The European solar sector has proposed new recommendations to help EU policymakers mitigate cybersecurity risks.
Solar PV systems are digitalised, with more and more connected to the internet via inverters.
A new report, produced by DNV, and commissioned by SolarPower Europe, performs a comprehensive risk assessment for the sector.
To return to a ‘low’ risk category for cybersecurity, the report recommends two overarching solutions.
The first recommendation is for EU policymakers to develop and mandate industry-specific cybersecurity controls for securing remote-controlled solar PV infrastructure.
The second would introduce new rules that keep the control of relevant solar systems via inverters within the EU or jurisdictions that can provide an equivalent level of security.
On the second solution, the report recommends following an approach similar to GDPR rules, where control of aggregated distributed devices, like small-scale rooftop solar systems, should only take place in regions judged equivalent in security to the EU.
This should be implemented through the EU NCCS or another new fast-track procedure, the report said.
High-risk entities would then be required to develop cyber solutions which would be monitored and approved by the competent authorities.
SolarPower Europe chief executive Walburga Hemetsberger said: “Like any technological revolution, digitalisation presents incredible opportunity, for example, energy system cost savings of €160bn per year.
“It also comes with new challenges, like cybersecurity. We didn’t need anti-virus protection for a typewriter – but we do need it for our laptops.
“As a responsible, forward-looking sector, we have mapped the cybersecurity challenge, and we’re rising to meet it with clear, comprehensive solutions.”
