Solar PV’s entry into the mainstream has put the spotlight on risk. As solar capacity grows worldwide, accounting for over 60% of US capacity additions in 2024, the impact of technological shortcomings and sub-optimal asset performance grows too.
An industry has grown up around identifying, analysing and addressing these shortcomings; but as a new report from US-based climate insurance firm kWh Analytics shows, optimisation – particularly digital solutions – can create new issues if not used properly.
Unlock unlimited access for 12 whole months of distinctive global analysis
Photovoltaics International is now included.
- Regular insight and analysis of the industry’s biggest developments
- In-depth interviews with the industry’s leading figures
- Unlimited digital access to the PV Tech Power journal catalogue
- Unlimited digital access to the Photovoltaics International journal catalogue
- Access to more than 1,000 technical papers
- Discounts on Solar Media’s portfolio of events, in-person and virtual
Or continue reading this article for free
According to an article in kWh Analytics’ Solar Risk Assessment 2025, cyber attacks on US utilities increased by 70% in 2024, “enabled by the rapid deployment of highly connected assets and advanced monitoring systems aimed at improving efficiency and performance”. These assets are overwhelmingly solar PV and energy storage systems monitored and controlled by digital power inverters and a network of servers.
The same report shows that US solar assets are underperforming by 8.6% on average and that poorly modelled artificial intelligence (AI) systems misidentify 20% of operational defects in PV projects, with “significant” consequences.
PV Tech Premium sat down with Gregory Lehv, senior vice president of kWh Analytics, ahead of the report’s publication to discuss solar module defects, plant underperformance, AI use and cybersecurity risks in the US solar sector.
Cybersecurity risks
“Since 9/11, we were cognisant that the energy grid was an area where bad actors could target and try to take control of something really impactful for our infrastructure. But at that time, solar was something like 0.1% of the energy production in the US,” Lehv says, when asked about the cybersecurity threat to US renewable energy assets. In the intervening 24 years, cyber attacks have gone from possibility to reality.
“Once you hit a certain critical mass, you become a target. I think we’re reaching that point.”
Indeed, the figures from the new report in an article by technical advisory Radian Generation confirm that US renewables are certainly a target. The proliferation of digital “attack surfaces” in solar and energy storage infrastructure – which are predominantly used to optimise, monitor and promote efficiency in the energy system – increases the number of access points for bad actors.
The Radian article says that the integrated nature of renewable energy on the grid, as well as the global nature of the solar supply chain, increases these risks. It says that even well-defended solar sites often “identify and block hundreds” of cybersecurity threats per day.
Smaller companies can be even more exposed. “What makes this really challenging is that when you develop assets independently and you have distributed, non-uniform assets, you’re putting a lot on what could be a fairly small company,” Lehv says. Bigger players with consolidated ownership can take a more uniform – and often more secure – approach.
“I do think there’s a significant risk that this issue becomes much larger for the industry than it was several years ago.”
In at least some cases, the “bad actors” have likely been states. The Radian article cites the SolarWinds breach of 2020, where hackers suspected to be backed by the Russian state attacked major US companies. Recently, the solar industry has had its own controversy, with reports of “rogue” communication devices found in Chinese-made inverters in the US. Though details have remained scarce, the story has drawn eyes across the industry.
“The industry should be aware of this. We should be implementing appropriate cybersecurity on critical infrastructure. I think the distributed nature of solar is very helpful, but if you’re going to affect the monitoring or management software and point all the modules away from the sun so you don’t have any electricity, it’s a problem,” Lehv says.
The Radian article in the report says similarly: “As clean energy deployments accelerate and the power ratings of independently managed units rise, operators must prioritise cybersecurity with the same urgency as physical asset management.”
While we don’t know exactly where attacks are coming from, Lehv says, we know where they’re going. The 70% increase in recorded attacks is aimed squarely at the US’ interconnected energy systems, “the ones where you know you can deploy your malicious software the most broadly and have the biggest impact,” he continues.
So far, however, the mounting risk is yet to truly materialise. “No one has lost massive amounts of production due to a cyber event – no one that I’m aware of,” Lehv says. “You’re still at the stage where it’s a really big risk … potentially.”
‘Two letters can mean 900 different things’
According to the Solar Risk Assessment, AI models used at solar sites “misclassify” up to 20% of operational issues. This, Lehv says, comes down to training.
