Strengthening Cybersecurity in Solar and Energy Storage Systems

solar cybersecurity energy storage security grid resilience cyber threats NERC-CIP compliance
Edward Zhou
Edward Zhou

CEO & Co-Founder

 
October 8, 2025 3 min read

TL;DR

This article covers the cybersecurity challenges facing solar and energy storage systems, emphasizing the importance of robust security measures and compliance with industry standards. It highlights best practices for mitigating risks and ensuring the resilience of the energy grid against sophisticated cyber threats.

Solar and Storage Cybersecurity

Solar and energy storage technologies are crucial for meeting rising electricity demand. In 2024, solar and storage accounted for 84% of new grid capacity additions, with a reported 82% in the first half of 2025 according to SEIA and Wood Mackenzie’s Solar Market Insight Report. The increasing digital connectivity of the grid necessitates prioritizing cybersecurity to protect against unauthorized access and disruptive attacks from various threat actors.

Threats to critical infrastructure have become more common and sophisticated, with state-sponsored groups targeting sectors such as telecommunications and energy. For instance, Chinese advanced persistent threats and cyber actors from Russia and Iran have focused on the energy sector. SEIA emphasizes the importance of developing and implementing cybersecurity best practices throughout the industry to protect solar systems.

Cybersecurity in Solar Energy
Image courtesy of Energy Storage News

To effectively mitigate risks, stakeholders must focus on securing the supply chain, as the complexities and global sourcing of components increase vulnerability. Recent findings of undocumented communications devices in solar technologies underscore the need for robust cybersecurity measures.

SEIA, in collaboration with organizations like the North American Reliability Corporation (NERC) and the U.S. Department of Energy, has created a comprehensive list of security recommendations for large-scale solar inverter-based resources. The National Association of Regulatory Utility Commissioners (NARUC) has also partnered with DOE to establish cybersecurity baselines for electric distribution systems.

Challenges in Energy Storage Cybersecurity

Cybersecurity threats have surged in the energy sector, with a 70% increase in cyberattacks on U.S. utilities within the past year. The North American Electric Reliability Corporation (NERC) highlights the necessity for energy storage technologies to adopt robust security management controls. These controls must also include regular system monitoring and incident response protocols to safeguard against unauthorized access.

EVLO, a prominent provider of battery energy storage solutions, outlines the diverse threats faced by energy storage systems, including ransomware attacks and operational disruptions. The compliance with NERC-CIP standards is vital for battery energy storage systems (BESS) to maintain system reliability.

Utilities must also layer compliance with additional security standards, such as NIST and ISO 27001, to enhance BESS security. EVLO’s proprietary EVLOGIX system is designed to meet NERC-CIP standards and incorporates high-grade encryption and secure code management.

!Energy Storage System
Image courtesy of Energy Storage News

To strengthen cybersecurity, it is essential for BESS suppliers to ensure component quality through reputable supply chains. Rigorous testing of software updates and configurations must be conducted to identify vulnerabilities before deployment. EVLO engages in extensive real-world testing to simulate cyber threats and refine system defenses.

Regulatory Landscape and Future Directions

The current regulatory framework is evolving to include solar energy systems under cybersecurity mandates. Solar generators must prepare for the impending regulations, such as those from the NERC, which are poised to enforce stricter cybersecurity measures. This preparation includes conducting vulnerability assessments to identify potential threats and prioritize mitigation strategies.

Solar organizations need to adopt a proactive approach to cybersecurity by implementing redundancy within their operational technology (OT) systems. This approach not only protects against cyber threats but also ensures operational reliability. By leveraging monitoring and software capabilities, organizations can establish remote security operations centers, optimizing cybersecurity management even in remote locations.

As the industry moves towards a more secure future, organizations must embrace predictive and adaptive cybersecurity solutions. EVLO is exploring how AI and machine learning can enhance real-time anomaly detection in their systems, ensuring rapid response to emerging threats.

For ongoing updates and resources, stakeholders are encouraged to follow SEIA’s initiatives on cybersecurity and related best practices for enhancing the resilience of solar and energy storage systems.

Edward Zhou
Edward Zhou

CEO & Co-Founder

 

CEO & Co-Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions..

Related Articles

Kansas cybersecurity

Cybersecurity Weaknesses Identified in Kansas Government Audit

Explore significant cybersecurity weaknesses across Kansas government agencies, revealing the urgent need for effective measures to protect against cyberattacks.

By Edward Zhou October 8, 2025 3 min read
Read full article
AI-native SOC

Revolutionizing Cybersecurity: The Impact of Agentic AI

Discover how generative and agentic AI are reshaping cybersecurity operations, enhancing threat detection, and driving team efficiency. Learn more!

By Edward Zhou October 8, 2025 3 min read
Read full article
CISA 2015

Congress Lets Key Cybersecurity Law Expire, Risks US Networks

Explore the impact of CISA 2015's expiration on U.S. cybersecurity collaboration and the urgent need for legislative action to protect against emerging threats.

By Edward Zhou October 8, 2025 3 min read
Read full article
Pentagon

Pentagon Reduces Cybersecurity Training Amid Workforce Cuts

The Pentagon has ordered cuts to cybersecurity training to enhance military focus. Discover the implications for national security and personnel preparedness.

By Edward Zhou October 8, 2025 4 min read
Read full article