SolarPower Europe calls for stronger cybersecurity measures

Share

SolarPower Europe has published a series of recommendations in its latest position paper to establish a harmonized cybersecurity baseline across the solar sector in response to growing concerns over cyberattacks.

Recent modeling from the trade group suggests that digital flexibility solutions would save €32 billion ($34.9 billion) by 2030 and €160 billion by 2040. SolarPower Europe said that at the current level of solar penetration, the risk of cyberattacks remains limited. But it said that future attacks could lead to data theft or manipulation, disrupt power plant operations, and destabilize the electricity system.

“As a future-looking sector – on its way to a majority share in the energy mix – the solar industry is calling on regulators and policymakers that the EU approach translates into a sector-specific, harmonized cyber-preparedness baseline,” it said in the position paper.

SolarPower Europe urged plant operators to manage risks in line with NIS2, the EU’s cybersecurity legislation. It also suggested increasing the granularity of cybersecurity risk assessments, building on the Network Code for Cybersecurity, which requires grid operators to assess risks on the grids. The trade body called for reinforcing product-level cybersecurity through Cyber Resilience Act compliance and a dedicated standard for distributed energy resources.

SolarPower Europe also said that operational solar power plant data should stay within the European Union or in jurisdictions with similar security levels, similar to General Data Protection Regulation (GDPR) regulations. It called for mandatory best practices for large power plants and said the European Union or national governments should introduce a security layer to monitor commands where aggregators and manufacturers centrally coordinate distributed energy resource devices like inverters.

The position paper also urged small-scale PV users and installers to manage their device cybersecurity by setting strong passwords and installing security updates.

SolarPower Europe Deputy CEO Dries Acke called the digitalization of the energy sector a “no-brainer,” but acknowledged it will bring new challenges.

“There are clear steps to be taken on the lower voltage levels, including improving cyber risk assessments, setting a new EU standard for product security for distributed energy resources, and empowering consumers to manage their device security.” Acke said. “Any centrally coordinated or managed devices, for example, aggregated rooftop solar installations, should have an EU or nationally authorised layer of monitoring.”

This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: editors@pv-magazine.com.

Popular content

Waaree Energies approves investment in 300 MW electrolyzer, 3.5 GWh lithium-ion battery cell units
23 December 2024 Waaree Energies' board of directors has approved investment in setting up a 300 MW electrolyzer manufacturing plant and a 3.5 GWh Lithium-ion battery...