Solar companies dealing with the management of distributed solar PV systems often encounter the need for better cyber protection. Each PV system is typically having a separate internet vendor connection, which is difficult to individually control and protect. Furthermore, the communication equipment of loggers and modem-routers is highly variable in terms of brand and configuration, making the cyber-penetration scenario a highly plausible event for at least some of them. Moreover, having multiple accounts on multiple solar portals to access the monitoring of hundreds of systems by several users creates too many accessibility end-points to those facilities and weather sensors may further add complexities.
What can go wrong when a cyber-penetration into a residential or commercial solar system is not that difficult? Unlike utility scale solar plants which operate with sophisticated SCADA infrastructure and appropriate cyber protection, distributed PV units are pretty much exposed. A cyber-penetration can end up with a minor importance data exposure, but in more severe cases the access to PV facility data can be blocked or a data interception be performed. In the moret severe cases of sabotage, inverters may even be remotely disabled - creating also a substantial loss of energy production until the issue is resolved.
Despite the obvious risks, there are preventive measures which companies can do in order to reduce the chance of above hazards from happening. First of all, controlling the equipment access in-house is the best though more expensive option - essentially custom building a SCADA or alike digital system to manage PV systems remotely. This solution is obvious for solar equipment manufacturers and energy management solution providers.
Secondly, for smaller players like regional integrators and developers the use of genuine monitring portals and aggregation solutions is more available - thus it is recommended keeping all the usernames and passwords to all the loggers and modems under centralized protection with limited access (not an email-shared Excel file). In such case, the team access to OEM monitoring portals should be organized and controlled: instead of providing a separate user access for each O&M team member, a company should better utilize company-associated users and those users would be preserved upon crew rotation while periodically changing passwords. Furthermore, there are measures which can significantly reduce the risk on hardware and software levels. For example - providing the O&M team with company-owned computers for all their work tasks is not that expensive and can easily reduce the redundancy of accessibility exposure on personal computers and smart devices.
In summary, increasing numbers of distributed solar PV facilities and recently also Electricity Storage units creates a challenge in terms of cyber protection for manufacturers and solution providers. However, in-house integration and right data security protocols with the utilization of secure hardware and software tools can dramatically improve the situation and reduce cyber risks upon individual PV facilities.
Interested in integrating Sensorless technology for real-time PV performance analytics to enhance your energy management software? Fill-in the demo request form to get more details.