Technological innovations, reducing prices of solar panels, and on grid solar system benefits have made solar power take the lead in the renewable energy industries of the country. However, solar installations are not immune to cybersecurity threats. The PV assets are at higher risks of being hacked due to the digitalization of power grids and increasing connectivity of power plants, putting the power supply from the plant at risk. Though the industry started with structural and mechanical engineering elements, it now has equally efficient software components that make it susceptible to various cyber threats.
Hacking Solar Power
If exploited widely enough, solar power inverters can disrupt the energy grid of even a country, with clever timing. Every high and low-cost solar energy system has a wall-mounted inverter to convert the energy generated by the rooftop solar panels for home into AC power than can be used by a home or exported to a grid if any power is left. Most of these systems come with “smart” software that allows the customer to analyse their energy consumption in their solar rooftop system and lets engineers monitor the inverters. It is this software layer that creates an entrance for cyber attackers, and they might exploit inverters for various security reasons. The flaws in the solar panels can also be exploited which could damage various operations of the solar power plant.
For a country like India where the popularity of the on grid solar system India is rising, such attacks could be very devastating. It is very expensive for developers to have huge supplies of power as a backup, meaning that most countries with the best solar policy would not have enough energy in the reserves to cover up for a plant’s lost production that has become a victim to a cyber-attack.
Threats that come with Smart Solar Inverters
Any device that is connected to the internet is at risk of being hacked, even when the on-grid solar system is very efficient and secure. Using internet-connected software, the inverters communicate with the grid to do voltage management functions. When this idea is used for good, smart inverters can easily minimize the occurrence of damaging fluctuations by regulating the voltage of power getting into the grid. But if the controls of the smart inverters are taken over by the hackers, they could potentially program bad settings into the inverter’s software and maximize damage by letting voltage go out of control. This will result in blackouts and brownouts.
The grid would not feel a very huge impact if bad voltage settings were programmed into very few inverters. But when this software is moving voltages simultaneously in the wrong direction by taking control of a large collection of smart inverters, then the grid is most likely to collapse.
Solar energy storage companies manufacturing inverters can take necessary steps to make sure that their end is safe from various cyber threats. But when the internet is involved, hacks can become inevitable, and based on the sophistication of the cyber-attack; damage to the grid can vary. When seen at a local level, a group of inverters creating voltage oscillations could reduce the voltage and damage loads on the distribution grid. At a larger scale, a sophisticated attack could harm the transmission and sub-transmission systems, causing widespread blackouts.
A potential solution
A few solar energy companies have come up with an effective and simple solution. It helps fight cyber-attacks to smart inverters with the help of other, uncompromised inverters to neutralize the attacks.
When two smart inverters of the solar system are connected at the same point in the grid, from the grid’s perspective, it will look like one huge inverter. This will allow the inverters to work together to regulate the voltage.
If a cyber-attack causes one to have a bad setting, then the slopes in the control curve of that particular inverter will increase, but at that time, the slopes of the other inverter would decrease, and the overall curve would remain unchanged. Each inverter would be designed to take decisions individually on whether the curve should be reduced, instead of talking to the other inverters or a centralized entity.
The greatest strength of this solar energy storage solution is that it is easy to implement. Such software will use the functions that are already present in the programs of smart inverters to find when the voltages are oscillating abnormally and respond accordingly. The software can be embedded inside individual smart inverters on the back end system of either the inverter manufacturer or the utility. A major advantage of this solution is that when an attack arrives there is no need for the activation of a sophisticated communications network. Another advantage is that there is no need for a large-scale coordinated response as each inverter can respond on its own.
Keeping power safe in India
Software that has network access, data infrastructure, and security software should be always monitored and kept up to date to defend the system from the latest cyber threats. The energy sector of India has become more cautious by increasing its cybersecurity among the growing cyber threats.
The government of India has mandated implementation of security policies within various agencies in accordance with the ISMS (Information Security Management System) Standard ISO 27001 to enable comprehensive cybersecurity policy compliance. The government has also issued Computer Security Guidelines that are circulated among all ministries and departments.
To assess preparedness for critical organizations of India, cybersecurity drills are also conducted. Guides on standards are also stated in the Five-Year Plan on Information Security. Nationwide Information Security Education and Awareness Programs have been implemented by the government to increase cybersecurity awareness through informal and formal programs. Many R&D projects have also been supported at research institutions in areas like steganography, cryptography and cryptanalysis, network monitoring, network and systems security assurance, cyber forensics, and capacity development in the field of cybersecurity.
With increasing cyber threats around energy assets, it is time to promote more sophisticated cybersecurity for systems within the renewable sector.