Shoring Up the Wind: India’s Defense Against Cyber Risks in Energy Sector

Most importantly, India has to adopt stringent security measures to protect the wind energy sector from cyber attacks, especially given the import of components from the wind sector from China. According to a report by Niti Aayog, "Domestic Manufacturing Capacity & Potential Cyber Security Challenges in the Wind Sector and Way Forward," there is a huge concern over the Power Plant Controllers (PPC) used in wind turbines, which are essential for connecting any farm to the national or state grid. It has been reported that PPC software is crucial and full of risks, more so relating to foreign-origin PPC Original Equipment Manufacturers, especially those domiciled in neighboring countries. There is a need to strictly scrutinize, and probably suspend, these foreign-origin PPC OEMs when they do not conform to the protocols required. Other important concerns are cyber-attacks on the wind turbines, which can compromise grid operations, particularly when these operations are remotely managed by owners located outside India. With China being an emerging competitor in wind equipment exports, the need for robust security measures gets magnified to protect national infrastructure. These concerns relate to the updating of operating software on wind plant devices by OEMs, which has been happening in an unsanctioned manner, without any permission from grid operators or the Ministry of New and Renewable Energy. OEM siting of data collection servers outside India enhances these risks. It also proposes some remedial measures to remedy these concerns. These include the fact that EMs: all IPRs, software, and hardware devices from foreign-origin OEMs shall be certified and approved by CEA, MeitY, and STQC. The report also recommends that each OEM in the wind sector should set up their data centers and R&D centers in India. In case of failure, they should be disqualified from participating in tenders and also supplying items within the country. The Ministry of New and Renewable Energy has to stipulate timelines to relocate these data and R&D centers. Another key suggestion is that every utility shall have a CISO, who shall reside in India and report to an independent agency scrutinizing the power sector for cybersecurity compliance. With the global wind energy sector continuing to grow and reaching a cumulative installed capacity of 906 GW in 2022, up 9 percent year on year, India has turned out to be an important player in the global scene. It was the fourth-biggest in installed wind power capacity across the world and is going to become vital for meeting ambitious targets of 500 GW of non-fossil fuel capacity by 2030 and net-zero emissions by 2070. Not only does India dominate the wind power of South Asia, but it also domestically manufactures the same. Despite such a high return, only 6% of the capacity identified by the National Institute of Wind Energy has been realized so far. Increasing competition from China, which has more than 61% of the total world assembly capacity of wind turbines, is also perceived as a threat. Some of the incentives given to the Centre for domestic manufacturers under the RoDTEP scheme are still scanty. There are umpteen challenges, especially after being kept out of the Advance Authorization scheme, and added to this is the rising cost of manufacturing. As India increases its capacity in wind energy, the country must be very aware of the cybersecurity threats from its foreign-origin components—especially those from China. Having strict security measures, relocation of data and R&D centers within the country, and compliance with the stated cybersecurity protocols are the fragments for guarding national infrastructure, thus cementing India's position at the global forefront in the wind energy sector.