Skip to content

Solar inverters vs. cyberattacks


From pv magazine International

A group of researchers from the University of Arkansas is trying to develop solar inverters that could protect PV power plants from cyberattacks.

“Inverters are one of the main connected devices and so if a hacker could take control, inverters would be a primary target because they are accessible, and because they perform many smart functions to maintain stability and efficiency,” the research coordinator, Alan Mantooth, told pv magazine. “They are the heart of the PV system.”

Or phrased differently, they are the weakest link. “Inverters communicate with a central controller and with one another in a solar PV farm, depending on the design of the farm, and if they are hacked, they can be shut down, overcharge batteries or cause grid instability, and maybe do other things I have not considered,” Mantooth went on to say.

The researchers also believe that a cyberattack on a storage-backed solar plant could lead to the destruction of the storage system itself, which could in turn result in a fire. “Taking down, or taking control of, solar PV farms would enable someone to disrupt critical functions in the same way taking down any electrical supply would,” Mantooth explained.

Security standards

The most vulnerable inverters and solar installations are those that are connected to communications systems that are not locked down. “Some solar PV installations have dedicated fiber that never connects to the public system, so they are more secure,” Mantooth said. “Others, well, are easier to hack.”

Plants that rely on string inverters are not necessarily more vulnerable than those that rely on central inverters, he claimed. “If the central inverter is weak, you are more vulnerable than if you have 10 string inverters that are strong. Hackers write code to ping the system and try to find the weak point,” he stated. “So, they’re going to ping them all anyway.”

However, Mantooth said it is certain that some products pose greater risks than others. “One solar inverter manufacturer vs. another will be stronger than another to penetrate,” he explained. “There are no standards on this yet. So, this is to be expected and not meant as a derogatory remark to the industry or solar inverter manufacturers. This is part of the reason the Solar Energy Technologies Office of the Department of Energy is investing in this research. They want to move the industry forward in this aspect as well while holding costs down.”

Research project

The researchers aim to develop next-generation inverters, but they are also considering the possibility of upgrading existing devices at attractive costs. “However, given the lifetime of solar inverters in the field, it might be the case that an upgrade might become part of a replacement, depending on how old the inverters are,” Mantooth said.

Over the next decade, Mantooth said we may start to see inverters that offer a range of smart functions for grid control and stability, as well as grid-connected, grid-forming, and grid-following modes. “Inverters that can work as an ensemble to provide grid functions I listed,” he concluded.

The Multilevel Cybersecurity for Photovoltaic Systems research project secured a $3.6 million award this week from the U.S. Department of Energy Solar Energy Technologies Office. Mantooth is the executive director of the National Center for Reliable Electric Power Transmission, which is the top power-electronics testing facility at any U.S. university.

This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact:


Related content

Elsewhere on pv magazine...

1 comment

  1. The problem is…. we want to HAVE IT ALL…. Security, Flexibility, Acessibility… around the Globe… and also at a “cheap” price.
    A few lessons from the “ultra safety needs of a nuclear plant”… having being invoved in Engineering several of them.

    Computers were ignored, for decades, for the critical control of Nuclear Reactors (before The Internet) because it was virtually impossibe to Design, Assure and then Prove .. . they were “Safe/Fail Safe”. (The CANDU.. Canadian System Reactor Cobtrol Systembdid utilize Computers since the 1960’s… BUT EACH LINE OF CODE WAS OPTIMIZED AND VERIFIED… TO PROVIDE TRACEABILITY AND TRAIL TO MEET QUALITY ASSURNACE REQUIREMENTS. UNLIKE THE “THE BILL GATES MOVEMENT” OF BUYING AND PATCHING TOGETHER “SOFTWARE BLACK BOXES” WITH REDUNDANT CODE(S)…. THE TOTAL MEMORY NEEDED WAS <64K AND USED THE PDP-11 COMPUTER… IF ANY CAN BELIEVE IT). The CANDU Sytem retained "this title" of using a Computer to Control the Reactor… for many many decades… not sure where we are now 60 years later…

    So…. while Industries around The Globe adopted "Computer Control Systems… starting with PLC's and then moving on to "stand alone" systems (no connection to the ourside world)… and now finally with "Full Global Communications" Systems and Capabity, Accessible around the Globe via http://WWW... the Nuclear Industry was "left behind" in this area…. all due to Stringent Safety & Security requirements. Many Industries even resorted to local wireless networks with "SMART" Sensors etc… to avoid "hard wiring/cabling…

    Post 9/11…. I was leading a Security Upgrade at a Nuclear Plant in the USA. To avoid stringent and time consuming Design Change Requirements (95% PAPERWORK… 5% REAL WORK) we wanted to use "wireless technology", but were unable to find ANY VENDOR who could Guarantee us that their System was Unfallible.. Unbreachable etc… (still NO connection to the Global WWW).

    So we were forced to use "hardwiring" increasing the cost of this Security Upgrade to over Hundred Million Dollar.

    Having said all this…. PLC's & Computers had already "creaped into" Nuclear Plants for Alarm Monitoring etc… and via "Non-Critical" Systems… but still NO CONNECTION CAPABILITY (OR THEY WERE DISABLED… REMOVED ETC..) as Industry already adopted "Internet Communications" as a Standard Feature in their Designs and Equipment.
    Now…. we are facing the same/similar situation with the "potential" to Hack, Degrade or Compromise The Electric Grid… Solar Systems/Inverters… and really ALL INDUSTRIES who want full SAFETY but sacrifice it against Flexibility & Accesibility… using not only the surface of the Earth… but Space too… (Satellites for the WWW etc..).

    The ONLY SOLUTION to provide 100% ( why not 1000%..??) Security… Safety… Uncompromisiblity.. Hackfree… etc…. is the Experience and Lesson(s) from our current COVID-19 WAR…..



Leave a Reply

Please be mindful of our community standards.

Your email address will not be published. Required fields are marked *

By submitting this form you agree to pv magazine using your data for the purposes of publishing your comment.

Your personal data will only be disclosed or otherwise transmitted to third parties for the purposes of spam filtering or if this is necessary for technical maintenance of the website. Any other transfer to third parties will not take place unless this is justified on the basis of applicable data protection regulations or if pv magazine is legally obliged to do so.

You may revoke this consent at any time with effect for the future, in which case your personal data will be deleted immediately. Otherwise, your data will be deleted if pv magazine has processed your request or the purpose of data storage is fulfilled.

Further information on data privacy can be found in our Data Protection Policy.

This website uses cookies to anonymously count visitor numbers. To find out more, please see our Data Protection Policy.

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.