More than 130,000 photovoltaic monitoring and diagnostic solutions are accessible from the public internet, which could make them susceptible to cyberattacks, threat intelligence firm Cyble says.
These solutions are used in the solar industry to gather real-time data on the efficiency and operations of photovoltaic installations, and are connected to the electric grid, enabling operators to manage the integration of photovoltaic systems with the grid.
Considered critical components of the systems, these monitoring and diagnostics solutions represent a wide attack surface that threat actors could target to impact grid operations.
Photovoltaic systems use IT and networking infrastructure for monitoring, control, remote diagnostics, and power management, which makes them susceptible to the same risks and types of cyberattacks that any internet-exposed critical infrastructure is prone to.
“A cyberattack on PV diagnostic and monitoring systems might have serious consequences for distributed energy resources (DER), including reduced energy production, system instability, physical asset damage, and unique cybersecurity challenges,” Cyble notes.
According to Cyble, the risks can include vulnerabilities, misconfigurations, and compromised endpoints.
The use of outdated firmware, Cyble notes, could turn monitoring solutions into easy targets for threat actors, especially since vulnerabilities in these solutions are not uncommon, and, in some cases, proof-of-concept (PoC) code targeting them has been made public.
Misconfigurations such as the use of default credentials, improper access control and network segmentation, insecure communications, and others can be exploited by threat actors to gain access to ICS environments.
Malware-infected computers from which access credentials can be extracted, Cyble notes, represent another threat to photovoltaic monitoring solutions.
The internet-accessible photovoltaic monitoring systems, Cyble points out, are not necessarily prone to cyberattacks, but their large number does show the significant attack surface that threat actors may exploit.