| The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification (PIN) to highlight how malicious cyber actors may seek to disrupt power generating operations, steal intellectual property, or ransom information critical for normal functionality to advance geopolitical motives or financial gain within the United States renewable energy industry. With federal and local legislature advocating for renewable energies, the industry will expand to keep pace, providing more opportunities and targets for malicious cyber actors. |
| Historical Cyber Incident Involving the Renewable Energy Industry’s Operations In 2019, a private company, which operates solar assets in the United States, lost visibility into approximately 500 MW of its wind and photovoltaic sites in California, Utah, and Wyoming as a result of a denial-of-service attack that exploited an unpatched firewall. While it was unclear if this specific incident was a deliberate cyberattack targeting this specific company, the incident highlighted the risks posed by a security posture that relies on outdated software. |
| Risks Associated with a Cyber Incident Impacting Solar Infrastructure A cyberattack against a solar panel system—residential or commercial—would likely focus on targeting the system’s operational technology (OT) software and hardware; specifically, malicious cyber actors could attempt to gain control over a solar panel system through the inverters. Inverters are responsible for converting the direct current (DC) energy that the solar panels generate into practical alternating current (AC) electricity. Some inverters have built-in monitoring systems that connect to the Internet, which increases their risk profile. If a malicious cyber threat actor took control of a residential inverter, they could attempt to reduce that solar panel system’s power output or target that home’s battery storage inverter (if one is onsite) to overheat it. |
| While cyberattacks against residential solar infrastructure have been rare historically, malicious cyber threat actors could seek to target microgrids, which local power systems use to operate independently of the larger electrical grid during a power outage. To attain a larger disruption, malicious cyber threat actors could attempt to target inverters at solar farms; however, researchers are working to counter this potential risk through a passive sensor device that can detect unusual activity in the electrical current. |
| This FBI PIN contains threat information, recommendations, and is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. |