Cybersecurity in solar plants: how to keep solar power supplies secure

As electricity grids become increasingly digitized, cybersecurity must be a primary concern for solar plant managers. In this interconnected era, as technology is changing, cybercriminals are responding with more sophisticated attacks.

Cyberattacks on businesses have escalated in the past year, with ransomware demands becoming more common, research shows. One of the most prominent attacks this year was the ransomware attack on the Colonial Pipeline, which supplies 45% of the fuel used on the US East Coast. The company that operates the pipeline was forced to halt its operations and freeze its IT systems for several days, paying a reported $5 million to the hackers to regain control.

Solar energy systems can be vulnerable to hackers attacking inverters or batteries to disrupt production or overload solar plus storage installations. What does cybersecurity look like for the solar industry and what measures can solar operators take to keep solar power supplies secure?

The role of cybersecurity in solar energy

Cybersecurity refers to the procedures and tools that organizations use to protect the interconnected systems that process, store, or transmit data to guarantee its integrity.

Historically, the risk of cyberattacks on solar power systems was relatively limited, as few systems were deployed, and as most solar inverters did not communicate with other devices for monitoring or control. But as more solar capacity is installed and inverters become more advanced, the risk is growing.

As utility-scale solar projects get larger, attacks can have an impact on a larger network of customers, causing disruptions to thousands of households and businesses.

How solar power systems are compromised

If an inverter’s software is not kept updated and secure, the data it sends between solar panels and the grid can be intercepted and manipulated. The computer or server that receives the data from the inverter can be a source of attack.

A hacker could take advantage of a vulnerability in the software to target the supervisory control and data acquisition (SCADA) system. That would enable them to make an unauthorized change to the power supply and alter the voltage or electrical current that the inverter delivers into homes or the grid. Or an attacker could embed code in an inverter to spread malware into the power system, causing it to fail. Cyberattacks on grid devices can have serious physical consequences, such as power loss and fires.

In 2015, Ukraine experienced the first known cyberattack on a power grid, leaving more than 200,000 customers without power for up to six hours. And more than two months later, control centers were still not fully operational. While solar and storage systems would typically have the benefit of grid resiliency, they are not immune to the risk of cyberattack attacks without adequate protections.

A device does not need to be connected to the Internet to be exploited by an attack. If it can be connected to other devices or systems, it can be vulnerable to attack. For example, a USB stick that contains malware can infect an organization’s entire network if plugged into a single computer.

In 2010, a Stuxnet malware attack that paralyzed the Natanz nuclear plant in Iran was suspected to have been introduced by a USB device, paralyzing the computer system of the centrifuges that separated the enriched uranium. These systems were not connected to the Internet.

The use of Internet-connected remote operational technology (OT) devices to automate monitoring and operation of solar plants, such as remote access for maintenance shutdowns and drones to check that plants are in working order, increases the risk of attack compared with standalone OT devices if the appropriate security measures are not applied.

Protecting solar energy systems

The key to effective cybersecurity is the identification-protection-detection-response-recovery cycle:

• Identification. It’s important to identify the existing threats in OT device systems, to know the risks, and understand their impact.

• Protection. Security professionals can add protection mechanisms with security methods that are specific to inverters, such as by creating a separate network for each device so that one inverter cannot communicate directly with another. All communication must occur through the secure SCADA system, which filters traffic.

• Detection. Installing detection systems that identify any anomalous behavior and discover network intrusions can help to intercept attacks before they cause damage.

• Response. Having an incident response plan to know how to act in the event of a security incident can minimize the impact.

• Recovery. A recovery plan is crucial to restoring systems to operation as quickly as possible to avoid paralyzing the solar energy production process.

There are practical things that organizations can do to mitigate the risk of a malicious attack

Most equipment manufacturers should provide a guide on how to monitor the output of a solar energy system and information on how to maximize security.

Precautions as simple as changing the default password of an inverter can make all the difference. One of the major security failures that persists today is keeping the default settings, which makes it easy for hackers to exploit and gain access.  

Continuously monitoring inverters increases the chances of identifying when they behave in an anomalous way. Protection systems such as firewalls provide extra defense in computer networks and creating separate networks for solar inverters makes them even more secure.

It’s also essential to keep all software updated, run a good antivirus package, and provide appropriate training for the relevant staff to avoid manual error or bad practices that can make systems vulnerable.

Plan your next solar project with RatedPower