How can you better cyber-protect a distributed solar portfolio?
Updated: Aug 26, 2021
Solar developers and integrators who manage hundreds of distributed solar PV systems often encounter the need for better cyber protection. Each PV system is typically having a separate internet connection, which is difficult to individually control and protect. Furthermore, the communication equipment of loggers and modem-routers is highly variable in terms of brand and configuration, making the cyber-penetration scenario a highly plausible event for at least some of them. Moreover, having multiple accounts on multiple solar portals to access the monitoring of hundreds of systems by several users creates too many accessibility end-points to those facilities.
What can go wrong when a cyber-penetration into a residential or commercial solar system is not that difficult? Unlike utility scale solar plants which operate with sophisticated SCADA infrastructure and cyber protection, distributed PV units are pretty much exposed. A cyber-penetration can end up with a minor importance data theft, but in more severe cases the access to PV facility data can be blocked or a data interception be performed. In the most severe cases of sabotage, inverters can even be remotely disabled - creating also a substantial loss of energy production until the issue is resolved.
Despite the obvious risks, there are preventive measures which O&M managers can do in order to reduce the chance of above hazards from happening. First of all, controlling the equipment access in-house - keeping all the usernames and passwords to all the loggers and modems under centralized protection with limited access (not an email-shared Excel file). Secondly, the team access to monitoring portals should be organized and controlled: instead of providing a separate user access for each O&M team member, a company should better utilize company-associated users and those users would be preserved upon crew rotation while periodically changing passwords.
Finally, there are measures which can significantly reduce the risk on hardware and software levels. For example - providing the O&M team with company-owned computers for all their work tasks is not that expensive and can easily reduce the redundancy of accessibility exposure on personal computers and smart devices. Another important tool can be a data aggregation solar portal, which creates another level of data access protection for the PV facilities. An equipment-agnostic aggregation portal can dramatically reduce the usage of usernames and passwords for remote plant access via OEM portals, and thus the risks of access exposure.
In summary, increasing numbers of distributed solar PV facilities and now also Energy Storage units per integrator company create a challenge in terms of cyber threats. However, right data security protocols and the utilization of hardware and software tools (providing employees with company-owned computers and utilizing a solar aggregation portal) can dramatically improve the situation and reduce cyber risks upon individual PV facilities.
Commercial solar PV managers & solar integrators - considering to optimize your solar O&M management costs or offering your customers a solar monitoring/management portal with your own brand and logo? Fill the contact form to get more details or request a demo.