SolarPower Europe Sets Unified Cybersecurity Standards For PV

Highlights :

  • Key recommendations include establishing governance and risk management systems to bolster network and information security (NIS) requirements under Directive 2, enhancing risk awareness in the EU
SolarPower Europe Sets Unified Cybersecurity Standards For PV SolarPower Europe Sets Unified Cybersecurity Standards For PV

Digitalization in the energy sector offers significant opportunities for Europe. It can enhance power plant efficiency and provide flexibility in managing decentralized energy resources.

According to SolarPower Europe’s recent report, digital flexibility solutions could potentially save 32 billion EUR by 2030 and 160 billion EUR by 2040. The report aims to establish a unified cybersecurity standard for solar PV, streamlining practices to mitigate risks associated with technological advancements, such as cybersecurity threats. Highlighting these risks, the report identifies parallels with other sectors like automotive, electricity grids, wind energy, and non-renewable power plants.

Cyberattacks pose serious threats, including data theft or manipulation, disruption of power plant operations, and destabilization of the electricity grid. Despite the current low risk posed by solar penetration, no significant incidents have been reported to date. Many companies already implemented robust security measures to withstand cyber threats. The EU has adopted stringent cybersecurity and data protection regulations. However, as the solar industry evolves towards a dominant position in the energy mix, stakeholders urge regulators and policymakers to ensure sector-specific cybersecurity preparedness aligned with EU standards. The position paper outlines recommendations for implementing comprehensive security measures across the sector.

For SolarPower Europe, these recommendations are detailed in their published document. A summary of policy suggestions is provided below for reference, with emphasis on their integration within the broader context of the paper.

Key recommendations include establishing governance and risk management systems to bolster network and information security (NIS) requirements under Directive 2, enhancing risk awareness in EU and national frameworks, and promoting secure product development through compliance with the Cyber Resilience Act (CRA) and specific standards for distributed energy resources.

Furthermore, the report advocates for maintaining strict control over data handling, ensuring compliance with GDPR for personal data and operational PV plant data stored within the EU or in jurisdictions upholding equivalent security standards.

The report also proposes mandatory best practices for securing large power plants and advocates for the implementation of a cybersecurity baseline by standardization bodies for small, IT-connected, remote-controlled distributed energy resources.

To enhance cybersecurity monitoring, the report recommends the introduction of security measures overseeing commands managed by aggregators and manufacturers for distributed energy resource devices like inverters.

Lastly, the report encourages users and installers of small-scale PV installations to adopt cybersecurity practices, such as setting strong passwords and installing security updates, to manage the security of their devices effectively.

"Want to be featured here or have news to share? Write to info[at]saurenergy.com
      SUBSCRIBE NEWS LETTER
Scroll