Indian Wind Sector Prone To Cybersecurity Risks: NITI Aayog Report

Indian Wind Sector Faces Cybersecurity Risks From Chinese Imports: NITI Aayog

A recent report by NITI Aayog identified emerging concerns in cybersecurity for the Indian wind sector due to the import of components for the wind sector, particularly from China, by the Wind Turbine Original Equipment Manufacturers (OEMs). The report proposes a multi-pronged approach integrating policy interventions, manufacturing support, and robust cybersecurity measures.

Given the increasing influence of Chinese OEMs and associated security risks, stakeholders are urged to collaboratively address challenges to ensure India’s sustained growth in renewable energy and cybersecurity resilience. Addressing these concerns can help to support India build its domestic manufacturing and software production, thereby enhancing overall wind energy capacity in the country, the report said. 

The domestic manufacturing capacity of various wind components such as towers, blades, and gearboxes accounts for almost 60% of the total cost of WTG. NITI Ayog report has so far identified China as one of India’s biggest competitors for wind equipment exports, accounting for up to 61% of global wind-turbine assembly capacity in 2023. Whereas India’s share was 32%. Chinese wind industry developments are based on incentives provided by their government. They also provide rebates on export tax to make them globally competitive. The chinses exporters are required to pay export value-added tax (VAT) on the goods that they ship abroad and later they can get an export tax rebate ranging from 6% to as high as 16% (2018 notification).

The Ministry of Power (MoP), through its order dated December 24, 2021, has notified a list of designated laboratories for cybersecurity conformance testing of imported equipment. This includes standards for communication protocols and security conformance, emphasizing testing protocols for buyers (such as utilities), including imports from specified countries.

Previously, MoP, in its order dated June 8, 2021, designated the Central Power Research Institute (CPRI) as the nodal agency for testing power system equipment for cybersecurity. Designated laboratories ensure essential cybersecurity tests are conducted during Factory Acceptance Tests (FAT) and Site Acceptance Tests (SAT) to secure the supply chain for wind energy projects. The initiative also mandates regular cybersecurity audits for wind farms and proposes the installation of firewalls at each wind farm for controlled access to turbine components (like PLC/Switch/Convertor, Pitch control) through VPN.

SolarPower Europe Sets Unified Cybersecurity Standards For PV

Also Read

Cybersecurity Issue

The Ministry of New and Renewable Energy has laid down guidelines for third-party audits of power system infrastructure cybersecurity (including solar and wind farms, grid-interactive inverters, OEM software, data centers, and communication devices) in consultation with MoP.

Despite significant progress, the National Institute of Wind Energy estimates that only 6% of assessed capacity has been realized, highlighting challenges. The report underscores the need to address challenges in key component manufacturing (blades, towers, gearboxes, bearings), such as non-standard sizes, quality issues, and inconsistent demand, which hinder domestic manufacturing growth. Challenges also persist in sourcing materials like balsa wood, specialized resins, and steel plates with non-standard specifications. Import dependence for components such as tower flanges and castings poses sustainability risks to the industry.

The report identifies cybersecurity threats affecting wind turbines’ ability to exchange information via power plant controllers, emphasizing the critical need to develop Power Plant Controller (PPC) software. It calls for scrutiny of PPC OEMs, especially those from neighboring countries, with potential suspensions for non-compliance.

Emphasizing the potential risks of cyberattacks on wind turbines, the report advocates for robust security measures to safeguard national infrastructure, identifying China as a major competitor in wind equipment exports. It acknowledges Indian government incentives like the Remission of Duties and Taxes on Export Products (RoDTEP) scheme while highlighting challenges such as exclusion from the Advance Authorization scheme and increased manufacturing costs.

The report recommends mandatory certification of foreign software/hardware and approval by Indian authorities (Central Electricity Authority, Ministry of Electronics and Information Technology, Standardization Testing and Quality Certification). It proposes budget allocations for cybersecurity infrastructure and mandates utilities appoint a Chief Information Security Officer (CISO) residing in India, accountable to an independent agency overseeing power sector cybersecurity.

Additionally, all Wind Sector OEMs are urged to locate or relocate their Data Centers and Research & Development Centers within India. Failure to comply may result in OEMs being barred from tender participation and supply within the country. The Ministry of New and Renewable Energy is tasked with setting timelines for this relocation.

Domestic Manufacturing, Energy Equity, Green Hydrogen & Others: 5 Trends to Define US Energy Market in ’23

Also Read