I saw a video on the BBC about a wind Turbine catching fire after a lightning strike. The video looked kind of cool as the flaming blades were spinning creating rings of smoke.
With a bit of digging, it transpired that lightning strikes on wind turbines are very common and is only set to get worse as turbines get taller and blades are increasingly made of carbon.
- According to a German study, lightning strikes accounted for 80% of wind turbine insurance claims.
- During its first full year of operation, lightning-related damage for one southwestern commercial wind farm exceeded $250,000.
- The German electric power company Energieerzeugungswerke Helgoland GmbH shut down and dismantled their Helgoland Island wind power plant after being denied insurance against further lightning losses. They had been in operation three years and suffered more than $540,000 (USD) in lightning-related damage.
While retrofitting changes to turbines can be costly, and the cost of insurance even greater. To build lightning protection systems at the time of manufacturing costs less than 1% of the total capital expenses while improving the cost-effectiveness and reliability of a wind turbine substantially.
Why am I bringing this up with regards to cybersecurity? Well, for the sharp-eyed amongst you, you’ll be drawing the parallels between cybersecurity and lighting strikes.
- Much like lightning hitting turbines, breaches are becoming more common.
- Trying to retrofit security after the fact is costly and difficult.
- Insurance is going up, or insurers are refusing to insure against certain types of claims (e.g. ransomware)
- Putting in security up front can be done comparatively cheaper.
When it comes to cybercrime, most attacks are successful as a result of a few root causes. Unpatched software, poor credentials or lack of MFA, misconfigured software, or social engineering.
if we can focus on addressing the root causes, then even if lightning does strike, we can reduce the impact.