FBI: Renewable energy systems vulnerable to cyber attacks

The FBI has issued an official alert to the public about the potential for malicious cyber actors to disrupt power generation, steal intellectual property, or hold critical information for ransom within the U.S. renewable energy sector.

The warning comes as federal and local governments increasingly advocate for renewable energies, expanding the industry and creating more opportunities for cyber threats.

According to the FBI, a 2019 incident underscored these risks when a private company lost visibility into approximately 500 megawatts of its wind and photovoltaic sites across California, Utah, and Wyoming due to a denial-of-service attack exploiting an unpatched firewall.

A denial-of-service attack is a cyber assault aimed at overwhelming a network, service, or server with excessive traffic to render it unavailable to legitimate users.

"A cyber attack against a solar panel system—residential or commercial—would likely focus on targeting the system’s operational technology (OT) software and hardware,” the notification said. “Specifically, malicious cyber actors could attempt to gain control over a solar panel system through the inverters."

Some inverters have built-in monitoring systems connected to the internet, increasing their risk, the FBI said. A malicious actor gaining control of an inverter could potentially reduce power output or cause a home’s battery storage inverter to overheat.

Historically, cyber attacks on residential solar infrastructure have been rare, but the growing adoption of renewable energy increases the risk.

Other targets might include microgrids, local power systems that can operate independently during outages, or larger solar farms, according to the notification.

The drive toward renewable energy has accelerated due to cost reductions and government incentives.

The Inflation Reduction Act signaled a federal push for renewable energy options across U.S. municipalities. By late 2023, renewable energy accounted for about 21% of U.S. electricity generation, prompting consumers to reduce fossil fuel consumption through new tax incentives.

Federal agencies, including the Department of Defense, the largest energy consumer within the U.S. government, are increasingly sourcing energy from local electric grids.

Local initiatives also reflect this trend, according to the notification.

The Metropolitan Washington Council of Government aims to install 250,000 solar rooftops by 2030, according to the FBI.

Virginia set ambitious goals for its energy production, aiming to achieve 5,500 megawatts of wind and solar energy by 2028, powering 30% of its electric system with renewable energy by 2030, and ensuring 100% of its electricity comes from carbon-free sources by 2050.

In response, researchers are developing passive sensor devices to detect unusual electrical activity and counter such threat.

By detecting deviations from normal patterns or unexpected fluctuations in electrical activity, these sensors can effectively identify potential cyber intrusions or unauthorized access attempts targeting the system's functionality.