Who is responsible for cybersecurity at wind parks?

Mohamed Harrou, OT security engineer at energy supplier Amprion, explains the added value of OT security in wind farms and PV systems. With 12 years of experience in renewable energy systems, he provides practical insights into the technological and organizational challenges of modern wind parks and gives a surprising and rather unsettling answer to the question of responsibilities.

Duration:

25 min

Guest in this episode:

Mohamed Harou

OT Security Engineer Amprion Offshore

Transcript

Keywords

OT security, cybersecurity, renewable energy, wind park, PV systems, NIS2, critical infrastructure, compliance, energy sector, stakeholders

‍

Takeaways

OT security is becoming increasingly important in the field of renewable energy systems (RES).

The complexity of modern energy systems and organization has multiplied.

NIS2 means that all energy companies and service providers in the sector must review their compliance status.

Cybersecurity also improves the availability of EEAs and ensures efficient operations.

Cybersecurity is a matter of investment protection and risk management.

Responsibilities for cybersecurity at wind farms and PV parks are far from clear. Stakeholders need to proactively coordinate their efforts.

‍

Pull Quotes

“The complexity of renewable energy systems has grown enormously. We now have many more devices, much more complex devices, and many more people involved. You have the direct marketer, you have the grid operator, you have environmental monitoring, and so on and so forth.”

“The energy sector is the mother of all critical infrastructures.”

“When you deal with IT security, you also get systems that run more reliably and securely. There are many things that are introduced through cybersecurity that also help operational processes.”

“A hacker has the ability to not only encrypt the SCADA system, rendering a wind farm inoperable. In theory, there is even a risk of physical damage to the wind turbines. How expensive can IT security be that you take this risk? And does your own insurance really pay for it?"

Chapter

00:00 Introduction to OT security in renewable energy sources (RES)

03:01 The development of RES complexity from 2012 to today

06:09 NIS2 and the legal framework for EEA operators

09:04 Understanding thresholds for critical infrastructure

11:48 Penalties under NIS2 and the German IT Security Act (IT-SiG) 2.0

12:25 Network structure and stakeholders in RES

18:15 Relevance of cybersecurity for reliable operation and efficient management of utilities

19:55 Who is responsible for cybersecurity in wind parks?

23:33 Risk management in RES

24:19 Closing remarks

‍