Renewable Energy: The Impact of Cyberattacks on the EU’s Energy Grids Since the Annexation of Crimea 

Since the turn of the millennium, the shift towards renewable energy sources has been increasingly encouraged by the likes of international organizations and global powers collectively. Alongside the rise of new sustainable resources, the 21st century has experienced a vast growth rate in technology, creating nascent challenges for governments whilst coping with the continuously adjusting conditions of global dynamics. In addition, increased technological development has allowed renewable energy to become significantly digitized with grid technology playing a crucial role in maximizing the efficiency and reliability of renewable energy systems, especially in solar and wind energy. As modern technologies such as artificial intelligence and grid-edge devices emerge, these renewable systems are becoming smarter. However, this digital evolution creates new vulnerabilities to cyberattacks. The integration of renewable energy operators into the power grid involves numerous stakeholders with varying levels of cybersecurity expertise. Furthermore, since the use of Distributed Energy Sources (DER) relies on public internet communications, potential weak links that attackers can exploit are created. Therefore, international actors have tried to manipulate vulnerabilities in energy sectors to gain economic or political leverage over their rivals. 

Additionally, power grids have grown from individual, localised networks, into widespread grids which often span multiple nations. Many countries have classified power grids as critical infrastructure under legislation. Digital technology has been deployed to control and monitor the distribution of power due to the modern capabilities of technology, however, a cause for concern has grown regarding the security of these power grids due to cyber vulnerabilities. Cyber threats aimed at power grids are not a new phenomenon, as demonstrated in December 2015 when the Ukrainian power system suffered a wide outage caused by a cyber incident. Malware was installed through months of phishing emails, which provided the attackers with sufficient control over the network to plan a careful attack, bringing the system to its knees. The disruption caused by Russian cyberattacks has revealed to the EU and Ukraine the importance of modern technological tools to combat cyber threats and provide additional security to key energy infrastructure. 

Putin’s invasion of Ukraine highlighted the importance of energy diversification for the EU, relying less on pipeline imports of Russian gas. However, European countries are still reliant on China for the acquisition of rare earth materials to encourage the transition towards clean energy, foreshadowing future geopolitical vulnerabilities caused by conflicts and other global events. Therefore, the EU must focus on reducing the control external actors perceive over the continent's energy resources, removing the likelihood of energy blackouts and increased prices as witnessed globally after the 2022 events.  

The invasion also underscored the growing threat of cyberattacks on smart grids and renewable energy infrastructures, raising significant concerns about the security of these technologies. In 2022 alone, cyberattacks on critical infrastructure increased by 140%. A notable incident was the Sandworm attack in 2022 on Ukraine’s power grid, whereby the Russian intelligence hacker group used OT-level living off the land (LotL) techniques to trip substation circuit breakers and caused power outages that coincided with missile strikes. This group further deployed a new variant of CaddyWiper malware in the Ukrainian IT environment, demonstrating evolving hacking capabilities to disrupt renewable energy infrastructures. 

In the same year, Lithuania’s Ignitis Group faced massive denial-of-service (DDoS) attacks by the pro-Russian hacking group Killnet, which disrupted digital services and websites. Other European renewable energy firms in countries like Denmark, Germany, the Netherlands, Italy, and Belgium also faced multiple DDoS and ransomware attacks. The frequency and severity of these attacks led Poland to declare an official threat to the security of electricity supplies in 2023 for the second time in Poland’s history. These incidents show the critical need for stricter cybersecurity measures to protect renewable energy systems. As European energy networks are interconnected, a significant attack on one system can have a widespread effect on all other systems. 

To address these issues, the EU has established response teams and adopted a cybersecurity strategy in 2020 to combat cyber threats and protect its civilians alongside its infrastructure. This EU strategy has deployed an approach that includes resilience and technological sovereignty to strengthen infrastructure through increased government cooperation. Moreover, in 2022, the EU revised the 2016 Directive and replaced it with the NIS2 Directive, which came into force on the 16th of January 2023. This new law sets minimum rules for a regulatory framework, establishes mechanisms for effective cooperation among relevant authorities in each EU country, and updates the list of sectors and activities subject to cybersecurity obligations.  

However, despite these efforts, the new directive does not completely protect renewable energy firms and grid technology from cyberattacks. Multiple attacks in 2023 targeted renewable networks, highlighting ongoing vulnerabilities. To enhance protection, the EU needs to develop its own security providers and create its own autonomous network for cybersecurity, reducing dependence on private security companies that may introduce vulnerabilities. They can also hire ethical hackers, like those employed by Norwegian Hydro and the German company EnBW, strengthening their cyber defenses and identifying vulnerabilities within their systems from the inside.