Cybersecurity for a remotely operated wind farm
To constantly monitor and control our upcoming wind park, a complex and redundant OT (Operational Technology) system is required. In addition to the green electricity, an enormous amount of data will be generated and transferred from the wind park to shore. Data from all kinds of sensors will be passing through fiber optic cables to the onshore WPO (Wind Park Owner) control rooms. To control the systems of the wind park, data is also travelling in the opposite direction back to sea. Both the monitoring and the management of the park are crucial for safe and reliable operation, and optimal electricity output to the grid.
We spoke to Ekansh Aggarwal, Electrical Package Engineer and Edwin Klom, Network Security Engineer. Together they are responsible for the WPO (Wind Park Owner) infrastructure. They will ensure that connection to the park is established and maintained in the most secure way possible. We had a chat with them on the challenges in the field of data and cybersecurity.
Edwin: My job at CrossWind concerns every part or cable that has data passing through it. I notice that people do not always pay enough attention to cyber security. In the past few months there have been examples of factories, and even windfarms that were being compromised. Sometimes for “fun or money” but hacks are also attempted by hacking-groups that are looking for vulnerabilities in the systems and some of those groups are even aiming to cause disturbance in our society.
Recently, the Dutch government has designated projects larger than 100MW as 'critical infrastructure' to our society. The law contains measures to increase digital resilience of services that are essential for the proper functioning of Dutch society and economy. That means that we must comply with the WBNI law and cyber security regulations from the Radio Communications Agency Netherlands.
How do we approach Cybersecurity in a project like CrossWind?
I would say by defining the requirements. What do we want to protect and what parts need to be accessible and to whom and how? There are industry standards, but you can certainly write and design your own requirements. It’s all about mitigating the relevant risks. There are two ways, of how I am involved in the OT network for CrossWind. There are the physical parts of the design. Meaning that we need secondary, or ‘backup’ connections for the data to reach us. We call that redundancy. And there is another part, and that is the data security of our systems. Making specific systems, data and control only available to the ones who need to have access.
Together with Ekansh we are trying to find the optimal balance in accessibility and workability of the design. And at the same time we are creating an infrastructure that is as safe as a huge valve. If it would only be up to me, I wouldn’t let anyone into the systems - haha.
Ekansh Aggarwal - Electrical Package Engineer & Edwin Klom - Network Security Engineer
Ekansh: Our roles are interconnected. And it is really nice to work with Edwin. As an electrical package engineer I’m involved in various discussions about the electrical design, construction, commissioning and operability of the park. Electrical safety is extremely important and we are aiming to make the design as safe as we possibly can. In addition to delivering a safe system, we are responsible to make sure that we are producing as much power as possible in a reliable manner. Finally, our control systems, called SCADA – Supervisory control and Data Acquisition – work closely with the control systems of our partner Tennet, to stabilise the national electricity grid. To achieve these three targets in a completely unmanned offshore installation, we need to be able to respond quickly to adjust the park operation in an instant when we need to.
Revenue and power quality metering systems are also very important systems. These systems measure the total amount and “quality” of the power we produce. This system is giving us certified readings to show what we deliver. Edwin’s role is crucial here. Since we are depending on live measurements from the park to monitor and control our offshore installation, it is vital that all the data is fast and reliable, but also protected in a secure environment.
"The need for sharing data is a must, but it needs to be done safe and secure."
Edwin Klom, Network Security Engineer
Edwin: DTS (Distributed Temperature Sensing) system is an example of how we can make good use of different kinds of datasets we receive from various measurements in the field. Since the bottom of the sea is subject to swells and currents, the volume of sand above our subsea power cables may vary. So we need to know how well our cables are protected by the layer of sand that is on top. To accomplish this, we measure how much energy a cable is carrying at a specific moment, and we take a close look at the temperature readout from the cable at the same time using the light properties inside the embedded fiber optic cores. Using this method, we can make a fairly good estimate of how deep the cables are buried underneath the seabed.
Of course we are performing our standard surveys by our vessels to scan the seabed, but DTS is a nice and cost effective way of making use of the data we have available to keep an eye on the seabed throughout the year. And the DTS measurements and calculations can all be carried out remotely, which reduces any HSSE exposure associated with vessel surveys.
The components of CrossWind park vary from blinking lights (aviation lights) on the turbines, to the switching gears and to the overall wind park control. There are about 15 to 20 systems constantly producing data and talking to each other. Our challenge is to develop 1 logical overview to monitor and control the entire performance of the park. The need for sharing data is a must, but it needs to be done safe and secure.There are plenty of examples in the last period of cyber-attacks on factories. Some of them had a well “segregated” system so the damage there was limited. But if you have one big system that is overruling everything, you can create a vulnerability. Cybersecurity is all about closing doors and giving the keys only to the right people and systems. In my opinion.
Ekansh: While working on this project we more and more realised the importance of cyber security at CrossWind. After diving deep into this subject I’ve learned to upgrade my personal cybersecurity as well. I am paying much more attention to how I am managing my personal passwords and logins than I did before this project. I believe it’s a positive change and it’s a lot about behaviour. Imagine that you don’t lock your home when leaving. Or not wearing a seatbelt in the car. We should pay the same amount of attention of data security as we have for working safely offshore for example.
Edwin: In a case that we lose the connection to the wind park, it is still capable of working autonomously and producing power. Smart features, like grid support, operate automatically. The windpark can also identify conditions to turn off a wind turbine automatically.
Ekansh: One of the major components is of course the offshore high voltage substation. That is what all the turbines are connected to and from where the power is sent to shore. The station is being pre-fabricated onshore at Hoboken in Antwerp, Belgium. The systems that we discussed will all be installed and tested at the yard, to minimise the offshore works and the associated safety exposure. The substation will then sail away on a barge for offshore installation.
For me it is very meaningful that I can work on a project that will contribute towards climate action. Working in the field I’m realising how big this industry is going to become. Each day I’m learning about all the latest innovations in the field and that makes my work very satisfying.
Edwin: For me it’s similar. It’s nice to have my talents put to use for something that is ‘green’ and has social value. But It’s also the diverse scope and complexity that I like about this project so much.