In recent years, the electric grid has become increasingly digitized. As this shift continues, attacks conducted in virtual spaces can have drastic physical impacts. 

The solar industry has been no stranger to digital modernization, and as such, it has become more intertwined with the cybersecurity field than ever before. Cybersecurity threats on critical infrastructure are not mere conjecture — in 2015, Ukraine experienced a power grid attack that left thousands of people without power for six hours. 

Traditionally, cyber attacks have been aimed at information technology (IT) systems. However, the line between IT and operational technology (OT) is blurring in the energy industry. 

OT focuses on the control and operation of physical devices, such as industrial control systems. Because OT in the solar industry is often connected to the internet, the threat of a cyber attack is even more pronounced. In the solar field, OT systems include solar inverters, which connect the solar panels to the grid. Instead of affecting just one system, malware has the potential to disrupt the workings of electrical grids across the country.

Moreover, as solar energy systems continue to be added to the grid, a host of software tools that provide utilities with important information about the systems have been developed. These tools present yet another path for hackers seeking to examine the vulnerabilities of the grid. 

In line with the growing threat of cyber attacks, the North American Electric Reliability Corporation (NERC), a nonprofit designed to maintain the functionality of North American electricity systems, has updated its standards to include specific cybersecurity requirements. NERC has been very serious about enforcing its policies and has fined several companies for failing to meet its targets. 

As digitization increases, we can expect cyber attacks to escalate both in terms of frequency and potency. Public and private cybersecurity regulations will play a major role in stemming the tide of this looming threat in the solar energy sector.

Vedant Vamshidhar is a rising senior from the University of Southern California studying Intelligence & Cyber Operations. He is interested in the intersection of cybersecurity and international relations, and currently works as a Governance intern for ONC. Outside of coursework, he is active in USC’s Model United Nations team and the Southern California International Review.

Sources:

Cervera, Annhelen. “Cybersecurity in Solar Plants: How to Keep Solar Power Supplies Secure.” RatedPower, RatedPower, 11 Nov. 2021, https://ratedpower.com/blog/cybersecurity-solar-plants/. 

“Solar Cybersecurity Basics.” Energy.gov, https://www.energy.gov/eere/solar/solar-cybersecurity-basics#:~:text=Solar%20energy%20technologies%20can%20be,to%20stand%2Dalone%20OT%20devices. 

Tobias, Kyle. “Key Cybersecurity Considerations for Renewable Energy Plant Operators in 2022.” Pv Magazine USA, 2 Feb. 2022, https://pv-magazine-usa.com/2022/02/02/key-cybersecurity-considerations-for-renewable-energy-plant-operators-in-2022/.