Solar Power Infrastructure Faces Critical Cybersecurity Vulnerabilities

Recent research has uncovered alarming security vulnerabilities in solar power infrastructure, with approximately 35,000 solar power systems currently exposed to internet-based threats. Researchers at Forescout identified 46 new vulnerabilities across three major manufacturers that could potentially destabilize power grids.

The convergence of Information Technology (IT) and Internet of Things (IoT) enabled operational technology in solar installations has created significant security risks for energy providers, marking a crucial shift from traditional air-gapped power generation systems to connected "smart grid" infrastructure.

Growing Threat Landscape

The severity of these vulnerabilities became apparent in 2024 when attackers hijacked 800 SolarView Compact devices in Japan for banking fraud operations. The number of exposed SolarView Compact devices has increased dramatically, rising 350% from 600 in 2023 to nearly 3,000 in 2025.

Organizations must implement comprehensive threat management strategies for critical infrastructure to address these emerging risks.

The research reveals particularly concerning statistics about supply chain vulnerabilities:

• 53% of solar inverter manufacturers are based in China
• 58% of storage system providers are Chinese-based
• None of the observed compromised devices were running latest firmware versions

Critical Infrastructure Impacts

Solar installations represent a perfect storm of security challenges, where internet-connected components create multiple attack vectors. Potential threats include:

• Remote system shutdowns
• Modified power output causing grid destabilization
• False data injection into monitoring platforms
• Integration into botnets for distributed attacks

Daniel Henderson, Chief Security Researcher at Forescout, explains: "What makes energy infrastructure threats particularly concerning is their ability to allow coordinated attacks that have an amplified impact. Attackers need to control only a small percentage of solar inverters to trigger emergency grid responses or unplanned load shedding procedures."

Security Recommendations and Future Implications

Security experts recommend several critical measures to protect solar infrastructure. Organizations should begin with a thorough cybersecurity risk assessment of power infrastructure before implementing additional protective measures:

• Implement network segmentation to isolate solar systems
• Require unique, strong passwords and disable default accounts
• Conduct regular risk assessments with continuous monitoring
• Follow NIST guidelines for smart inverter cybersecurity
• Maintain comprehensive inventory of infrastructure components

The lessons learned from solar infrastructure vulnerabilities serve as a crucial warning for other sectors connecting critical assets to networks. As our power infrastructure becomes increasingly connected, the importance of robust cybersecurity measures cannot be overstated.

For more detailed information on this topic, interested parties can attend the SecureWorld Critical Infrastructure virtual conference scheduled for August 28, 2025.