Energy transition raises critical new security risks for Europe: NATO official

Europe's rollout of renewables increases the risk of physical and cyberattacks and means that infrastructure security needs to be a prerequisite in the development of new capacity, a senior official from the NATO defense alliance said June 3.

Installing clean energy will "create new targets" and expose "new vulnerabilities," according to Jean Charles Ellermann-Kingombe, NATO's assistant secretary general for innovation, hybrid and cyber.

"That doesn't mean we shouldn't create any more green energy. It just means that from the outset, we need to think about, 'How do we also protect this?'" Ellermann-Kingombe told delegates at the Eurelectric Power Summit in Brussels.

In particular, cyberattacks are becoming an increasing threat because solar and wind rely heavily on digital technologies, increasing the risk of attacks, Ellermann-Kingombe said.

Solar inverters are "vulnerable to cyber sabotage," and cyberattacks on wind farms can target the information and operational technology, he said.

Ellermann-Kingombe cited an incident in 2022 when a cyberattack hit a major satellite service provider. The outage disconnected the modems that controlled "thousands of wind turbines" across Europe.

Cyber risks are set to increase as the penetration of solar and wind grows in Europe. Meanwhile, battery storage, which is set to expand massively to help back up the renewables-led system, could also become a "security flash point," Ellermann-Kingombe said.

"Coordinated cyberattacks against these grid-scale batteries could undermine not only power supply security, but even grid stability," he said, pointing to the April 28 blackout in Spain and Portugal as a reminder of what happens when grids go down.

Physical threats

Beyond cybersecurity, incidences of physical attacks on European energy infrastructure -- such as transmission lines and subsea cables -- are also on the rise.

In late 2024, the EstLink 2 underwater electricity cable between Finland and Estonia in the Baltic Sea was damaged by a vessel dragging its anchor across the seabed.

Prior to that, the Nord Stream gas pipelines in the Baltic Sea, running between Russia and Germany, were the subject of potential sabotage, the perpetrators of which have still not been confirmed after nearly three years.

"Whether intentional or not, it is a risk that needs to be addressed," Ellermann-Kingombe said.

On the back of the EstLink 2 incident, NATO pledged in January to reinforce its military presence around critical infrastructure in the Baltic Sea.

Shortly afterward, it launched Taskforce X, which will see it leverage drones, AI and other autonomous technologies to detect threats to subsea infrastructure. In June, a fleet of 70 drones will be deployed to the Baltic Sea, Ellermann-Kingombe said.

He called on the energy industry to invest in critical infrastructure security, including infrastructure hardening, redundancy and resilience solutions, and drone equipment or sensors.

NATO is prepared to work with companies to strengthen the system's resilience, for example, by exchanging information, providing security training, or undertaking live fire or tabletop exercises for crisis or wartime scenarios.

"You become a target at the moment where the energy source that you supply becomes critical to our societies, because everything that's critical to our societies is worth destabilizing," Ellermann-Kingombe said. "That's why our adversaries target energy as one of the first targets in conflicts."