Solar isn’t low risk anymore. Adoption has turned inverters, aggregators, and control software into attack surfaces capable of disrupting service and undermining confidence in the transition.
Cyber threats expose weak spots in solar power systems
Until recently, security risks in solar systems received little attention. That is starting to change as awareness grows across the energy sector. In July 2024, the FBI issued an industry alert warning organizations about threats to renewable energy systems.
Forecasts show the share of renewable energy in power generation rising from 30% in 2023 to 46% by 2030, with solar and wind driving most of that growth. That alone underscores why cybersecurity needs to be a top priority.
Real-world incidents already expose what’s at stake. A power outage on the Iberian Peninsula, though unrelated to a cyberattack, renewed discussion about energy sector security. The incident raised questions about whether Spain’s high share of renewables contributed to the grid failure.
“Connected infrastructures, such as renewables and EV charging networks, fall outside the direct control of grid operators and can also cause blackouts in the grid. Tampering with the control of connected infrastructures through hacks or exploiting vulnerabilities in the supply chain poses a major risk to the resilience and reliability of energy infrastructure,” said Anjos Nijk, Managing Director of the European Network for Cyber Security (ENCS).
Aditya K. Sood, a U.S.-based security researcher, demonstrated how easily he could log into a solar plant in Tamil Nadu, India, using default credentials.
Hackers hijacked about 800 remote monitoring devices at a solar power installation in Japan as part of a bank account theft scheme. They used a known software flaw (CVE-2022-29303) linked to the Mirai botnet and even shared a video online showing how to exploit it.
The Just Evil hacktivist group carried out another attack targeting the solar monitoring system used by Lithuania’s Ignitis Group.
Vulnerabilities inside the solar PV ecosystem
The inverter is one of the most exposed parts of a solar photovoltaics (PV) system. It converts direct current from panels into alternating current for the grid.
Inverters now connect through Wi-Fi, cellular, or cloud platforms that allow remote monitoring and control. These same connections also increase the chance of a cyberattack. If breached, inverters can disrupt grid stability and cause power loss.
Researchers found 46 new vulnerabilities in solar power systems, some of which could be used to hijack entire fleets of inverters.
Inverters also raise supply chain concerns. Many are imported from China, which dominates global solar PV manufacturing. This dependence raises questions about data security and potential flaws in imported systems.
Bitdefender identified several vulnerabilities in PV plant management platforms that could expose connected solar systems to remote access and manipulation.
Recent findings revealed hidden communication modules inside some Chinese-made solar inverters. These undocumented components can connect directly to cellular networks, creating a backdoor that can bypass firewalls and monitoring tools. If exploited, they could allow remote access, changes to inverter settings, or disruption of grid operations.
Frameworks behind solar cybersecurity
Several cybersecurity frameworks guide how the energy sector manages digital risk. The NIST Cybersecurity Framework, ISO 27001, and IEC 62443 provide methods to assess risk, segment networks, and protect communication between inverters and control systems.
In the U.S., the Department of Energy’s 2024 Cybersecurity Implementation Plan outlines steps to strengthen protection for renewable and distributed energy systems, with a focus on battery integration and incident reporting.
Across the EU, the NIS2 and Critical Entities Resilience directives require stronger cybersecurity and supply-chain oversight for energy operators, including solar projects. The National Renewable Energy Laboratory’s Distributed Energy Resources Cybersecurity Framework supports similar self-assessment practices in the U.S.
Applying these standards early can reduce exposure in monitoring and control systems, speed recovery after incidents, and lower compliance risk as solar power continues to expand.
Defensive measures
Solar and storage systems are now part of the wider grid. Their connectivity improves visibility and control but also opens paths for intrusion. Security depends on a mix of network design, equipment integrity, and response readiness.
Strengthen network architecture and access control
Solar power systems rely on networks linking inverters, controllers, and monitoring platforms. Each connection is a possible entry point. To reduce exposure:
- Segment networks into zones that separate control systems from business and vendor networks.
- Use firewalls or data gateways to manage data between IT, OT, and cloud layers.
- Apply role-based access control and MFA for remote logins.
- Remove shared or default accounts.
- Route vendor connections through monitored gateways instead of direct device access.
Keep firmware and software current
Many inverters and controllers run outdated firmware, leaving known vulnerabilities open to attack. Recommended practices include:
- Schedule regular patch cycles aligned with maintenance windows.
- Verify updates before installation and use signed firmware when available.
- Use devices that support secure boot to block unauthorized code.
- Confirm that vendors offer ongoing firmware support and vulnerability reporting.
- Review how vendors manage encryption and key storage in communication modules.
Build incident-response and recovery capabilities
Detection and recovery planning are part of normal operations. A defined plan helps contain damage and restore systems:
- Identify who declares an incident and initiates isolation steps.
- Keep a communication plan for internal teams and partners.
- Maintain clean system images and tested backups.
- Run tabletop or live drills each year to test procedures.
- Review and update the plan after any event or system change.
