As cyberattacks against energy infrastructure rise in Europe, the urgency for enhanced cybersecurity in the solar energy sector has become paramount.

The report highlights that compromising 3 GW of solar generation capacity could significantly disrupt Europe's power grid, underscoring the need to secure even small-scale installations.

Connected rooftop solar systems, while individually low-risk, can collectively pose significant risks that affect overall power system efficiency.

Among the 14 risk areas evaluated, five are categorized as medium risk, six as high risk, and three as critical risk, based on their potential impact and likelihood.

Utility-scale solar installations benefit from better security management and are covered under the NIS2 Directive, whereas small-scale rooftop systems often lack stringent cybersecurity regulations.

The report assesses risks associated with inverter controls, finding that utility-scale installations generally offer more security compared to smaller rooftop systems.

Key risks identified include insecure inverters, supply chain vulnerabilities from installers and manufacturers, and threats to grid stability from cyberattacks targeting solar capacity.

Cyber threats are now extending to distributed solar resources like rooftop photovoltaic systems, which typically lack the cybersecurity measures found in larger utility-scale plants.

Despite facing cyberattacks, the solar sector's incidents are less severe than those in other energy sectors, which frequently encounter threats such as ransomware and industrial espionage.

Walburga Hemetsberger, CEO of SolarPower Europe, emphasizes the importance of cybersecurity in solar systems, likening it to the transition from typewriters to laptops.

The report suggests that implementation of cybersecurity solutions should occur through the EU NCCS or a new fast-track procedure to ensure timely action.

The report calls on the European Commission to swiftly adopt these cybersecurity recommendations and integrate them into the Network Code for Cybersecurity (NCCS) to ensure compliance among manufacturers and service providers.