Researchers from kWh Analytics tested a fresh-out-of-the-box AI large language model against a fine-tuned model with over 8,000 data points from real operations and maintenance (O&M) logs. The untrained model “consistently misclassified” between 15% and 25% of “frequent and common” power loss events like grid curtailment, communication loss and maintenance.
When it came to “critical categories” like extreme weather and damage losses, the untrained model got it wrong between 40% and 50% of the time.
Fine-tuning the AI model to the specific details of the solar site in question “significantly improved” its accuracy.
In the solar sector and beyond, everyone is rushing to incorporate AI. Lehv says they are “two letters which can mean 900 different things” and acknowledges that the world is, in some sense, trying to run with AI technology before it can walk.
“We’re in this AI arms race”, he says, mainly between the US and China. “And everyone is trying to figure this out, because if we don’t, someone else is going to.”
The same holds true for the solar industry; you don’t want to be the company without AI surrounded by shiny, AI-backed competitors.
“A lot of people can say: ‘We’re using AI. This is what we’re doing with AI,’ et cetera. You have to be careful as to how you implement this technology, like anything else, and it’s going to make mistakes,” says Lehv.
“It’s going to need experience in order to get better at what it’s doing and it’s very hard to know if you’ve given it the level of experience necessary for the task you’re trying to complete.”
The report suggests that specific training for AI modules is key for accuracy, analogous to an experienced employee having more success than a new recruit.
Moreover, while AI can make plant management more efficient and accurate, when used correctly, it can also open a back door for further cybersecurity risks. “Some college-level coding jobs are already being done by AI, and it works both ways,” Lehv says. “It can write the cybersecurity apparatus; it could also write the malicious software.”
Communication between asset owners is a key safeguard against AI failures and cybersecurity risk, Lehv says.
“It doesn’t always happen organically, because these folks are competitors and they’re not always readily talking to each other. But on something like this that’s affecting the whole industry, I think it will start to be more widely communicated. Because they’re really the ones at risk.”
Underperforming and overestimating
The Solar Risk Assessment says that some of the underperformance of US PV assets comes down to well-reported phenomena: issues with module quality as prices bump along at or near rock bottom, inverter underperformance and a lack of good data for project analysis and optimisation.
In theory, these issues should improve with time as they’re better understood. But Lehv says that the underperformance trend is staying level, even slightly worsening, because of financial incentives and modelling.
The article in the report, authored by kWh Analytics itself, took extensive data from over 34,000 “system-months” between 2015 and 2023 and found that US systems are reaching 8.6% below the industry-wide P50 estimates. P50s are the baseline for estimates and financial agreements and assume that the plant will meet its nameplate production capacity half the time.
“I think the reason that it this trend is staying the same, actually getting a little bit worse, is driven somewhat by the incentives that are put on the projects,” Lehv says.
“When you’re developing an asset and you get a land lease or an option and you decide to build, there’s a massive amount that goes into that. At the tail end of that development, you have a final model that you put together, and then you go get financed by tax equity and lenders. The value [of the project] at the time you complete the financing is, you hope, going to be more than the money you put into it – a lot of that value is driven by how much output you’re able to achieve.”
Developers have an incentive, then, “to be a little more aggressive than conservative” when it comes to project output estimations, Lehv says. Not necessarily inflating, but “using assumptions which may be appropriate for that asset at that time”, but may not hold true ten years later.
The report concludes: “Aligning financial models with real-world performance could help mitigate long-term financial risks, boost investor confidence and support the sustainable growth of the solar industry.”
‘What are the facts?’
That growth, so impressive in recent years, could be in jeopardy in the US. The current administration is taking an axe to many of the federal incentives in support of renewable energy and president Trump’s tariff regime is set to increase the cost of solar PV and energy storage development.
However, Lehv is pragmatically optimistic. “I care about economics, right? So what are the facts? The fact is that the demand side of the equation today is wholly different than we would have said five years ago. We’re using massively more power than we were.
“No matter what the policy, if you reduce the supply, prices are going to go up for everyone, right? Tariffs will make [PV products] more expensive, and as the subsidy goes away, it just makes this technology even more expensive.”
Solar represented over 60% of capacity additions last year, and “you can’t just turn that around; you can’t just turn the Titanic,” Lehv says. “Can we go back to natural gas? Sure. But all the people doing it are building solar now, and turning that ship around will take seven to ten years – that’s outside of one administration’s time frame.”
As a rising tide lifts all boats, rising demand and lessened supply lift all prices. For Lehv, if prices go up, solar will still be the cheapest and fastest energy technology to build, perhaps just a little less cheap and a little slower than before.
