Strengthening Cybersecurity in Solar and Energy Storage Systems
TL;DR
- This article covers the cybersecurity challenges facing solar and energy storage systems, emphasizing the importance of robust security measures and compliance with industry standards. It highlights best practices for mitigating risks and ensuring the resilience of the energy grid against sophisticated cyber threats.
Solar and Storage Cybersecurity
Solar and energy storage technologies are crucial for meeting rising electricity demand. In 2024, solar and storage accounted for 84% of new grid capacity additions, with a reported 82% in the first half of 2025 according to SEIA and Wood Mackenzie’s Solar Market Insight Report. The increasing digital connectivity of the grid necessitates prioritizing cybersecurity to protect against unauthorized access and disruptive attacks from various threat actors.
Threats to critical infrastructure have become more common and sophisticated, with state-sponsored groups targeting sectors such as telecommunications and energy. For instance, Chinese advanced persistent threats and cyber actors from Russia and Iran have focused on the energy sector. SEIA emphasizes the importance of developing and implementing cybersecurity best practices throughout the industry to protect solar systems.
To effectively mitigate risks, stakeholders must focus on securing the supply chain, as the complexities and global sourcing of components increase vulnerability. Recent findings of undocumented communications devices in solar technologies underscore the need for robust cybersecurity measures.
SEIA, in collaboration with organizations like the North American Reliability Corporation (NERC) and the U.S. Department of Energy, has created a comprehensive list of security recommendations for large-scale solar inverter-based resources. The National Association of Regulatory Utility Commissioners (NARUC) has also partnered with DOE to establish cybersecurity baselines for electric distribution systems.
Challenges in Energy Storage Cybersecurity
Cybersecurity threats have surged in the energy sector, with a 70% increase in cyberattacks on U.S. utilities within the past year. The North American Electric Reliability Corporation (NERC) highlights the necessity for energy storage technologies to adopt robust security management controls. These controls must also include regular system monitoring and incident response protocols to safeguard against unauthorized access.
EVLO, a prominent provider of battery energy storage solutions, outlines the diverse threats faced by energy storage systems, including ransomware attacks and operational disruptions. The compliance with NERC-CIP standards is vital for battery energy storage systems (BESS) to maintain system reliability.
Utilities must also layer compliance with additional security standards, such as NIST and ISO 27001, to enhance BESS security. EVLO’s proprietary EVLOGIX system is designed to meet NERC-CIP standards and incorporates high-grade encryption and secure code management.
!Energy Storage System Image courtesy of Energy Storage News
To strengthen cybersecurity, it is essential for BESS suppliers to ensure component quality through reputable supply chains. Rigorous testing of software updates and configurations must be conducted to identify vulnerabilities before deployment. EVLO engages in extensive real-world testing to simulate cyber threats and refine system defenses.
Regulatory Landscape and Future Directions
The current regulatory framework is evolving to include solar energy systems under cybersecurity mandates. Solar generators must prepare for the impending regulations, such as those from the NERC, which are poised to enforce stricter cybersecurity measures. This preparation includes conducting vulnerability assessments to identify potential threats and prioritize mitigation strategies.
Solar organizations need to adopt a proactive approach to cybersecurity by implementing redundancy within their operational technology (OT) systems. This approach not only protects against cyber threats but also ensures operational reliability. By leveraging monitoring and software capabilities, organizations can establish remote security operations centers, optimizing cybersecurity management even in remote locations.
As the industry moves towards a more secure future, organizations must embrace predictive and adaptive cybersecurity solutions. EVLO is exploring how AI and machine learning can enhance real-time anomaly detection in their systems, ensuring rapid response to emerging threats.
For ongoing updates and resources, stakeholders are encouraged to follow SEIA’s initiatives on cybersecurity and related best practices for enhancing the resilience of solar and energy storage systems.
