In recent years, the fact that information exchange is provided with “data” through computers and the internet, which are almost indispensable elements of our lives, has brought new security areas with it. Communication and information exchange via computers and the internet have both made daily life easier and necessitated the protection of some areas. While the rapid spread of informatics and the internet globally provides unlimited freedom to individuals, when it comes to security gaps, certain actions have been defined as “crimes” and protected in order to prevent the misuse of information systems.
Here, the fact that information and technology have been intertwined in recent years, the protection of “data” and the prevention of all kinds of illegal acts that can be carried out with information tools have also led to the emergence of the definition of “cyber security”. So, what is “cyber security” that we have frequently encountered in recent years?
In the most general terms, “cyber security” is the set of activities that include protecting information systems from attacks, securing information and data processed in this environment, detecting possible attacks, activating response mechanisms against these detections, and then returning the systems to their pre-cyber incident states.
When defining the concept of cyber security, it may actually be necessary to include the term “cyber”. The term “cyber” is used to define assets that include computers, technology, and networks. These assets can be counted as “computers, servers, network devices, internet-connected televisions, software and hardware components in these devices”. When we talk about the mechanism created through these assets that can prevent any act that may threaten information security and confidentiality, we come across the concept of “cyber security”.
Acts created in the fields of information that may threaten security can be described as “cyber crime”. If a “crime” concept is mentioned, it is also necessary to mention the penalties to be given in the face of the consequences of this crime. In other words, when there is a cyber attack, a “law” will be mentioned in return. Here, the “criminal” equivalent of the “criminal” acts that can be committed in the fields of informatics has also led to the emergence of “cybersecurity law”.
The evaluation of the issue of cybersecurity for the “renewable energy” sector is of great importance due to the increase in cyberattacks on energy systems in the world. In particular, the integration of digitalization into the energy sector has made the energy infrastructure more efficient, while at the same time leaving it vulnerable to attacks. As the issue gains importance at the global level and the world becomes increasingly dependent on interconnected energy systems, the threat of cyber-physical attacks on these vital infrastructures and the security and reliability of future energy systems have led to the development of some strategic policies.
The “cybersecurity threats” to renewable energy, which are also accepted globally, can be listed under the following headings;
- Attacks on Smart Grids: Renewable energy systems generally work integrated with smart grids. Cyberattacks on these grids can interrupt energy distribution.
- SCADA Systems: SCADA (Supervisory Control and Data Acquisition) systems used in renewable energy facilities are critical for remote control and monitoring. Vulnerabilities in SCADA systems can leave a door open to cyber attacks.
- IoT Devices and Sensors: IoT devices used in solar panels, wind turbines and energy storage systems can be targeted by attackers due to insufficient security measures.
- Data Security: Theft or manipulation of data related to energy production and consumption can affect the operation of the system.
There are many examples of cyber attacks on renewable energy in the global world. Among the prominent attacks, attacks on Ukraine’s energy infrastructure in 2015 and 2016 were carried out, revealing the risks of cyber warfare to the energy sector. In these attacks, energy outages occurred due to the seizure of SCADA systems. Another example is the Colony Pipeline Attack in 2021. The ransomware attack on the Colonial Pipeline in the US targeted the oil and gas sector, revealing the vulnerability of the energy sector and showing that renewable energy facilities are at similar risk. Again, cyber attacks on IoT devices in renewable energy facilities in countries such as Germany and Spain have caused major disruptions in energy management.
So, what policies and regulations have been developed against possible “cyber attacks” on renewable energy in the world?
- European Union (EU): The NIS Directive (Network and Information Security) has introduced stronger cybersecurity measures for critical infrastructures.
- USA: The Department of Energy (DOE) is implementing a comprehensive cybersecurity strategy to protect renewable energy infrastructure.
- Asia-Pacific: Countries such as China and Japan are working to increase cybersecurity standards in the energy sector.
- Turkey: Turkey has made significant progress in integrating cybersecurity into national security, and according to the “Global Cybersecurity Index” data, it ranks in the top 10 worldwide and 6th in Europe. ASELSAN’s “National Smart Grid Management System” and “National Central Supervision Control and Data Acquisition System” (SCADA) developed for energy infrastructures include power conversion and energy storage management systems for renewable energy resource areas. The Smart Grid Systems components developed within ASELSAN have recently started to be used in BOTAŞ oil and natural gas networks, and the “Batman-Dörtyol Crude Oil Pipeline SCADA Supply and Installation Project” was signed between ASELSAN and the Presidency of Defense Industries for the needs of BOTAŞ.
- Denmark: The country has made IoT device security standards mandatory to increase digital security in wind energy production.
- Australia: Resistance to cyber attacks has been increased with decentralized control systems developed for solar energy farms.
- Singapore: Data security has been ensured with blockchain-based energy management systems in microgrids.
- NATO: Since Russia invaded Ukraine in 2014, NATO member countries have begun to train against possible cyber attacks on renewable energy sources, as energy companies providing alternatives to fossil fuels have been increasingly subjected to cyber attacks.
- IEC 101 or T 101 protocol; The IEC 60870-5-101 protocol, also known as IEC 101 or T 101 protocol, is a common non-routable SCADA protocol used primarily to support efficient communication between main terminal units and remote terminal units in the electric power industry in Europe, North Africa, the Middle East, China, and elsewhere in the world. The protocol is designed to collect and send detailed data required to provide real-time monitoring and control of geographically distributed data.
- Energy Sector and Cybersecurity Forum: International cooperation platforms play an important role in sharing information and developing common solutions against attacks.
- Critical Infrastructure Protection Programs: NATO and other international organizations are leading cybersecurity projects to protect energy infrastructure.
- Blockchain-based energy management systems are being used to increase security.
- Artificial intelligence (AI)-supported cyber threat detection systems are becoming widespread to detect attacks in advance.
It is seen that as the transition to renewable energy accelerates in the world, it is critical to make these systems more resilient to cybersecurity threats. At this point, “Stronger Regulations”, “Information Sharing”, “Investments” and “Security of Energy Infrastructure”, as well as “awareness studies” in this area and most importantly, ensuring cooperation between both states and the private sector for a safer energy infrastructure in the future are quite valuable.
Sources
Cyber-physical attack and the future energy systems: A review – ScienceDirect
“Planning the electrical energy system 2.0 with Smart Grids”; https://ieeexplore.ieee.org/document/6673065/
Tarek, CHERIFI, Lamia, HAMAMI; A practical implementation of unconditional security for the IEC 60780-5-101 SCADA protocol – ScienceDirect
She graduated from Çankaya University Faculty of Law in 2005. In the same year, she completed her master’s degree in Constitutional Law at Çankaya University, Department of Public Law. Until 2011, she worked as an ODY-ÜDY Instructor at Vocational Training Centers affiliated with the Ministry of Transport. For approximately 15 years, she has been working as a legal expert at the Union of Chambers and Commodity Exchanges of Turkey (TOBB). Initially, she was involved in Foreign Trade and International Logistics at TOBB and represented the United Nations for nearly seven years. She is currently serving as a legal expert in the SME Policies Directorate within the TOBB Department of Real Sector R&D and Implementation.
Meanwhile, she is working on completing her doctoral dissertation in Administrative Law at Gazi University, Department of Public Law-Administrative Law. After completing her thesis on TOBB, which is recognized by the Council of Higher Education (YÖK) in Turkey, she plans to publish it as a book.
Additionally, since 2023, she has been writing columns in the London section of “DÜNDAR HUKUK” and “DÜNDAR LEGAL SERVICE CONSULTANCY,” which have established themselves internationally, particularly in the field of energy and renewable energy.