Solar Cells: The New Frontier of Cyber Warfare?

Solar energy is popular worldwide as an alternative to fossil fuels. In 2023, 50% more renewable energy systems were added worldwide, with solar accounting for 75% of that increase alone. Renewable energy accounted for 30% of global energy production in 2023, and if current predictions stay true, there’s the potential for renewable energy to phase out fossil fuels by 2050.

Solar and other distributed energy resources are changing grid management. Grids are becoming more digitized and smarter to account for various intermittent sources and to create a more robust energy supply in times of need. 

However, the increased smartness of power grids offers more opportunities for hackers, who may find solar cells the next big entry point into decentralized smart grid networks.

Can hackers disrupt the energy system through solar panels? Adapted from images used courtesy of Canva and Pexels

Energy Under Threat 

Cyberterrorists could destabilize society by crippling infrastructure and targeting a resource that everyone relies on—energy.

While solar cells have become the latest threat to cyberhackers, they are not the first in the energy sector. In 2021, the criminal group DarkSide attacked the fuel distribution company Colonial Pipeline on the east coast of the U.S. As a result, Colonial Pipeline had to pay the hackers $4.4 million in bitcoin. 

It’s not the first attack on energy infrastructure, and it won’t be the last. More large-scale attacks could occur on critical energy infrastructure.

Digitally Connected Grids Make Hacking Risks Bigger

Power grids are upgrading to digitally connected smart grids. However, much legacy equipment is unsuitable for digital use, so it must either be retrofitted with smart technology capabilities or replaced with new smart technology. Because digitally connected technology is used in infrastructure without a digital footprint, it potentially provides an easy entry for hackers. The many sensors, digitally connected systems, and external energy generation systems may not have the best safety protocols or might have been connected to the internet before safety protocols were the most robust.

The lack of strong IT protocols around smart grids and more potential easy entry points for hackers means the grid could be more vulnerable than ever. Smart grids rely on cloud computing and open-protocol standards, further amplifying the risk. If hackers gain entry through an easy port, infiltrating the entire grid network will not be difficult. The threats to the grid are not just contained to the grid, either. Smart grids are connected to other critical infrastructure, services, and energy providers (which have access to customer data), so any potential breach could have much wider-reaching consequences.

Solar energy growth by nation. Image used courtesy of National Renewable Energy Laboratory

Solar Cells as a Potential Entry Point

Smart grids have many potential entry points, especially with numerous IoT sensors added to monitor different aspects of the grid in real time. However, while any internet-connected grid aspect could theoretically be breached, solar cells are an especially vulnerable target.

The risk arises from the sheer number of solar cells installed and integrated into the grid and connected via complex networks. Integrating solar cells into smart grids is still new, and installation and management are often handled remotely. Thus, they offer hackers numerous potential entry routes.

The challenge for solar cells is that most installations are not isolated systems. They are typically connected to the grid (often via a microgrid), and the electricity is fed into the grid via inverters and control systems normally connected to the internet. Solar inverters are not the most robust devices against digital attacks, and hackers can easily manipulate the software governing their use. After accessing the system through solar cells, a cyber attack could spread through a connected smart grid. This could disrupt the power supply and feed surges into the grid, causing a drop in solar power generation or damaging sensitive electronic infrastructure.

Inverters Are at Risk

Inverters are a major risk area for solar cells. Inverters convert the DC electricity generated by the solar cell into AC electricity for distribution to the wider power grid. With the rise of digitally connected grids, modern-day inverters have extra capabilities to provide control, real-time monitoring, and data collection functions.

However, inverters’ digital connection makes them more susceptible to security breaches, and inverters with outdated or unprotected software are the most at risk. Hackers can intercept the data logged in the inverter, introduce malicious code that could spread throughout the grid network, or cause localized power outages. There is also a risk that inverters could be used to facilitate distributed denial of service attacks.

Inverters at a solar farm. Image used courtesy of Department of Energy

SCADA Systems at Risk

Hackers could potentially target the supervisory and data acquisition (SCADA) systems to control and monitor the solar cells remotely. Hackers can target the hardware and software of SCADA systems. In solar cells, SCADA systems monitor and manage energy distribution to the grid. Still, outdated software, unencrypted communications, and weak authentication protocols offer potential easy routes to the grid for hackers.

Who Should Protect the Grid? 

Securing solar cells against hackers will become crucial to the energy landscape. It will rely on grid operators, system owners, and maintenance teams working together to ensure the system is robust enough to withstand cyber threats. The protections will vary, depending on the solar installation. Still, bigger at-risk installations must ensure robust protection and advanced security measures to keep the grid safe. These measures must be regularly updated so that they don’t become a liability. Manufacturers of inverters and SCADA systems must also ensure that any products that make it to the grid have adequate protection to fend off potential cyberattacks.