SolarPower Europe has published a series of recommendations in its latest position paper to establish a harmonized cybersecurity baseline across the solar sector in response to growing concerns over cyberattacks.
Recent modeling from the trade group suggests that digital flexibility solutions would save €32 billion ($34.9 billion) by 2030 and €160 billion by 2040. SolarPower Europe said that at the current level of solar penetration, the risk of cyberattacks remains limited. But it said that future attacks could lead to data theft or manipulation, disrupt power plant operations, and destabilize the electricity system.
“As a future-looking sector – on its way to a majority share in the energy mix – the solar industry is calling on regulators and policymakers that the EU approach translates into a sector-specific, harmonized cyber-preparedness baseline,” it said in the position paper.
SolarPower Europe urged plant operators to manage risks in line with NIS2, the EU's cybersecurity legislation. It also suggested increasing the granularity of cybersecurity risk assessments, building on the Network Code for Cybersecurity, which requires grid operators to assess risks on the grids. The trade body called for reinforcing product-level cybersecurity through Cyber Resilience Act compliance and a dedicated standard for distributed energy resources.
SolarPower Europe also said that operational solar power plant data should stay within the European Union or in jurisdictions with similar security levels, similar to General Data Protection Regulation (GDPR) regulations. It called for mandatory best practices for large power plants and said the European Union or national governments should introduce a security layer to monitor commands where aggregators and manufacturers centrally coordinate distributed energy resource devices like inverters.
The position paper also urged small-scale PV users and installers to manage their device cybersecurity by setting strong passwords and installing security updates.
SolarPower Europe Deputy CEO Dries Acke called the digitalization of the energy sector a “no-brainer,” but acknowledged it will bring new challenges.
“There are clear steps to be taken on the lower voltage levels, including improving cyber risk assessments, setting a new EU standard for product security for distributed energy resources, and empowering consumers to manage their device security.” Acke said. “Any centrally coordinated or managed devices, for example, aggregated rooftop solar installations, should have an EU or nationally authorised layer of monitoring.”
This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: editors@pv-magazine.com.
By submitting this form you agree to pv magazine using your data for the purposes of publishing your comment.
Your personal data will only be disclosed or otherwise transmitted to third parties for the purposes of spam filtering or if this is necessary for technical maintenance of the website. Any other transfer to third parties will not take place unless this is justified on the basis of applicable data protection regulations or if pv magazine is legally obliged to do so.
You may revoke this consent at any time with effect for the future, in which case your personal data will be deleted immediately. Otherwise, your data will be deleted if pv magazine has processed your request or the purpose of data storage is fulfilled.
Further information on data privacy can be found in our Data Protection Policy.