TNO and Jungle AI collaborate to detect cyberattack on wind turbine and improve detection capabilities
On the 18th of june 2025, at the SWITCH renewable energy fieldlab in Lelystad, TNO demonstrated a realistic live cyber-attack on one of its very own renewable energy assets: a wind turbine.
The staged cyber-attack, including an attempt to mask the attack by “spoofing” with fake turbine sensor data, was successfully detected by TNO and software company Jungle AI’s detection algorithms. The aim was to demonstrate to representatives from the energy and cyber security sectors the necessity to work together closely on keeping the energy backbone secure.
Renewable energy research facility
The SWITCH fieldlab in Lelystad is a cutting-edge renewable energy research facility developed by TNO and Wageningen University & Research/ ACRRES, comprising several wind turbines, solar panels, a battery, and a hydrogen electrolyser operating at kW(h) scale. This setup enables real-time testing of grid-balancing strategies and cyber resilience technologies under realistic conditions. It brings together cyber security experts and energy specialists to tackle the urgent challenge of securing our digital energy backbone.
Digital resilience is becoming essential in the interconnected world of IT (Information Technology) and OT (Operational Technology), such as remote monitoring and control systems of wind turbines. The term “IT” includes systems that process data like computers, servers, and software, while “OT” involves hardware and software that directly monitor and control physical devices, processes, and events in industrial environments. Examples are production systems such as saw machines, CCTV cameras or access systems within an office building.
AI detects simulated cyberattack
Recent reports (opens in a new window or tab) (refers to a different website) show that both the number and complexity of cyberattacks on critical (energy) infrastructure in Europe are increasing. The goal of the collaboration between TNO and Jungle AI is to improve the detection of cyber-attacks in wind (or hybrid) power plants by combining sensor data, typically used for maintenance and optimization purposes, with network monitoring data. To achieve this, TNO performed a cyberattack on the SWITCH lab and generated a dataset reflecting the attack in sensor and network data.
Jungle AI further advanced their existing AI-based algorithms, originally developed for performance optimization and maintenance purposes, to investigate how these algorithms may be used to also detect cyber-attacks. The combination of both sensor- and network detection methods can provide valuable insights into whether any anomalous behaviour of a hybrid power plant was caused by malfunctions or by malicious activity from e.g. ransomware groups or state-sponsored actors.
