One of the leading international providers of risk management services is the Norwegian foundation DNV. In a recent report, its consultant Alexander Hansen Bakken elaborates on the cyber vulnerabilities that affect energy, and in particular photovoltaic farms.
Securing IoT is an “increasingly urgent” challenge for the energy sector, he argues. The researcher adds: “As IoT systems become more networked and connected to IT systems, attackers can more easily access and control the systems running critical infrastructure.”
“It is now possible for attackers to prevent photovoltaic inverters from working, disrupt the energy supply of a power grid, shut down a wind farm, and disable the safety systems of pipelines, refineries, or oil and gas platforms,” summarizes Alexander Hansen Bakken.
A DNV study in May 2022 indicated that 84% of energy professionals anticipate a cyber attack within two years. Specifically regarding photovoltaics, Alexander Hansen Bakken points out the most common vulnerabilities, especially inverters, which are increasingly connected and intelligent, and therefore likely to be attacked, as they are critical infrastructures.
Indeed, inverters ensure the stability of the voltage of the electricity produced: however, a significant voltage variation in the electricity injected can potentially damage many downstream infrastructures, or even lead to a blackout.
The consultant also warns against third-party IS that could have access to SCADA infrastructures, such as a video surveillance system.
Finally, he points to the need for PV operators to invest heavily in ensuring cybersecurity that matches the actual risk, not just following standards in this area (which are often insufficient), nor relying on the fact that no major cyberattack has (yet) hit a PV installation.