Tech Insights

Boost Solar Cybersecurity With This Toolkit

October 31, 2023 by Zac Amos

Solar energy systems are vulnerable to cyberattacks, but energy engineers often don’t have the IT knowledge to prevent attacks or deal with them if they occur. A cybersecurity toolkit could provide answers.

Many agree solar energy is the way to a more sustainable future. Energy engineers play a significant role in keeping renewable power supplies safe from cyberattacks, increasing societal confidence in solar panels. 


Solar panels.

Solar panels. Image used courtesy of DOE


However, energy engineers don’t necessarily have IT security backgrounds. Cyberattacks on power grids and solar panels are relatively new issues. Thus, it can be challenging for engineers to know what steps to take to reduce the chances of successful attacks. 

A cybersecurity toolkit created by the Cybersecurity Advisory Team for State Solar (CATSS) Toolkit could change that. It aims to give people at state energy offices and public utility commissions relevant information to safeguard solar energy assets. These targeted details could make energy engineers’ jobs easier by helping them detect and resolve potential security risks. 


Threats to Renewable Energy Grids

Engineering professors at the University of Georgia have identified solar energy as a vulnerable area for cybercriminals to attack. The primary reason is that solar panels are increasingly widespread, making them highly accessible. These assets also do not have the centralized physical security of power generators at guarded facilities. Oregon State University engineers also confirmed that hackers could destabilize power grids by attacking smart meters to cause electricity oscillations. 

Elsewhere, researchers asserted in a 2021 study that the smart inverters used by distributed energy resources—including residential solar panels—are at risk for cyberattacks due to the vast number of homeowners and other third parties using them. The team identified several ways cybercriminals could compromise the communication links between solar panels and smart inverters, including launching distributed denial of service (DDoS) or man-in-the-middle attacks.

Another part of the study concluded that hackers could wreak havoc by targeting microgrids and their ​​centralized control architectures and distributed control systems. It found cybercriminals could block commands or inject false data into the communications feed between regulators and the microgrids. 


Solar energy systems are vulnerable to cyberattacks in several areas.

Solar energy systems are vulnerable to cyberattacks in several areas. Image used courtesy of ResearchGate


In the Netherlands, a Dutch Government Inspectorate for Digital Infrastructure report analyzed nine solar panel converters for potential cyber-risks. The results indicated five posed risks that could make it easier for hackers to infiltrate solar panels. Additionally, none of the converters met cybersecurity requirements. The identified vulnerabilities made the assets easy to hack or remotely disable. 

These collective threats show how people must act now to minimize cyber-related power grid threats. Engineers play vital roles in hardening this essential infrastructure. 


What Engineers Need to Know 

Engineers should take a prevention-focused look at their work by utilizing principles based on cyber-informed engineering (CIE), which emphasizes protecting energy assets and other critical infrastructure from the start. One CIE approach involves learning lessons from previously identified vulnerabilities and determining the best ways to mitigate the associated threats. 

A national CIE strategy for the energy industry features five goals relevant to current and aspiring engineers. They are:

  • Awareness: Facilitating a universal and shared understanding of CIE principles
  • Education: Integrating CIE into the formal curriculums and continuing education programs
  • Development: Creating a knowledge base that enables the ongoing implementation of CIE
  • Current infrastructure: Deploying CIE-informed strategies to protect existing critical assets
  • Future infrastructure: Performing research and development to determine how to build CIE in emerging energy networks

Energy engineers must alter their workflows by incorporating cybersecurity principles into their current knowledge by pursuing specialized training and partnering with people who have a more in-depth understanding of the topic. 


How the Toolkit Helps

One of the reasons for the initiative was to address the blind spots resulting from cybersecurity guidance for the energy sector focusing on fossil fuel-based power generation. Solar energy brings new opportunities—but also additional threats. This toolkit supports users in meeting their power goals and learning practical ways to secure distributed resources. 

The free CATSS toolkit is a digital guide divided into two primary focus areas with 10 related tools. We’ve narrowed down the ones relevant to energy engineers and their work. 


Photovoltaic Solar Engineering and System Overview

What are the biggest risks to solar components and the overall grid? This part of the toolkit breaks down physical and online threats, offering helpful diagrams and well-organized information. Engineers can use the details to learn about the components of a solar power system cybercriminals will likely target and the ramifications if they do. 


Standards Quick Guide

This tool familiarizes engineers with the industry-specific and regulatory frameworks dictating cybersecurity standards. A color-coded chart clarifies which are most relevant to those working with solar power or making energy-related decisions. Leaders could use this guide to choose the most helpful frameworks for establishing cybersecurity best practices. This section also helps engineers choose solar power equipment that meets or exceeds international standards.


Hypothetical Solar Cyberattacks: Scenarios and Impacts

There are constant warnings of potential cyberattacks on critical infrastructure. News broke in September 2023 of a Chinese hacking group infiltrating an unnamed Asian country’s national grid through a breached computer network. 

This part of the cybersecurity toolkit takes engineers through four hypothetical risk scenarios, including some with real-world examples. The actionable content goes through the affected stakeholders, likely consequences, and how to minimize risks.


Decision Support Tool for Solar Energy Cybersecurity Policy and Regulation

This probable risk assessment identifies threats to physical solar infrastructure, the variables that could make a cyberattack more or less severe, and ownership specifics for each component. Engineers can study this to understand and identify the most effective risk-mitigation techniques within their control. 


Cybersecurity and the Solar Workforce: Considerations for States

A 2022 report about sustainable jobs and the required skills indicated an 8% annual increase in employment postings for such roles over the previous five years. The industry undoubtedly needs engineers who can plan and install solar power systems and also those who can protect the infrastructure from cyberattacks.

A key part of the content breaks down 33 cybersecurity-related specialty areas for solar developers, systems engineering professionals, solar installers, and state representatives. It’s a thorough resource for energy engineers wanting to see how their current skills compare to the ideals. 


A Vital Toolkit to Support Solar Cybersecurity 

Experts working within and outside the solar industry increasingly warn that power grids are attractive targets for hackers. Cybercriminals will target the respective components as the world’s solar installations grow, knowing the chances for achieving widespread disruption. 

Energy engineers must prepare by expanding their knowledge and implementing best practices to prevent attacks. This toolkit has invaluable resources to support them on that journey.