- Project Name:
- Wind Farm Power Generation Cybersecurity Assurance
- Project Details:
- Country:
- USA
- Location in Country:
- Midwest
- Start Date:
- 2023-04
- Duration:
- 6 Months
- Professional Resources:
- 3
Business Objectives 
Our Role 
Results - Identified specific attack vectors: Communication infrastructure distortion, data corruption leading to miscoordination & turbine generator manipulation
- Developed a wind specific reference architecture to strengthen segmentation of all OT infrastructure
- Improvements to Firewall Management and configuration
- When the Nordex Group, a large manufacturer of wind turbines, experienced a cyberattack in March 2022, an assurance exercise was launched on a client’s wind farms in the US consisting of the field equipment, SCADA, remote operations centre and the transmission centre to determine the risk to the smart grid native generators and ultimate cyber risk to the power system.
- Conduct an assurance review of the client’s control system architecture assessing attack surface weaknesses. Determine the level of compliance to the US national regulations requirements on Bulk Electrical Systems (BES) against the NERC CIP set of standards. Identify gaps and make recommendations to improve security postures as well as implement lessons learned from the incident investigation report on the Nordex attack.