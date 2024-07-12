SolarPower Europe has published a series of recommendations in its latest position paper to establish a harmonized cybersecurity baseline across the solar sector in response to growing concerns over cyberattacks.

Recent modeling from the trade group suggests that digital flexibility solutions would save €32 billion ($34.9 billion) by 2030 and €160 billion by 2040. SolarPower Europe said that at the current level of solar penetration, the risk of cyberattacks remains limited. But it said that future attacks could lead to data theft or manipulation, disrupt power plant operations, and destabilize the electricity system.

“As a future-looking sector – on its way to a majority share in the energy mix – the solar industry is calling on regulators and policymakers that the EU approach translates into a sector-specific, harmonized cyber-preparedness baseline,” it said in the position paper.

SolarPower Europe urged plant operators to manage risks in line with NIS2, the EU's cybersecurity legislation. It also suggested increasing the granularity of cybersecurity risk assessments, building on the Network Code for Cybersecurity, which requires grid operators to assess risks on the grids. The trade body called for reinforcing product-level cybersecurity through Cyber Resilience Act compliance and a dedicated standard for distributed energy resources.

SolarPower Europe also said that operational solar power plant data should stay within the European Union or in jurisdictions with similar security levels, similar to General Data Protection Regulation (GDPR) regulations. It called for mandatory best practices for large power plants and said the European Union or national governments should introduce a security layer to monitor commands where aggregators and manufacturers centrally coordinate distributed energy resource devices like inverters.

The position paper also urged small-scale PV users and installers to manage their device cybersecurity by setting strong passwords and installing security updates.

SolarPower Europe Deputy CEO Dries Acke called the digitalization of the energy sector a “no-brainer,” but acknowledged it will bring new challenges.

“There are clear steps to be taken on the lower voltage levels, including improving cyber risk assessments, setting a new EU standard for product security for distributed energy resources, and empowering consumers to manage their device security.” Acke said. “Any centrally coordinated or managed devices, for example, aggregated rooftop solar installations, should have an EU or nationally authorised layer of monitoring.”