Energy Security in Latvia: The Greatest Threat Comes from Cyberspace

The growing digitalisation of the energy sector and hybrid threats in the Baltic region have made cybersecurity a critically important pillar of Latvia’s national energy security. Although attacks on critical infrastructure have become an everyday reality, they mostly take place out of the public eye, meaning that general awareness of the scale and severity of threats remains low. The Latvian Wind Energy Association (LWEA) stresses that locally produced energy plays an especially important role in such circumstances because, when we import energy, we also “import” a wide range of cyber‑risks.

This issue is also highlighted by Alexandru Georgescu, senior researcher with the National Institute for Research and Development in Informatics ICI Bucharest in Romania, who points out that the interdependence of energy systems is creating a new type of threat: “Energy systems have become so interconnected that an attack on one country can affect the entire region. And the attack does not need to be large – with digital tools, significant damage can be caused even by disrupting one seemingly insignificant sensor system.” He moderates a working group on defense perspectives for critical energy infrastructures within the European Defence Agency as part of the Consultation Forum on Sustainable Energy in the Security and Defence Sectors. There, energy security, resilience and autonomy are seen as closely interlinked with national and European defense capacity. “Adversaries may target critical energy infrastructures, including through low-cost and high-benefit means such as direct cyber-attacks, to weaken the defense actors who rely on civilian infrastructures, to undermine the economy and to degrade confidence on the part of citizens, partners and allies”, said Dr. Georgescu.

The expert particularly emphasises the threat posed by countries outside the EU and NATO, including energy suppliers or transit countries, whose experience and understanding of cybersecurity differ greatly from European approaches. “In Europe’s energy sector, third‑country partners still have significant influence. Any product or service carries certain security risks, and the more parties involved — in the construction of critical infrastructure, supply chains, operations and later in maintenance — the higher the risks,” Georgescu notes.

For this reason, cybersecurity will be among the central topics discussed at the upcoming “WindWorks 2026” wind energy conference in early April.

The Less Dependent on External Suppliers, the Greater the Security

LWEA emphasises that developing local electricity generation capacity is not only a climate or economic issue. It is a strategic necessity that helps reduce dependence on external system disruptions. The more electricity Latvia can produce itself, the less it will be exposed to cyber‑vulnerabilities of external partners — vulnerabilities that Latvia cannot control.

The Romanian expert also notes that in regions where supply chains and infrastructure rely on hardware and software components from various countries, security threats are growing much faster than infrastructure operators are able to adapt. The mainstreaming of new technologies into the energy sector, including of Artificial Intelligence, drones, provides many benefits but also enhanced attack surfaces for hackers of all types, including lone wolves, those affiliated with criminal groups or of state-proxies. This is precisely why the Baltic states must consider not only the availability and affordability of energy but also its security.

Practical Security of Critical Infrastructure

The Baltic energy system is closely integrated with Nordic networks, and this cooperation enables efficient balancing of electricity flows. However, recent incidents reveal that this interconnectedness also makes the system more vulnerable.

A notable example is the sudden failure of the Estlink 2 underwater power cable, which triggered an international investigation and led officials to publicly acknowledge that sabotage could not be ruled out. The consequences were significant: transmission capacity between Finland and Estonia dropped by approximately 650 megawatts, increasing pressure on the regional energy system — especially in winter, when demand is highest. This incident demonstrated that even damage to one country’s infrastructure can trigger a chain reaction affecting energy security across the Baltic region.

Cyberattack Capabilities Are Expanding Faster Than Security Solutions

Cybersecurity in the energy sector is further complicated by the fact that modern electricity systems are no longer just physical infrastructure. They are highly digitalised, relying on complex software, remote‑control systems, sensor networks, and data flows ensuring precise production and balancing.

Attacks can target not only power plants or wind farms as physical entities but also dispatch centres, substations, global navigation satellite synchronisation signals, or turbine control software. The more advanced digital solutions become, the more potential vulnerabilities emerge — particularly within supply chains, where a single compromised manufacturer or software update can affect dozens or even hundreds of sites at once.

Recent Cyberattack in Poland Raises Alarms

Particularly concerning is a recent cyberattack in Poland, where at the end of December 2025 a coordinated attack targeted wind and solar power plants as well as cogeneration facilities. Although electricity generation was not halted, attackers paralysed control systems, effectively cutting off producers’ ability to communicate with distribution system operators.

This attack almost caused a large‑scale collapse of electricity and heat supply, and the Polish Prime Minister acknowledged that hundreds of thousands of people could have been left without heat. It is the first widely reported targeted cyberattack against renewable energy management systems in Europe, coming close to causing critical consequences.

About the “WindWorks” Conference

“WindWorks” is one of the largest wind energy conferences in the Baltics. For the sixth year, it will bring together industry experts from various countries, policymakers, business leaders, and other sector stakeholders to share experience and discuss the most pressing global and regional energy challenges.

The conference is organised by the Latvian Wind Energy Association and the Investment and Development Agency of Latvia, in cooperation with the Lithuanian and Estonian Wind Energy Associations and in partnership with the Nordic Council of Ministers and the Embassies of Denmark, the Netherlands, Norway, and Germany in Latvia.

Conference partners include: Enercon, Vindr, Ignitis Renewables, Utilitas, Nordex, DS1, the Liepāja Special Economic Zone (in cooperation with Van Oord, Euroports, and Smulders), Stena Line, UPB, Sorainen, RockBridge Legal, Schneider Electric, and Eversheds Sutherland Bitāns.

The conference is co‑financed by the Emission Allowance Auctioning Instrument (EKII).

The event will be held in English.

Programme and registration: www.windworks.lv