This special interest group is for professionals to connect and discuss all types of carbon-free power alternatives, including nuclear, renewable, tidal and more.


Understanding Security in the Renewable Energy Industry

image credit: Photo courtesy of Storyblocks
Jane Marsh's picture

Jane Marsh is the Editor-in-Chief of She covers topics related to climate policy, sustainability, renewable energy and more.

  • Member since 2020
  • 120 items added with 103,515 views
  • May 4, 2021

The renewable energy industry is reaching new heights. The world added more than 260 gigawatts of green energy capacity in 2020, accounting for more than 80% of all added electricity. As the sector continues to grow, though, it needs to give more thought to cybersecurity.

Just like renewables, cybercrime is a growing trend, skyrocketing in the past couple of years. Cyberattacks are a threat to every industry, but they pose a particular risk to the energy sector, especially renewables. If the industry doesn’t address its current vulnerabilities, cybercrime could hinder renewables’ future growth.

Why Renewables Are Vulnerable

Cybersecurity may not seem relevant for renewables, which is part of why the sector is so vulnerable. Most green power companies are focused on making renewables more affordable, reliable and efficient, not secure. As a result, they often overlook cybersecurity vulnerabilities since they don’t see cybercrime as a pressing matter.

The nature of power grids, in general, makes them an enticing target for cybercriminals. They include infrastructure spread across multiple sites, making it challenging to monitor the entire system. A hacker could easily infiltrate part of the network hours or even days before someone notices. Coordinating actions between multiple distributed sites can also be a challenge.

Since renewables are a newer trend, renewable grids typically feature more technology like internet of things (IoT) devices. These interconnected gadgets improve grid operations, but they also make them more vulnerable to hacking. IoT devices rarely feature much built-in security, and every one is another possible entry point for cybercriminals.

A successful attack on renewable energy plants would also have substantial consequences. Wind energy alone accounts for 7% of total electricity generation in the U.S., so disrupting a wind farm could affect thousands if not millions of people. The more people rely on renewables, the more destructive these attacks will become.

How Renewable Energy Companies Can Improve Security

While these threats can be alarming, renewable energy companies can defend against them. Even basic cybersecurity steps can mitigate many of the vulnerabilities green power grids often have. Using strong, varied passwords and multi-factor authentication, for example, makes it much harder for hackers to infiltrate critical systems.

Improving physical security around critical infrastructure can help, too. Many cameras today feature instant surveillance, which sends images directly to cellphones or the cloud. Installing these devices around potential targets can catch cybercriminals who may try to install malware or unauthorized devices in person.

As IoT devices like smart transformers become more common, utilities need to ensure they’re secure. One study found that 98% of IoT traffic is unencrypted, so taking the time to encrypt network data can go a long way. Segmenting networks so IoT devices can’t act as gateways to more critical information is another helpful step.

Regular penetration testing should also become standard for green energy companies. Pen testing involves hiring a cybersecurity professional to try to infiltrate a system, revealing where any vulnerabilities are. If utilities do this regularly, they can stay on top of any emerging threats.

Ideally, as these issues keep rising, the industry will develop sector-wide cybersecurity standards. Until then, companies can turn to other authorities and frameworks to see how to improve their cybersecurity. The National Institute of Standards and Technology (NIST) has many resources that organizations can use for help.

Renewable Energy Must Become More Secure

The world needs renewable energy, and that means it needs cybersecurity in the sector. Without better security, green power grids could be susceptible to massive, damaging attacks, rendering them dangerous and unreliable. Thorough cybersecurity enables renewables to reach their full potential.

If the renewable energy sector can mitigate these threats, it’ll become a more viable replacement for fossil fuel-generated electricity. If it doesn’t, the consequences could be dire.

Steve Lindsay's picture
Steve Lindsay on May 5, 2021

Jane - good points.  I have heard many people smarter than me talk about the need to better secure wind and solar especially.  Hopefully, the Biden Administration's proclamations on ICS and IoT security comes with more details and requirements soon.  NERC CIP is good, but too vague and too dependent on self-regulation. It also covers little, if any, of the renewable generation assets.

Jane Marsh's picture
Thank Jane for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network® is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »