices to read and receive commands remotely using a network. The chip in a meter consists of software with security codes that attracts a hacker to attack and crack the programming of a meter.

Several of the old wind parks with its embedded communication systems were never designed using ‘Safety by Design’ mindset.? They don’t use IEC/ISO 62443 standards or operational technologies like SCADA. Offshore wind parks with its substations also require a unique security approach than just cybersecurity. Old communication protocols don’t use any security enhancement, which makes third-party remote access vulnerable to hacks and cyberattacks.

As the frequency and scope of cyberattacks increase, the renewable energy sector is likely to become a common target for hackers. To enforce high-level cybersecurity, the renewable energy sector must realize the weaknesses and address the requirement of investing in cyber defense strategies.

To make this possible, the industry must work closely with the government and private players to deal with increasing cyber threats. A public-private partnership would be a great solution for renewable energy sector in the modern era to become cyber-secure.