Posters

Abstract

As wind energy companies become increasingly vital to the global transition toward renewable power, they face a rapidly evolving threat landscape. Sophisticated cyber adversaries, such as hacktivists, and criminal organizations, are targeting operational technology (OT) systems integral to energy generation and grid stability. Attacks can result in service disruptions, reputational damage, and even compromise of critical infrastructure, underscoring the urgent need for robust and adaptive security measures. In response to these challenges, WindEurope wanted to develop a comprehensive cyber-threat assessment methodology tailored specifically for the OT supply chain supporting wind assets. Recognizing the high stakes involved, this approach addresses growing concerns over deliberate system compromise by systemic rivals and entities influenced by geopolitical interests outside the EU. Through careful evaluation of both technical and non-technical supplier attributes, the methodology emphasizes the importance of rigorously qualifying and identifying threats that may impact energy generation operations. By quantifying each vendor’s risk profile and highlighting where mitigation is most needed, the framework empowers asset owners to allocate resources more effectively and safeguard the uninterrupted operation of wind energy facilities. The framework is built around roles (Product Supplier, Integration Service Provider, Maintenance Service Provider) and attributes (e.g., legal structure, ethical practices, cybersecurity maturity). It uses weighted scoring and threat modeling principles, including geopolitical risk indicators such as Foreign Ownership, Control & Influence (FOCI/UBO). The model is designed to be objective, repeatable, and aligned with international standards (IEC 62443, ISO 27000, NIS2, CRA).