For two years, researchers from the University of Tulsa have been exposing vulnerabilities in one of America’s fastest growing power sources, wind turbines. Mostly unsecured, these wind turbines have become an increasingly larger part of America’s energy supply, and with little effort, the researchers were able to penetrate and commandeer their operations. Andy Greenberg writes at WIRED:
The researchers developed three proof-of-concept attacks to demonstrate how hackers could exploit the vulnerable wind farms they infiltrated. One tool they built, called Windshark, simply sent commands to other turbines on the network, disabling them or repeatedly slamming on their brakes to cause wear and damage. Windworm, another piece of malicious software, went further: It used telnet and FTP to spread from one programmable automation controller to another, until it infected all of a wind farm’s computers. A third attack tool, called Windpoison, used a trick called ARP cache poisoning, which exploits how control systems locate and identify components on a network. Windpoison spoofed those addresses to insert itself as a man-in-the-middle in the operators’ communications with the turbines. That would allow hackers to falsify the signals being sent back from the turbines, hiding disruptive attacks from the operators’ systems.
While the Tulsa researchers shut off only a single turbine at a time in their tests, they point out that their methods could easily paralyze an entire wind farm, cutting off as much as hundreds of megawatts of power.
Wind farms produce a relatively smaller amount of energy than their coal or nuclear equivalents, and grid operators expect them to be less reliable, given their dependence on the real-time ebb and flow of wind currents. That means even taking out a full farm may not dramatically impact the grid overall, says Ben Miller, a researcher at the critical-infrastructure security startup Dragos Inc. and a former engineer at the North American Electric Reliability Council.
More concerning than attacks to stop turbines, Miller says, are those intended to damage them. The equipment is designed for lightness and efficiency, and is often fragile as a result. That, along with the high costs of going even temporarily offline, make the vulnerabilities potentially devastating for a wind farm owner. “It would all probably be far more impactful to the operator of the wind farm than it would be to the grid,” Miller says.
Staggs argues that this potential to cause costly downtime for wind farms leaves their owners open to extortion or other kinds of profit-seeking sabotage. “This is just the tip of the iceberg,” he says. “Imagine a ransomware scenario.”
Read more here.