Wind power is now an important energy source for the electric grid and this continues to be an exciting time in history for all renewables. What could go wrong?
University of Tulsa conducted a 2 year red team review on five U.S. based wind farms with 1000+ wind turbines. The research covered multiple equipment models from five major vendors. Browse the presentation here.
No PI Systems were harmed in this research. The soft targets identified were the industrial control networks. Communication protocols like OPC XML and remote access mechanisms offer little protection from miscreants. Similarly insecure protocols like FTP and TELNET were observed for device management. To quote: "Boom, you're in".
While wind power is still relatively new, this presentation reminds us that legacy technology lingers a lot longer than may be intuitive. Industrial products in general are struggling to adopt safer communication protocols.
To the contrary for the modern PI System, all communication protocols are protected natively and we look forward to helping power generation and other sectors optimize their PI System including associated cyber defenses.
ps> For more on next generation control protocols I recommend viewing Adam Crain of Automatak and Rich Corrigan of SDGE describe SSP-21 as a new path forward. SSP-21 was my favorite technical paper from S4x17. While there are many other industrial protocols emerging (eg OPC-UA) with support for tamper resisting ciphers, the SSP-21 research suggests perhaps a smarter approach than wrapping everything in TLS.