Ensuring Resilience in Ocean Energy Power Plants: A Survey of Cybersecurity Measures

Abstract

Offshore Renewable Energy (ORE) is a promising solution to address the challenges of climate change and the depletion of fossil fuels [1]. Wave power, a form of ORE, is considered one of the purest energy sources with significant growth potential [2]. In addition to investing in these energy sources, nations are also working to enhance the protection of Critical Infrastructure (CI). CI encompasses all services crucial to the functioning of society and the economy, including electric power systems and their various forms of generation, such as renewable energy sources. Hence, in addition to exploring various forms of power generation, the cybersecurity of the networks connecting the devices in these systems is a crucial aspect to consider to prevent attacks and minimize the risk of cyber threats to suppliers and customers [3]. For instance, the European Commission states that reducing CI vulnerability and increasing its resilience is one of the main objectives of the European Union.

However, to date, a comprehensive review that synthesizes the various approaches to cybersecurity in ocean energy is yet to be published. The objective of this study is to present a comprehensive survey of the application of cybersecurity measures to renewable energy sources, with a specific focus on ocean energy. A systematic review of the literature was carried out, following the steps outlined by Kitchenham [4]. The methodology steps are illustrated in the flowchart (see Figure 1). Of the 49 articles selected, three main study topics emerged: i) smart ocean, ii) cybersecurity for renewable energy systems, and iii) marine data security. These three topics are interrelated as a smart ocean can be considered as an integrated sensing, communication, and computing ecosystem that connects marine objects in surface and underwater environments [5]. Once the wave energy converters (WECs) are installed, it is also essential to develop safety systems for these devices, as demonstrated in the first report on cybersecurity guidance for MRE (Marine Renewable Energy) systems [6] prepared by the Pacific Northwest National Laboratory (PNNL). In preparation for this report, researchers reviewed the cyber threats and vulnerabilities of information technology (IT) and operational technology (OT) equipment used in various WEC models. Figure 2 presents an example of the possible threats and attacks on WEC devices.

In conclusion, this article provides a comprehensive survey of the application of cybersecurity measures in ocean energy, highlighting the importance of reducing vulnerability in the cybersecurity of power plants in this sector. Through a systematic review of the literature, three main study topics were identified and analysed, providing a valuable resource for future research in this area. The findings of this study can inform and guide the development of more secure and resilient systems, contributing to the overall improvement of critical infrastructure in the field of ocean energy. As such, this article offers a significant contribution to the ongoing effort to address the challenges posed by the changing energy landscape and the need to protect critical infrastructure from cyber threats.

Please refer to uploaded PDF to see references and figures.