Merge pull request #102 from alan-turing-institute/add_cetas_report

Add CeTAS report - Enhancing the Cyber Resilience of Offshore Wind

content/Reports/Enhancing the Cyber Resilience of Offshore Wind/_index.md

@@ -0,0 +1,50 @@
+---
+title: "Enhancing the Cyber Resilience of Offshore Wind"
+draft: false
+---
+[Read the article here](https://cetas.turing.ac.uk/publications/enhancing-cyber-resilience-offshore-wind)
+
+# Executive Summary
+
+This Research Report explores how the resilience of offshore wind farms could be
+reinforced by artificial intelligence (AI) and intelligent automation, and what actions
+policymakers and industry should take to enhance the cybersecurity of offshore wind. The
+findings are the result of a collaborative project between The Alan Turing Institute’s CETaS
+and Data-Centric Engineering (DCE) programme, which was funded by the Lloyd’s Register
+Foundation.
+
+**Cyberattacks directly or indirectly affecting offshore wind are happening already** with
+companies like Enercon, Vestas, Nordex and Deutsche Windtechnik reporting malware and
+ransomware attacks. On the day of Russia’s invasion of Ukraine, the cyberattack on ViaSat
+satellite communications affected space-based assets engaged for command and control of
+Enercon’s wind turbines in Germany, leading to the loss of remote monitoring access to
+more than 5,800 wind turbines. With plans to significantly scale offshore wind capacity in
+the UK, resilience to similar cyberattacks must be reinforced.
+
+**Some areas in the cyber-physical infrastructure require more attention from a security
+perspective because they could lead to cascading damage.** This includes areas where
+the grid integrates new and legacy offshore wind infrastructure, the control centre,
+intersections with external actors along the offshore wind supply chain and points of
+integration with the Internet.
+
+**Harnessing AI and intelligent automation will reinforce the resilience of offshore wind if
+swift action is taken** by government and industry. The AI and intelligent automation
+applications identified as the most promising in this report were: anomaly-based intrusion
+detection systems (IDS), anomaly detection, intrusion protection systems (IPS), and
+hardening and predictive maintenance. While AI and intelligent automation could be
+introduced to protect access points that result in the most cascading damage, there are
+systemic, supply chain and physical risks which also need to be mitigated. There is an
+opportunity to integrate systems that enhance security in the design and construction of
+offshore wind systems before offshore wind infrastructure projects are completed.
+
+**Bolstering resilience requires a radical overhaul of systems-engineering practices
+towards resilience-based engineering and a range of systemic changes** to wind industry
+operations, regulation, intelligence sharing and research. Offshore wind design and
+engineering choices can explore increasing heterogeneity in systems designs within a wind
+fleet, as well as increased network segmentation to prevent cascading damage when one
+turbine faces an attack. 
+
+Organisational emergency response plans, cross-border intelligence sharing, and security response protocols are also required.
+This report proposes mitigative actions to address the main resilience challenges, which are
+summarised in Table 1 within the executive summary. The rationale and promising practice informing these
+recommendations are presented in Section 4 of the report.