Recap workshop cybersecurity and digital twins of offshore wind farms

On 18 February 2025, an activating workshop for the project ‘WindCyber: Advancing Cybersecurity for Offshore Wind Farm Digital Twins through Comprehensive Collaboration’ was held in the House of Connections of the University of Groningen. This project is funded by the YAG Interdisciplinary Projects incentive fund and is executed by three researchers from the University of Groningen: Evgeni Moyakine (Associate Professor IT Law from the Faculty of Law), Fadi Mohsen (Assistant Professor of Computer Science from the Faculty of Science and Engineering), and Antonis Vakis (Associate Professor in the Mechanics and Tribology of Engineering Systems from the Faculty of Science and Engineering).

The event titled ‘Securing the Future of Offshore Wind Energy: Digital Twins and Cybersecurity’ was organized in collaboration with the Jantina Tammes School of Digital Society, Technology and AI and benefitted from the assistance of the student-assistant Amr Abdou from the Faculty of Science and Engineering. It addressed cybersecurity of digital twins used in offshore wind farms from both technical and legal perspectives and explored various challenges faced by the operators of those wind farms in this regard. During the workshop, participants were part of an immersive, engaging, and informative experience, with valuable contributions from the speakers: Iratxe Gonzalez-Aparicio, Portfolio Manager System Integration Wind Energy from TNO, Evgeni Moyakine, Fadi Mohsen, and Antonis Vakis.

MOOI - OESTER project

The morning started with an introductory presentation about the workshop by Evgeni Moyakine who provided an overview of the project and outlined its main objectives and broader impact. Subsequently, Iratxe Gonzalez-Aparicio presented the TNO’s MOOI - OESTER project, aiming to develop offshore electricity storage solutions and to incorporate digital twin storage technologies in them. The presentation detailed the benefits of offshore storage of electricity, generated by wind farms, as well as factors influencing offshore wind farm implementation and emphasized the significance of digital twins included in the loop of the system under development.

Additionally, Iratxe Gonzalez-Aparicio introduced consortium partners, highlighting their roles in the project, and discussed the interface matrix, which maps out project’s objectives, various system components and responsibilities of the involved organizations. The presentation also provided the detailed methodology of system validation at model scale and digital twin simulations, used to ensure accurate performance, optimization, and identification of potential challenges before large-scale deployment. To conclude, the project’s energy management system and its associated monitoring strategy were analyzed and elaborated upon.

Cybersecurity within the wind energy sector

In his second presentation, Evgeni Moyakine then examined the relevant legal instruments governing cybersecurity within the wind energy sector. His contribution focused on the so-called ‘Network and Information Security Directives 1 and 2’ of the European Union (‘NIS1 Directive’ and ‘NIS2 Directive’). In addition, he reflected on the applicability of the Network Code for CyberSecurity (‘NCCS’), the General Data Protection Regulation (‘GDPR’), and the Artificial Intelligence Act (‘AI Act’).

In his presentation, the legal expert addressed the core deficiencies of the NIS1 Directive and laid the foundation for the necessity of transitioning to the NIS2 Directive that has not been implemented in the Netherlands and several other EU Member States yet. He further discussed the duties of care and reporting, specifying concrete technical, operational and organizational measures to be taken by operators of wind farms.

Evgeni Moyakine concluded by emphasizing the critical importance of adopting an all-hazards approach and strictly observing obligations resting upon public and private organizations that are active in this sector and fall within the scope of the NIS2 Directive. Finally, he offered some recommendations to those organizations on ensuring compliance with the new directive in the absence of a national legal act transposing its provisions and explained where to find more information on the measures aimed at protecting their network and information systems from cyber-attacks and other cyber incidents. 

Digital twins and technical cybersecurity measures

After that, Fadi Mohsen explored the technical implementation of cybersecurity measures and techniques for digital twins in offshore wind farms. This implementation process presents unique challenges due to system connectivity requirements and outdated legacy installations that lack adequate cybersecurity measures, which increase the risk of potential vulnerabilities and their exploitation by malicious actors.

The technical expert outlined different key security threats posed to digital twins in this specific industry, such as data poisoning, desynchronization and replay attacks and lifecycle phase exploits. Importantly, Fadi Mohsen also proposed an array of defensive strategies for securing digital twins and delved into – among others – AI-enhanced anomaly detection, end-to-end encryption and the use of honeypots to safeguard systems against malicious activities. He concluded the session with a call for implementing strong authentication, encryption, and AI-driven monitoring that are compliant with the applicable regulations, such as the NIS2 Directive. 

Successful plenary session

The workshop culminated in a lively and interactive plenary session, masterfully moderated by Antonis Vakis, whose expertise ensured a seamless and enriching dialogue. This session served as a vital forum for examining the ‘WindCyber’ project's most pressing questions and challenges, harmoniously intertwining legal and technical perspectives to uncover nuanced solutions and additional questions to be tackled.

Keen to deepen their knowledge, the researchers of the project sought to understand the role of AI in digital twins deployed in offshore wind farms and to comprehend potential cybersecurity risks stemming from third-party vendors and suppliers involved in digital twin technology, while also exploring further pertinent questions. The audience actively engaged in the stimulating discussion that succeeded in reinforcing the interdisciplinary nature of the event, enthusiastically shared their insights and posed thoughtful questions. 

Strengthening networks and advancing research

Throughout the workshop, a series of networking sessions strengthened connections among participants, facilitating fruitful exchanges of ideas and concerns, deepening their understanding of the research topic and cultivating the potential for future collaborations. Many attendees indicated that they appreciated the interactive and engaging nature of the event, highlighting the value of open dialogue and collective problem-solving in addressing interdisciplinary challenges in this fascinating and highly complex field. This illustrates the importance of orchestrating a follow-up event that remains at the forefront of the ‘WindCyber’ researchers’ considerations and will hopefully be organized in the near future.

This article was published by the Faculty of Law.

• Read more news by the Faculty of Law.