Hijacking Wind Farms Is Just a Breeze

Wind energy is steadily becoming more popular across the world, but wind turbines are not sufficiently protected against attacks. Research has shown that hijacking or sabotaging wind farms is not difficult and can be done from afar or from the turbine premises.

Wind turbines are fragile behemoths and even small interference with the way they function can damage them. This type of equipment is located in areas that are not monitored, which makes physical and digital intrusions detectable long after the damage is done. They form a network that is managed remotely, often via a web interface accessible over the internet. An attacker who gains access to the network could control all turbines on the same segment.

In 2015, Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued multiple alerts for wind turbines with remotely exploitable vulnerabilities that allowed them to be hijacked. Such advisories have been sparse since then, and exposure over the web has decreased dramatically, but this should not be viewed as an indicator of strong security.

An independent security researcher found that turbines in US wind farms remain unprotected and could be attacked with little effort. For two years, Jason Staggs and a fellow researcher assessed wind turbine resistance to hacking. The equipment came from five manufacturers and the tests were done with the permission of its owners.

According to Wired, the two pentesters easily picked the lock of a turbine, and instructed the apparatus to halt with a command from a laptop. The link to the turbine was established by connecting a WiFi-enabled Raspberry Pi minicomputer to the programmable automation controller. As long as they were within wireless reach, the researchers could control any node on the network from the command line.

An easy entrance to the turbine’s server and poorly secured access to the control systems are a deadly combination for the machine and its network. Intruders need only one visit to the target to install tools that would grant control over the entire wind farm from a distant location. They could plant software that allows them to cause damage at a convenient time, for ransom demands or pure sabotage.

Staggs will present his findings at BlackHat and DefCon security conferences at the end of the month. He will also talk about demonstrative exploit tools that target control network design and implementation vulnerabilities. The attack software can be used to send commands to other turbines on the network, to spread an infection across the entire farm or to send fake messages to operators.

Image credit: Michal Klajban