How cybersecurity is becoming crucial in solar’s digital age

The solar sector is embracing digitalisation little by little. The lockdowns that were put in place due to the COVID-19 pandemic have resulted in a speeding up of digitalisation efforts. Companies both in and out of the energy sector have become more reliant on digital tools for their day to day running, with many employees working from home. Significantly more business is therefore being conducted via calls and emails over a face-to-face conversation between colleagues. Whilst this may have affected the awareness of the importance of digital services, it has also increased the risk of a cyberattack.

“The threats and dangers have grown during the lockdown period because of that increased reliance,” according to Geoff Taunton-Collins, senior analyst at renewables insurer GCube. Taunton-Collins says that when compared with other risks solar assets see, the cybersecurity threat level is “reasonable but growing”.

This is echoed by Marek Seeger, information security manager at SMA, who says that solar is “becoming a more interesting target for hackers” as the technology takes a larger role in power supply as a result of decarbonisation and decentralisation efforts.

In particular, small and medium-sized solar systems are in danger, he says, with >1MWp plants usually integrated, connected and maintained “in a professional way that includes all relevant safety measures”.

One way hackers can artificially create a malfunction in a PV system is to launch cyberattacks to the inverter controls and monitoring system, according to Ali Mehrizi-Sani, associate professor at Virginia Polytechnic Institute and State University and co-author of a 2018 paper assessing the cybersecurity risk of solar PV units with reactive power capabilities.

“This is a vulnerability that can be, and has been, exploited to attack the power system,” he says, pointing to how the large number of PV units in the power system – including rooftop solar – means that there are “lots of attack points”, underscoring the importance of cybersecurity at the inverter level.

Keeping cybersecurity measures up to date is therefore incredibly important for solar installers and operators, particularly due to the 15-20 year lifetime of a solar farm, meaning that cybersecurity will need to continue to develop as the farms age, with up to date measures allowing operators to stay ahead of hackers.

This can, however, be made difficult by a lack of awareness over cybersecurity. Cyberattacks on renewables assets are underreported, according to GCube’s Taunton-Collins, occurring because it’s “easier to keep quiet than other industries”.

Most cyberattacks result in data breaches, such as the cyberattack on EDP in April 2019. The Portuguese energy firm was hit with a Ragnar Locker ransomware, with over 10TB of sensitive company files stolen. When third-party data is leaked, it has to be reported to the authorities of the country it occurred in, as well as an alert sent to the people whose data has been stolen.

However, attacks on renewables assets are more likely to be business disruption attacks, which are private and internal, due to many not holding third-party data. Asset owners therefore often have no reason to publicise that an attack has taken place. Furthermore, releasing information on this sort of attack can hurt the reputation of both the company and potentially of the industry itself, leading to some asset owners keeping quiet.

One cyberattack on a solar farm that did end up hitting headlines, however, was on US solar operator sPower, which occurred in 2019. It didn’t result in any blackouts, and sPower – which owns and operates over 150 renewable generators in the US and recently concluded financing for the 620MWdc Spotsylvania Solar Energy Center, its biggest ever project – has been unsurprisingly tightlipped about the incident.