Enterprise Risk

The UK and several EU countries have agreed to cooperate on an ambitious new renewable energy project, despite the U.S. President’s very public reservations: 100 gigawatts (GW) of integrated offshore wind. It is promoted as a practical evolution toward greater regional energy security resulting in more control over supply, fewer petrostates in the frame, and a cleaner grid. Yet energy security has a second meaning, less comfortable but increasingly relevant: the ability of a modern society to keep the lights on when someone threatens to turn them off.

For most of the past decade, these two meanings have been treated as adjacent but separate. We might talk about megawatts and markets at one conference and sabotage and cyberattacks in another. Offshore wind now forces them into the same room. A 100 GW project is not simply a set of turbines. It is an interdependent system of systems: generation equipment, subsea cables, offshore hybrid assets, converter stations, onshore transmission, distribution and the digital nervous system that keeps the whole system synchronized and safe. It is an international project that stretches across borders, jurisdictions and seabeds.

Complexity is not, by itself, a weakness. In some circumstances, distribution is a strength. A mesh can be harder to cripple than a monolith. But complexity changes what it means to protect infrastructure. There are more nodes to defend, more interfaces where responsibility blurs and more paths through which a local failure can become a cascading crisis. The old reassurance that “we have redundancy” is only meaningful if the redundancy is resilient under stress and if the dependencies between components are understood, tested and governed.

The uncomfortable reality is that energy infrastructure has always been a tempting target (brought sharply into focus by Russian cyberattacks targeting Ukrainian grid operational technology between 2015 and 2022, followed by missile attacks during the wider armed conflict). What has changed now is the character of the target. The offshore grid will be both physical and digital, and attackers do not have to choose just one. Physical sabotage of maritime connections is plausible in an era of hybrid warfare. Cyberattacks against IT and operational technology networks remain persistent, scalable and deniable. A coordinated campaign, potentially combining cyber intrusion with physical interference and aided by insiders, is no longer the stuff of thrillers. It is exactly the kind of compound scenario that critical infrastructure owners are being told to take seriously. In December 2025, 10 years after the first Ukrainian attack, multiple distributed energy resource sites in Poland were targeted, including operational technology controlling the dispatch of wind-generated power.

It is tempting to reassure ourselves that if the system becomes more distributed, surely the risk declines because there is no single point of failure. That can be true, but it is not automatically true. Distributed systems can contain hidden choke points. They can share common vulnerabilities in software, suppliers, maintenance practices or control architectures. They can rely on the same scarce set of specialists and spares. They can be redundant on paper but brittle in practice.

This is where the language of hazard and operability studies begins to matter beyond the process industries that coined it. The central question is not merely “What can break?” but “What happens next?” Modern tools, including graph-based approaches that map dependencies and interdependencies, make it possible to see how faults propagate across a complex network. They also make it possible to explore combinations of events, including malicious ones, in ways that conventional spreadsheets and siloed risk registers cannot. There will always be a point at which modeling yields to judgment. Not every possibility is worth planning for. But resilience is not a game of predicting the most likely incident, it is the business of preparing for plausible scenarios that carry potentially severe consequences.

Other high-hazard sectors have long lived in that world. The civil nuclear sector provides a useful analogy. Designers of nuclear sites plan against a Design Basis Threat, an agreed statement of what is reasonable to defend against, informed by intelligence and shaped by national priorities and risk appetite. That agreement aligns investment, assurance and regulation around a shared understanding of threat plausibility, and therefore appropriateness and proportionality of response. Offshore wind, especially when integrated across the UK and EU, may benefit from a similar common understanding.

A common approach is also the business of regulations and standards. The EU has acknowledged systemic risks to critical infrastructure, including energy, through an all-hazards and all-threats lens that explicitly includes hybrid warfare, insider threat and supply chain vulnerabilities. Meanwhile, the UK’s framework has been more cyber-centric, with far less emphasis on direct physical sabotage and less reach across systemic risk in an integrated market. The result is an emerging offshore architecture that is politically and economically joined but still governed by different regulatory regimes that meet awkwardly in the maritime environment. That awkwardness matters because offshore wind is not merely an industrial estate at sea; it intersects with maritime defense, surveillance and deterrence. The placement and density of turbines can complicate radar and detection, and governments already understand the need to coordinate. But the same infrastructure can also be an opportunity to use platforms for sensing, wide-area monitoring and faster anomaly detection if it is designed deliberately. Resilience is not only about hardening assets. It is also about shifting the attacker’s calculus by increasing the chance of discovery, reducing the scope for deniable disruption and ensuring that disruption, if it occurs, does not spiral into prolonged outage.

So, what should the organizations building and operating this new system actually do? Unsurprisingly, it starts with understanding risk. This means integrated risk assessment that treats physical and cyber threats as parts of the same problem, not separate compliance checklists. It means a clearer connection between threat capability and impact analysis because threat is not synonymous with risk. It means better understanding of complex dependencies across suppliers, spares, people, data, communications, ports, vessels and control rooms, among others. From there, resilience programs can be built that are appropriately funded, based on plausible scenarios and genuinely deliverable with prioritized components.

That is where national and regional interests now lie. An ambitious 100 GW offshore project will be judged not only by how quickly it is built, but by how well it holds under stress. Offshore wind’s strategic promise is that it can make the UK and Europe cleaner, richer and less exposed. That promise will only be realized if resilience is treated as part of the design brief, not an afterthought delegated to security teams once the cables are already in the water. Planning for resilience, across borders and across physical and cyber threats, is how we can bring energy security’s two meanings together.