As the renewable energy industry advances, the adoption of new technologies is essential for ensuring efficiency and security. However, many renewable energy plants still rely on legacy SCADA systems, which introduce significant cybersecurity risks as they struggle to integrate with modern protocols.
SCADA (Supervisory Control and Data Acquisition) systems are the backbone of monitoring and control in renewable energy plants. But as these systems age, their vulnerabilities increase, making them prime targets for cyberattacks. Outdated systems often lack the robust security measures necessary to protect against modern cyber threats, creating a weak point in plant operations.
Many SCADA systems in renewable energy plants, such as those managing wind farms, solar plants, and hydroelectric facilities, still rely on legacy hardware and protocols like Modbus, DNP3, and IEC 60870-5-104. Some outdated versions of these protocols present in some early renewable plants, lack of robust cybersecurity measures, as the primary focus at the time when these protocols were developed was on operational functionality and interoperability. Consequently, the lack of essential security features such as encryption and strong authentication mechanisms, makes these versions of these protocols vulnerable to a variety of cyber-attacks.
Purdue Model implementation, according to the IEC 62443 standards, can significantly enhance cybersecurity by providing a structured framework that segments the network into distinct zones and conduits, enabling robust defense-in-depth strategies and ensuring comprehensive protection against potential threats.
One major vulnerability is the susceptibility to data interception and manipulation. Without encryption, data transmitted between SCADA components can be intercepted by potential malicious actors. This unencrypted data often includes critical operational commands and sensitive information, which, if manipulated, can lead to equipment malfunctions or disrupted energy production. For example, an attacker could alter command signals, causing significant operational issues.
The outdated nature of these systems also creates challenges in integrating modern cybersecurity solutions. The enhancement of security features in these legacy systems can be difficult and expensive, often requiring substantial modifications or complete system overhauls. As a result, many renewable energy operators continue to use these vulnerable systems to maintain functionality, despite the increasing cybersecurity risks.
In addition, legacy systems lack of compatibility with modern security practices, such as regular patching and updates. This lack of support increases the exposition of known vulnerabilities that attackers can exploit leading to potential shutdowns or other incidents which can affect not only to a specific plant but also to the stability of the grid in certain scenarios. This issue situation is also furtherly complicated by the remote locations of many renewable energy plants, making timely updates and maintenance difficult.
Mitigating the cybersecurity risks associated with legacy systems requires a multi- faceted approach. Implementing network segmentation, which involves isolating SCADA networks from other IT networks, can help limit the spread of potential cyber- attacks. Additionally, incorporating zero trust network access (ZTNA) ensures that all users, both inside and outside the organization, are authenticated, authorized, and continuously validated before being granted access to applications and data. Furthermore, using VPN tunnelization provides secure, encrypted connections, protecting data transmission and mitigating unauthorized access. The natural evolution of IDS/IPS systems to network detection and response (NDR) systems can also offer enhanced capabilities, such as advanced threat detection and automated response, further strengthening the defense against sophisticated cyber threats.
Thus, the European research project ELECTRON, of which we are part together with 33 other companies, applies a novel comprehensive framework which involves risk assessment, cyber defence and certification in order to support prevention, detection, response and mitigation of cyber threats, targeted at critical energy infrastructures, considering the specificities of modern systems (e.g. interconnection of legacy systems such as SCADA with IoT and smart metering devices). The ELECTRON framework identifies and tracks the relationships among the physical and cyber assets of the available communication and energy infrastructure and using them to efficiently calculate individual, cumulative and propagated risks, as well as apply mitigation actions for tackling identified cyber threats.
