19 December 2024
NATO determined to protect critical undersea energy infrastructure
Europe wants to build lots more renewables to strengthen its energy security and industrial competitiveness. The geopolitical situation poses new questions around the security of these assets. At its Annual Roundtable on Energy Security NATO confirmed its determination to protect critical energy infrastructure.
The war in Ukraine has radically changed the threat landscape across Europe, particularly in the Baltic and Arctic Seas. This week NATO organised its Annual Roundtable on Energy Security at the NATO headquarters in Brussels. WindEurope CEO Giles Dickson participated in a panel discussion on critical energy infrastructure at sea and wider energy security threats.
Protecting turbines and grids from hostile acts of sabotage and cyber warfare
The NATO panel focused on current physical and cybersecurity threats to offshore wind farms and undersea cables. It concluded that hybrid attacks and sabotage remain the most pressing threats to critical undersea infrastructure in Europe. Dickson also stressed the crucial importance of data security.
“Europe must strengthen its efforts to protect its growing offshore wind infrastructure from physical attacks and sabotage. At the same time we mustn’t underestimate the cyber and data security threats. There are 300 sensors on a modern wind turbine. The data from those sensors should be stored and analysed exclusively in Europe and friendly countries”, said Dickson.
NATO Foreign Ministers warn of Russian and Chinese hostile actions
The event came a week after NATO Foreign Ministers met in Brussels to address escalating campaigns of hostile actions in NATO countries. Presenting the results of that meeting NATO Secretary General Mark Rutte said “both Russia and China have tried to destabilise our countries and divide our societies with acts of sabotage, cyber-attacks, and energy blackmail”.
The NATO Foreign Ministers also pointed to a sharp increase in such attacks. “There have been 500 suspicious incidents in Europe this year. Up to 100 of them can be attributed to Russian hybrid attacks, espionage and influence peddling”, said Czech Foreign Minister Jan Lipavsky.
At its 2023 Vilnius Summit, NATO agreed to establish a Maritime Centre for the Security of Critical Underwater Infrastructure (CUI) within NATO’s Allied Maritime Command (MARCOM). This CUI Coordination Cell became operational in 2023. It focuses on deterring and defending against the coercive use of energy and other hybrid actions. It also pools satellite surveillance of hostile vessels that may be interfering with energy infrastructure. The NATO Foreign Ministers meeting discussed increased information sharing, joint exercises, better protection of critical infrastructure and cyber defence.
Wind boosts energy security
Wind is now 20% of all the electricity consumed in Europe. It is critical to strengthening Europe’s energy security. Not least as its home-grown and reduces the need for fossil fuel imports. The wind energy it has produced this year has saved Europe the equivalent of 100 bcm of gas imports.
The decentralised nature of wind energy – there are 107,000 wind turbines across Europe – also makes it less vulnerable to sabotage and foreign interference than many other forms of energy. The German Army is now advising German companies to operate their own wind turbines.
But wind and grid assets also need protecting
The physical threats to Europe’s wind, grid and other offshore energy infrastructure are real. So are the cyber and data threats to wind energy infrastructure, both onshore and offshore.
Modern wind turbines have up to 300 sensors on them monitoring the performance of the different components. These sensors produce huge amounts of data and give the power to control the functioning of the relevant components and thereby the turbines. It is essential to mitigate the inherent risks here and ensure maximum data security of Europe’s wind farms. And to protect them from cyber attacks. This requires encryption tools, secure SCADA systems, and EU-based data management solutions.
The EU Cyber Resilience Act, the “NIS2” Directive (the EU’s Cybersecurity Law) and the EU Network Code for Cybersecurity are crucial tools here. The EU Net Zero Industry Act also requires pre-qualification criteria in wind energy auctions on cyber and data security.
- Risk assessment for cybersecurity and data security
- Requirements for prioritizing technology suppliers based on data handling locations within the EU Customs Union and GPA Signatory Countries
- Regular assessment of cybersecurity and data security risks