Why cybersecurity in solar PV systems matter

10 Jun 26

“The solar revolution brings not only clean energy but also energy that is digital and connected” – Uri Sadot– SolarPower Europe

As technology advances, more operational technology (OT) devices — such as solar PV inverters — are becoming cloud-native. These devices can be connected remotely, measured digitally, and continuously send data to the cloud for monitoring and performance optimisation.

While this increased connectivity makes data more accessible and systems easier to manage, it also introduces new cybersecurity risks. Cloud-based systems can be vulnerable if they are not properly secured, potentially allowing hackers to access or manipulate solar installations.

In this blog, we explore what cyberattacks are, how they can affect your solar PV system, how to protect your installation, and what our suppliers are doing to keep customers safe.

What are cyberattacks?

A cyberattack is a deliberate attempt to breach computer systems or networks to steal, alter, disrupt or destroy data. Cyberattacks come in different forms and can appear ordinary. Common examples include:

Phishing Emails – Phishing emails are messages pretending to be from a legitimate source to trick you into revealing sensitive information or clicking on a link that can install viruses.

Outdated Software – A hacker can take advantage of the system’s known vulnerabilities and create a code to attack it.

Cyber-Physical System (CPS) Attacks – These attacks exploit vulnerabilities in systems where digital networks are closely integrated with physical components. By combining IT breaches with knowledge of the physical system, attackers can cause real-world disruption.

With the growing use of smartphones, tablets, and laptops by system owners and installers, the number of potential entry points has increased. Apps, SMS messages, and social media platforms used on these devices can all be exploited to gain unauthorised access.

Why cybersecurity matters: risks and consequences

As solar installations continue to rise and technologies become more advanced, cybersecurity risks grow alongside them. A cyberattack on a solar PV system can allow attackers to intercept or manipulate data.

Unauthorised changes or communications — known as cyber-physical security breaches — can result in altered voltage levels or electrical currents, potentially damaging equipment or disrupting energy supply.

Hackers can embed code into the inverter system which can spread malware. There have been cases where energy production was disrupted or access to systems was denied altogether. In some instances, compromised solar systems have acted as gateways to other connected household devices, such as smart speakers, cameras, locks, and appliances — enabling wider network attacks.

Real-World Case Studies

Recent large-scale incidents highlight the growing cyber threat to energy infrastructure:

Denmark (2023)

In 2023, 22 Danish energy companies were breached in a few days. The attacks targeted facilities, but ordinary Danish citizens were not affected. The cyberattack came in waves by multiple groups and through different tools and techniques but the one thing they had in common is the manufacture used.

Read the full story, here.

Japan (2024)

Japanese media reported that hackers hijacked approximately 800 compact remote monitoring devices at solar power generation facilities. While the attackers appeared to be financially motivated rather than targeting grid operations, experts warned that the compromised systems could have been exploited further.

Read the full story, here.

How to prevent cyberattacks

Practicing basic cyber hygiene tasks reduces the risk of attacks. These practices protect your devices and data by patching vulnerabilities and make systems less attractive to hackers:

  1. Use strong passwords and change them regularly. Enable two-factor authentication (2FA) wherever possible.
  2. Keep software up to date by installing updates for operating systems, apps, browsers, and inverter firmware.
  3. Install antivirus or anti-malware software on all connected devices.
  4. Secure your Wi-Fi network by using strong encryption (such as WPA3) and changing default router passwords.
  5. Be phishing-aware — avoid clicking suspicious links or downloading attachments from unknown senders.

Choosing secure solar technology

Whilst it’s important to practice basic cyber hygiene, it’s equally important to choose equipment from manufacturers that prioritise cybersecurity:

  1. Reputable brands with a proven track record of addressing security vulnerabilities quickly and transparently.
  2. Commitment to long-term software support, including regular firmware updates and automatic patching where possible.
  3. Clear privacy and data protection policies explaining how customer data is stored and used.
  4. Independent certifications, such as ISO 27001, the international standard for Information Security Management Systems (ISMS), which demonstrates a systematic approach to protecting sensitive data.

Our commitment to keeping you safe

At Wind & Sun, we believe cybersecurity is a collective responsibility and spreading awareness and encouraging good cyber hygiene practices is only part of the process.

We are proud to hold the Cyber Essentials certification, a UK government-backed scheme that helps organisations protect themselves against cyber threats. This demonstrates that we have independently included procedures that safeguard our systems, data, and communications. For our customers, this means:

  • We follow recognised cybersecurity practices.
  • Our internal systems are protected
  • Sensitive data is handled securely
  • We actively manage risk through structured security controls

Beyond the certification, we:

  • Work with manufacturers that prioritise secure product design
  • Stay informed about emerging cyber risks affecting the renewable energy sector
  • Promote good cyber hygiene practices to installers and system owners
  • Encourage regular firmware updates and secure configuration of installed systems.

As solar technology becomes more connected, protecting digital infrastructure is just as important.

Our supplier’s commitment to keeping customers safe

We work exclusively with leading manufacturers that treat cybersecurity as a core part of product design — not an afterthought. From secure data handling to ongoing software updates, our suppliers invest heavily in protecting both system performance and customer data.

Fronius

“Our products meet the highest security standards, with full-time experts ensuring protection against unauthorised access and safeguarding operational data.” Fronius designs its products to meet the highest cybersecurity standards, supported by dedicated in-house security experts who continuously monitor and protect systems from unauthorised access. Customer data is stored exclusively on European servers, ensuring compliance with strict EU data protection regulations. In 2022, Fronius achieved ISO 27001 certification, demonstrating a structured and independently verified approach to information security. The company has also proposed an Inverter Security Toolbox, modelled on the 5G Security Toolbox, to help strengthen secure access to Europe’s electricity grid.

Read more about Fronius' cybersecurity commitments, here.

SMA

SMA takes a layered approach to cybersecurity, recognising the growing complexity of today’s decentralised energy systems. The ISO 27001 certified manufacturer uses encrypted communication, anomaly detection, and regular firmware updates to protect solar installations throughout their lifecycle. SMA also emphasises that cybersecurity is a shared responsibility between manufacturers, installers, and system owners. Regular updates and correct system configuration play a critical role in maintaining long-term protection.

Read more about SMA's cybersecurity commitments, here.

BYD

With a 'Privacy First' approach, BYD integrates robust data encryption and strict compliance tracking directly into its energy storage systems to protect user data and system integrity.

BYD takes a comprehensive approach to cybersecurity across its entire product ecosystem, treating data security and system privacy as core engineering requirements rather than add-ons. The ISO 27001-certified company utilises local processing for critical hardware commands alongside industry-leading encryption protocols for any data transmitted via their cloud apps.

As a massive global manufacturer, BYD aligns its digital framework with top-tier international standards—including stringent data privacy regulations—and actively implements over-the-air (OTA) secure firmware updates to ensure that their smart energy storage units remain thoroughly protected against evolving modern threats.

BYD ISO 27001 certificate

Share