How can you better cyber-protect a distributed solar portfolio?

Managing the cybersecurity of a distributed solar portfolio, particularly with the integration of Energy Management Systems (EMS) and Energy Storage Systems (ESS), is a complex yet essential task. Distributed solar systems often rely on separate internet connections from various vendors, making it challenging to enforce consistent security protocols across all sites. This decentralized structure creates vulnerabilities that hackers could exploit.

The diversity in communication equipment, such as loggers and modem-routers, adds another layer of complexity. Variations in brands and configurations make it more likely that at least some devices may have weaker defenses against cyber-attacks. Additionally, managing multiple user accounts across different solar monitoring platforms introduces numerous accessibility endpoints. This can significantly increase the risk of unauthorized access, especially when considering the additional integration points like weather sensors and EMS or ESS platforms.

To better cyber-protect a distributed solar portfolio, adopting a centralized approach to access management is crucial. Consolidating user credentials under a secure, company-managed system minimizes exposure to unauthorized entry points. For instance, using company-associated accounts instead of individual ones ensures that access is preserved through staff changes while enabling regular password updates to maintain security.

Standardizing the communication equipment across the portfolio can also help. Selecting a consistent set of loggers and modem-routers reduces variability, making it easier to monitor and implement security updates. Providing company-owned devices for O&M teams can further enhance security by eliminating vulnerabilities associated with personal devices.

Lastly, working with secure EMS and ESS platforms that offer robust built-in protections can streamline operations while reducing potential cyber risks. These platforms can unify data flow, allowing for a more controlled and secure monitoring process.

By addressing these challenges with proactive measures, solar companies can significantly enhance the cybersecurity of their distributed portfolios, ensuring the reliability and resilience of their systems in an increasingly digital energy landscape.

What can go wrong when a cyber-penetration into a residential or commercial solar system is not that difficult? Unlike utility scale solar plants which operate with sophisticated SCADA infrastructure and appropriate cyber protection, distributed PV units are pretty much exposed. A cyber-penetration can end up with a minor importance data exposure, but in more severe cases the access to PV facility data can be blocked or a data interception be performed. In the moret severe cases of sabotage, inverters may even be remotely disabled - creating also a substantial loss of energy production until the issue is resolved.

Despite the obvious risks, there are preventive measures which companies can do in order to reduce the chance of above hazards from happening. First of all, controlling the equipment access in-house is the best though more expensive option - essentially custom building a SCADA or alike EMS digital system to manage PV systems remotely. This solution is obvious for solar equipment manufacturers and energy management solution providers.

Secondly, for smaller players like regional integrators and developers, the availability of genuine monitoring portals and aggregation solutions has improved significantly. However, it is crucial to maintain strong centralized protection for sensitive credentials, such as usernames and passwords for loggers and modems. These should not be stored in insecure formats like email-shared Excel files.

Team access to OEM monitoring portals should be structured and controlled. Instead of granting individual access to each O&M team member, companies should implement centralized, company-associated user accounts. These accounts would remain active through staff rotations, with passwords periodically updated to enhance security.

Additionally, several measures can mitigate risks at both hardware and software levels. For instance, equipping O&M teams with company-issued computers for their tasks is a cost-effective strategy that minimizes exposure risks associated with using personal devices. This approach not only reduces accessibility vulnerabilities but also strengthens overall cybersecurity.

In summary, increasing numbers of distributed solar PV facilities and recently also Electricity Storage units creates a challenge in terms of cyber protection for manufacturers and solution providers. However, in-house integration and right data security protocols with the utilization of secure hardware and software tools can dramatically improve the situation and reduce cyber risks upon individual PV facilities.

Interested in integrating Sensorless technology for real-time PV performance analytics and enhancing cyberprotection of an energy management software? Fill-in the demo request form to get more details.