Bloomberg Law
Free Newsletter Sign Up
Bloomberg Law
Advanced Search Go
Free Newsletter Sign Up

Solar Equipment Vulnerable to Cyberattack, Power Outage: Report (1)

Nov. 1, 2018, 1:28 PMUpdated: Nov. 1, 2018, 8:13 PM

With the growth of internet-connected solar power systems across the U.S. comes a greater risk of cybersecurity attacks on the electric grid, a report published Nov. 1 claimed.

The biggest potential problem is that a cyberhacker could access thousands of solar electricity system inverters and shut down the electricity provided to the grid, says the report by Ridge Global LLC, a consulting firm founded by former Homeland Security Secretary Tom Ridge.

And the threat to solar-power systems could grow as U.S. solar power capacity could more than double in the next five years, according to projections.

U.S. electric utilities are hit by millions of attempted cyber intrusions a day. While a successful cyberattack hasn’t shut down the U.S. power grid, the Department of Homeland Security in 2017 said Russian actors targeted hundreds of energy and nonenergy companies’ networks.

Inverters are a part of the solar photovoltaic system that converts the direct current from the solar array into alternating current power, which is then distributed onto the electric grid. The inverters monitor and control the solar photovoltaic systems.

“The primary concern of the report first and foremost is that policy makers, regulators, and industry standards cannot keep up,” Raymond Watts, a co-author of the report, told Bloomberg Environment.

However, while inverters are increasingly connected to the internet, most solar inverters in the field today can’t be cyberattacked because they only have one-way communications and don’t have the ability to receive commands, Dan Whitten, the Solar Energy Industries Association’s vice president of communications told Bloomberg Environment.

Additionally, Mark McGranaghan, vice president of distribution and energy utilization at the Electric Power Research Institute, said, “Singling out inverters doesn’t even make that much sense.” He agreed that a lot of inverters aren’t connected to the internet.

Report Skepticism

The solar industry, represented by the Solar Energy Industries Association, said cybersecurity of the power grid is of critical concern and it is working with the Energy Department to ensure inverter systems can defend against attacks.

“Our member companies, some of which make inverters, are committed to developing products that contribute to greater grid security,” Whitten said.

Additionally, Whittten said that SEIA was not contacted for the report, and several recommendations in the report are already underway.

In particular, the IEEE, the technical standards group, issued IEEE-1547, a standard that stipulates how to interconnect distributed resources —like solar inverters—to the electric grid. Currently states are still are deciding whether or how to adopt it. Whitten said the industry supports this standard.

“There are a lot of inverter vendors so there’s not one place to go hack into and get access to all the inverters on part of the grid,” McGranaghan told Bloomberg Environment. “So some of those issues are maybe a little bit of a stretch to be a concern right this minute.”

Foreign Supply Chain Standards

Most solar inverters used in the U.S. are made by foreign or foreign-owned companies, including China’s Huawei Technologies Co. Ltd., the world’s largest inverter manufacturer. China supplies 47 percent of the solar inverter market.

Chinese solar inverter manufacturers are subject to a 10 percent tariff, which races to 25 percent Jan. 1, a directive from the Trump administration’s Office of the U.S. Trade Representative.

There are no universal standards ensuring the quality of inverters, according to the report.

One of the consultancy’s top recommendations is for the solar industry to create a supply chain certification standard to protect photovoltaic components and inverters.

It also recommends that the U.S. government, particularly the Department of Defense, not include foreign-made equipment in microgrids or other energy installations designed to ensure grid reliability or grid independence.

“The report could be a catalyst for all of the stakeholders that need to be part of this: the electric industry, manufacturers, developers of distributed energy resources, and regulators at the federal and state levels,” Richard Mroz, a senior adviser for state and government relations at Protect Our Power, which commissioned the report, told Bloomberg Environment.

The report is a call to these groups to “come together and focus on both the need for cybersecurity standards at the distribution level, as well as a call for the collective stakeholders in the industry to look at standards on the manufacturers of these devices that are being integrated into our electric system,” Mroz said.

Protect Our Power is an independent not-for-profit organization focused on working with industry and the government to protect electricity infrastructure from cyber and physical attacks.

(Updated throughout to include reaction and analysis of the report.)

To contact the reporter on this story: Rebecca Kern in Washington at

To contact the editor responsible for this story: Greg Henderson at