The University of Arkansas is spearheading a new collaborative effort with researchers and industry partners to address the rising risks and challenges associated with the deployment of solar systems.
Historically, little attention has been paid to the risks within solar systems, as they weren’t commonly deployed and most solar inverters were not connected to wider networks. However, the potential risks grow as more solar panels are installed and inverters become more advanced. Solar inverters act as the bridging interface between solar panels and the grid, with newer models allowing for monitoring and control.
Solar inverters that are not updated or secure enough could potentially be intercepted and manipulated by attackers, allowing them to embed malicious code that could spread into the larger power system.
University of Arkansas Solar Inverter Cybersecurity Initiative
The new project led by the University of Arkansas is funded by the U.S. Department of Energy’s Solar Energy Technologies Office (SETO) and aims to strengthen the cybersecurity measures of solar inverters. Solar inverters are used to convert direct current (DC) generated from solar panels into alternating current (AC) that can be used in households and within the energy grid.
This effort involves collaboration among multiple universities, laboratories, and industry partners to develop custom-designed controls infused with multiple layers of cybersecurity protocols.
Researchers from these groups dismantled conventional commercial solar inverters, stripping away existing controls and technology. They then integrated work from different partners while implementing custom-designed controls designed with multiple additional layers of cybersecurity protocols.
The University of Arkansas group then took to solar farms in order to subject these modified inverters to real-world conditions to test them and demonstrate the practicality of their cybersecurity measures.
The collaborative partners for this project include the University of Georgia, Texas A&M Kingsville, University of Illinois Chicago, Argonne National Laboratory, National Renewable Energy Laboratory, General Electric Research, Ozarks Electric, and Today’s Power Inc. The collaborative efforts from these groups is a further step to fortifying not only the cybersecurity resilience of solar inverters but also to secure the broader landscape of renewable energy technologies.
Securing Renewable Energy and Electric Grids
As electric grids become increasingly digitized and connected, securing these grids becomes a top priority for the U.S. Department of Energy (DOE). The department has stated that while some cyberattacks target information technology (IT) systems, attacks on operating technology (OT) devices such as solar photovoltaic inverters could have potential physical impact, such as loss of power and creation of fires.
The department cited an incident in March 2019 in which hackers managed to breach through a utility’s web portal firewall. The attack caused random interruptions to the visibility of segments of the grid from its operators for a period of 10 hours.
The DOE’s Solar Energy Technologies Office (SETO) is working to ensure that the electric grid is secure and capable of integrating more solar power systems and other distributed energy resources. The agency developed a roadmap for Photovoltaic Cybersecurity, supports ongoing efforts in Distributed Energy Resources (DER) cybersecurity standards, and participates in the Office of Energy Efficiency and Renewable Energy’s Cybersecurity Multiyear Program Plan, along with the Department of Energy’s broader cybersecurity research activities.
The Solar Energy Technologies Office has recommended the use of dynamic survival strategy based on defense-in-depth measures that functional as additional layers of security to secure individual components as well as entire systems. These layers include installing anti-virus software on DER systems (solar inverters and battery controllers) and maintaining virus protection and detection mechanisms on the firewalls and servers integrating these individual systems to the broader system of grid operation.
The Office admits that implementation of this strategy into DER technologies can be complex, with different owners, operators, and systems typically involved, but maintains the strategy’s importance in reducing potential cyberattacks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
