Solar generation systems may open grids to cyberattacks

Share

Photovoltaic solar power is now an essential element of grid infrastructure throughout the world. As the technology have moved from residential early adopters into the mainstream of utility generation resources that solar’s profile as a target for those who would damage or exploit the electric grids for criminal, political or opportunistic reasons has increased.

A recent report from Forescout Research–Vedere Labs, a branch of San Jose, Calif.-based Forescout Technologies, points out that the networked elements of solar power installations, centered primarily of the inverter and its monitoring and management systems, may provide a means for unauthorized access.

Daniel dos Santos, senior director and head of security research at Forescout, said residential and even commercial solar infrastructure may not have the amount of cybersecurity provisions warranted by their vulnerable status.

“First of all, everybody keep in mind that inverters are part of critical infrastructure,” dos Santos said. “Even if they are sitting on people’s homes and not in large solar parks, the security requirements should be higher than general use ‘internet of things.’ It’s not the same as an IP camera or a smart light or something like that. This is something that is connected to the grid directly.”

According to the research informing the Forescout report, documented cyberattack incidents on solar power infrastructure illustrate how weakness in security are enabling real-world disruption of grid services. Cited examples include a denial-of-service attack in March 2019 that caused sPower to lose visibility on 500 MW of wind and solar generation across the U.S.; the hacking of monitoring systems in Japan in May 2024; compromise of similar devices by a suspected China-based hacking group throughout 2024; and an attack on Lithuanian solar facilities operated by the Ignitis Group in September 2024 by suspected pro-Russian hackers.

While Forescout’s research identified potentially vulnerable components and software systems, it noted that hackers have not as of yet caused significant interruption of solar power services or grid instability. However, since natural events and accidents have caused such disruptions, there is every reason to expect cyberattacks to be able to cause these for any number of purposes, from ransom to asymmetric warfare.

One of the aspects of the vulnerability is that any given solar installation, from residential up to utility scale, may give hackers a way into the grid, where they may be able to unleash a number of harmful scenarios. The Forescout report highlights some specific products by vendor where it has found such vulnerabilities and possible prescriptions for closing these openings.

According to dos Santos, the impact of a grid attack depends on how much generation capacity attackers can control, how fast the takeover can happen and how much the grid has an emergency capacity.

“There have been several other studies that have modeled the grid impact based on what’s called ‘load-engine attacks,’ increasing demand or decreasing generation at large scale via botnets,” he said. “Lots of those are actually academic works, and we cite those in our new report.”

Computer users have long known that hackers are one of the reasons we can’t have nice things without taking precautions. Solar power providers and grid operators are coming to this conclusion as well.

This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: editors@pv-magazine.com.

Popular content

How Trump’s widespread tariffs affect the U.S. solar industry
03 April 2025 Tariffs of 10% are applied to most products from most countries, but energy and energy products, steel, and aluminum are exempt, as tariffs have alrea...