DER - Solar

The SolarSnitch is here to save DERs from cyber-attacks

The SolarSnitch is here to save DERs from cyber-attacks
(Credit: Dennis Schroeder / NREL )

Distributed energy resources (DER) are emerging all over the grid edge, and having the ability to communicate with grid edge devices and equipment is becoming more important. However, this also means a threat vector is growing, and one that could impact grid stability.

A new technology developed by Sandia National Laboratories, called SolarSnitch, aims to address this emerging cybersecurity gap by securing photovoltaic (PV) communications within DER systems at the grid edge. It uses inspection tools to analyze cyber and physical data in PV smart inverters and custom machine learning (ML) algorithms to detect potential cyber-attacks.  

SolarSnitch is one of 50 clean energy projects selected in the Fiscal Year 2024 Technology Commercialization Fund (TCF) Base Annual Appropriations Core Laboratory Infrastructure for Market Readiness (CLIMR) lab call. These CLIMR lab call projects, coordinated by the Department of Energy’s (DOE) Office of Technology Transitions and funded by several DOE program offices, are dedicated to advancing technologies and strengthening existing practices to deliver innovative clean energy solutions to the market.  

SolarSnitch is a distributed bump-in-the-wire solution for protecting PV smart inverter communications. Both cyber and physical data are automatically processed using deep packet inspection tools and custom machine learning (ML) algorithms to detect abnormal events and correlate cyber-physical events.

For maturing SolarSnitch and readying it for commercialization, DOE said further focus on the development of behavior-based techniques is needed to assess robust performance for an array of scenarios and increase detection accuracy. Specifically, ML robustness/assuredness improvements are needed for SolarSnitch’s adaptive resonance theory artificial neural network (ART-ANN) implementation for detecting abnormal events.

Submit a case study! We want to hear about what you’re working on. Submit a case study with the chance to be featured in Renewable Energy World

There are three focus areas for ML robustness, robustness to common data integrity issues, robustness given the array of possible grid topologies, and robustness given a variety of malicious activity such as data poisoning and other attack scenarios. Therefore, under the proposed DOE TCF project, these ML improvements, flexible software container development, and testing within realistic environments with project utility partners will greatly improve SolarSnitch’s maturity and deployment readiness. 

The funding for SolarSnitch, awarded by DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and the Energy Efficiency and Renewable Energy’s Solar Energy Technologies Office (SETO), will help mature the technology and ready it for commercialization. Over the next 24 months, project partners will be able to conduct ML-focused testing of the SolarSnitch solution within multiple real-world environments, enhancing its maturity, detection accuracy, and deployment readiness.   

Last month, the Federal Bureau of Investigation (FBI) released a notice warning that the growing prevalence of renewable energy resources could mean more avenues of attack for malicious actors.

Malicious actors could seek to disrupt power generating operations, steal intellectual property, or ransom information critical for normal functionality to “advance geopolitical motives or financial gain” by targeting the renewable energy industry, the FBI said. With federal and local legislature incentivizing more renewables adoption, attackers will get more opportunities for disruption.

Cyber attacks against residential solar systems have been historically rare, the FBI said, but attackers could target microgrids or inverters at solar farms to create disruptions.

The FBI highlighted one incident in 2019 when an unnamed private solar operator in the U.S. “lost visibility” into around 500 MW of wind and solar sites in California, Utah, and Wyoming after a denial-of-service attack exploited an unpatched firewall. Although it was not determined whether that incident was a deliberate cyberattack targeting a specific company rather than a target of opportunity, the FBI said the incident “highlighted the risks posed by a security posture that relies on outdated software.”

If someone wanted to conduct a cyber attack on either a residential or commercial solar system, they would likely target the system’s operational technology (OT) software and hardware, the FBI said, to gain control over the system through the inverters. Some inverters have internet-connected monitoring systems, which poses an even higher risk.