CIGAR 'Smokes Out' Attacks on Solar Electrical Power Equipment
As green energy becomes more prevalent, solar arrays are seen as among the most promising methods for generating sustainable electricity. At the same time, inverters - the “brains” of the system, converting DC power generated by the panels to AC power ingested by the grid - are also becoming smarter, adding adaptive capabilities to respond to changing conditions in the grid.
Yet, like so many other network-connected devices, solar inverters and other equipment find themselves in the vulnerable position of being connected to networks without the traditional security protections offered to PCs, servers, and network appliances. A determined attacker could access the inverters connected to these panels and, by manipulating their settings, potentially create disturbances that could cause outages or damage to certain equipment connected to the grid.
While the need for security in the power grid is clear, cybersecurity has typically been “bolted on” in a piecemeal fashion after the fact, rather than designed in from the outset; consider, for example, significant changes to the grid that have resulted from the addition of distributed energy resources (DER) such as solar and grid-attached storage. Enter the Cybersecurity via Inverter-Grid Automatic Reconfiguration (CIGAR) project, a Lawrence Berkeley National Laboratory (Berkeley Lab) effort aimed at providing security protections for emerging power systems.
Lead investigators Sean Peisert and Daniel Arnold have been seeking ways to protect the grid from disturbances caused by remote attacks against rooftop solar inverters by examining everything from possible threat scenarios to defense methods and even the problems that could be caused by those protections.