How cybersecurity is becoming crucial in solar’s digital age

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email
As a potential weak spot, inverters are the focus of a research project in the US looking to develop new measures for protecting PV systems. Image: BayWa r.e.

Cybersecurity can easily fly under the radar, just as a hacker weaves through systems and sifts through files undetected. The documented cases of cyberattacks on the energy system are hardly a page-spanning list, and the number of cases on solar assets even fewer. But that doesn’t mean the risk is as slight. What is largely considered to be the first cyberattack on a power grid took place in Ukraine in 2015. It is also considered to be one of the most dramatic cyberattacks in the energy sector; in a scene that should be straight out of a spy movie, an operator in the Prykarpattyaoblenergo control centre was locked out of their computer, watching as their curser moved independently from any of their own actions. The attack took out 30 substations and caused a blackout that took six hours to fully resolve.

The knowledge that a cyberattack could – and has – caused blackouts seeped into other events. When the UK had a major blackout on 9 August 2019, initial suggestions seen on social media were that it was a result of a cyberattack, although within hours these rumours were squashed. It was, in fact, a result of a lightning strike that triggered faults in an offshore wind farm and gas-fired power station, and not a result of a cyberattack.

Whilst cyberattacks on solar farms specifically are not commonly reported, this could well change. Digitalisation is creeping into the solar industry, automating processes and making components smarter. And where there are increases in digital technology, the threat of cyberattacks is never far behind.

Digitalisation and the effect of lockdowns

The solar sector is embracing digitalisation little by little. The lockdowns that were put in place due to the COVID-19 pandemic have resulted in a speeding up of digitalisation efforts. Companies both in and out of the energy sector have become more reliant on digital tools for their day to day running, with many employees working from home. Significantly more business is therefore being conducted via calls and emails over a face-to-face conversation between colleagues. Whilst this may have affected the awareness of the importance of digital services, it has also increased the risk of a cyberattack.

“The threats and dangers have grown during the lockdown period because of that increased reliance,” according to Geoff Taunton-Collins, senior analyst at renewables insurer GCube. Taunton-Collins says that when compared with other risks solar assets see, the cybersecurity threat level is “reasonable but growing”.

This is echoed by Marek Seeger, information security manager at SMA, who says that solar is “becoming a more interesting target for hackers” as the technology takes a larger role in power supply as a result of decarbonisation and decentralisation efforts.

In particular, small and medium-sized solar systems are in danger, he says, with >1MWp plants usually integrated, connected and maintained “in a professional way that includes all relevant safety measures”.

One way hackers can artificially create a malfunction in a PV system is to launch cyberattacks to the inverter controls and monitoring system, according to Ali Mehrizi-Sani, associate professor at Virginia Polytechnic Institute and State University and co-author of a 2018 paper assessing the cybersecurity risk of solar PV units with reactive power capabilities.

“This is a vulnerability that can be, and has been, exploited to attack the power system,” he says, pointing to how the large number of PV units in the power system – including rooftop solar – means that there are “lots of attack points”, underscoring the importance of cybersecurity at the inverter level.

Keeping cybersecurity measures up to date is therefore incredibly important for solar installers and operators, particularly due to the 15-20 year lifetime of a solar farm, meaning that cybersecurity will need to continue to develop as the farms age, with up to date measures allowing operators to stay ahead of hackers.

This can, however, be made difficult by a lack of awareness over cybersecurity. Cyberattacks on renewables assets are underreported, according to GCube’s Taunton-Collins, occurring because it’s “easier to keep quiet than other industries”.

Most cyberattacks result in data breaches, such as the cyberattack on EDP in April 2019. The Portuguese energy firm was hit with a Ragnar Locker ransomware, with over 10TB of sensitive company files stolen. When third-party data is leaked, it has to be reported to the authorities of the country it occurred in, as well as an alert sent to the people whose data has been stolen.

However, attacks on renewables assets are more likely to be business disruption attacks, which are private and internal, due to many not holding third-party data. Asset owners therefore often have no reason to publicise that an attack has taken place. Furthermore, releasing information on this sort of attack can hurt the reputation of both the company and potentially of the industry itself, leading to some asset owners keeping quiet.

One cyberattack on a solar farm that did end up hitting headlines, however, was on US solar operator sPower, which occurred in 2019. It didn’t result in any blackouts, and sPower – which owns and operates over 150 renewable generators in the US and recently concluded financing for the 620MWdc Spotsylvania Solar Energy Center, its biggest ever project – has been unsurprisingly tightlipped about the incident.

This is an extract of an article first published in Volume 24 of PV Tech Power. The full article can be read here, or in the full digital copy of PV Tech Power 24, which can be downloaded via the PV Tech Store here

Read Next

May 20, 2022
Huawei and SolarEdge have agreed on a global patent licence agreement, ending lawsuits between the companies that were pending in Germany and China.
May 3, 2022
Inverter manufacturer SolarEdge benefited from high demand for its products in Europe to increase revenues to a quarterly record while navigating a shortage of electronic components.
March 17, 2022
SolarEdge Technologies is planning to carry out a public offering of 2 million shares of its common stock, with proceeds to potentially fund acquisitions.
February 16, 2022
Inverter manufacturer SolarEdge is increasing shipments to the US from a new production plant in Mexico as it looks to save on freight costs and reduce the impact of tariffs on imports.
January 19, 2022
Chinese inverter manufacturer Sungrow has launched its new "1+X" central modular inverter with an output of 1.1MW at the World Future Energy Summit in Abu Dhabi.
December 13, 2021
The US Senate Finance Committee has included manufacturing incentives for domestic producers of solar trackers and inverters in its draft version of the country’s Build Back Better (BBB) budget reconciliation bill.

Subscribe to Newsletter

Upcoming Events

Solar Media Events
June 14, 2022
Napa, USA
Solar Media Events
October 4, 2022
New York, USA