A group of researchers from the University of Arkansas is trying to develop solar inverters that could protect PV power plants from cyberattacks.
“Inverters are one of the main connected devices and so if a hacker could take control, inverters would be a primary target because they are accessible, and because they perform many smart functions to maintain stability and efficiency,” the research coordinator, Alan Mantooth, told pv magazine. “They are the heart of the PV system.”
Or phrased differently, they are the weakest link. “Inverters communicate with a central controller and with one another in a solar PV farm, depending on the design of the farm, and if they are hacked, they can be shut down, overcharge batteries or cause grid instability, and maybe do other things I have not considered,” Mantooth went on to say.
The researchers also believe that a cyberattack on a storage-backed solar plant could lead to the destruction of the storage system itself, which could in turn result in a fire. “Taking down, or taking control of, solar PV farms would enable someone to disrupt critical functions in the same way taking down any electrical supply would,” Mantooth explained.
The need to establish security standards
The most vulnerable inverters and solar installations are those that are connected to communications systems that are not locked down. “Some solar PV installations have dedicated fiber that never connects to the public system, so they are more secure,” Mantooth said. “Others, well, are easier to hack.”
Plants that rely on string inverters are not necessarily more vulnerable than those that rely on central inverters, he claimed. “If the central inverter is weak, you are more vulnerable than if you have 10 string inverters that are strong. Hackers write code to ping the system and try to find the weak point,” he stated. “So, they’re going to ping them all anyway.”
However, Mantooth said it is certain that some products pose greater risks than others. “One solar inverter manufacturer vs. another will be stronger than another to penetrate,” he explained. “There are no standards on this yet. So, this is to be expected and not meant as a derogatory remark to the industry or solar inverter manufacturers. This is part of the reason the Solar Energy Technologies Office of the Department of Energy is investing in this research. They want to move the industry forward in this aspect as well while holding costs down.”
The researchers aim to develop next-generation inverters, but they are also considering the possibility of upgrading existing devices at attractive costs. “However, given the lifetime of solar inverters in the field, it might be the case that an upgrade might become part of a replacement, depending on how old the inverters are,” Mantooth said.
Over the next decade, Mantooth said we may start to see inverters that offer a range of smart functions for grid control and stability, as well as grid-connected, grid-forming, and grid-following modes. “Inverters that can work as an ensemble to provide grid functions I listed,” he concluded.
The Multilevel Cybersecurity for Photovoltaic Systems research project secured a $3.6 million award this week from the U.S. Department of Energy Solar Energy Technologies Office. Mantooth is the executive director of the National Center for Reliable Electric Power Transmission, a top power-electronics testing facility.