Cybersecurity as a key for the energy transition
In the summer of 2022, the European solar industry was shaken up by a security incident. A hacker took advantage of a weak spot in the observation platform of the Chinese company Solarman and gained access to about 42,000 PV inverters in the Netherlands. This incident also alerted SMA, but did not worry SMA Information Security Manager Marek Seeger too much.
Portrait Marek Seeger. Photo: Heiko Meyer
Solar energy has become one of the most important sources of our energy supply worldwide. It supplies households and businesses with clean energy and stabilizes the grid with decentralized battery storage systems. Solar energy is increasingly gaining importance due to rising energy demands because of electrification, AI and electric vehicles as well as state-run sustainability initiatives. Additionally, geopolitical events such as the conflict between Russia and Ukraine and the tense situation in the Middle East contribute to this. This is a good development in terms of climate protection, but also raises concerns about the data security of PV systems.
“Our high cybersecurity standards are a decisive advantage in meetings with customers and strengthen our position as market leader in the solar industry.”
Marek Seeger
Who has access to inverters and data traffic?
Inverters as the key component of each solar system convert the energy generated by the PV modules into usable electric current. Furthermore, they establish the electrical connection between the PV system and the utility grid of the household or business as well as the public grid. In addition, there are numerous IT functions and the IT communication that an inverter usually provides. For homeowners, business owners or grid operators, it is therefore important to know who has access to these systems. If inverter and PV system manufacturers do not take the issue of cybersecurity seriously, they make it easy for hackers, who, in the worst case, could trigger coordinated, even serious, incidents with international consequences.
ISO-27001 certification attests SMA highest security standards
Sunny Portal is part of the certified scope—which is organized as a modern Development-Security-Operation (DevSecOps) team—and all areas and processes necessary for operations (company management, HR, corporate IT, purchasing, etc.). Now, with the ISO 27001 certification the compliance with highest security standards is confirmed. SMA customers use the Sunny Portal powered by ennexOS to install systems. The portal developed and operated in Germany, connects about one million PV systems and is the largest photovoltaics monitoring portal in Europe.
Certified data security: Serak Rezane (from left), Olaf Ausburg, Eileen Beyer and Marek Seeger, are proud of the TÜV certificate.
Data storage and processing in Germany
“Everyone is probably aware of the fact that attempted attacks happen all the time,” said Seeger. “At SMA, we constantly develop our security strategy and ensure the continuous optimization of data security. This is also necessary in light of the increasingly strict regulations worldwide. The ISO 27001 certificate proves that we really take the issue seriously and are professionally positioned.”
The team headed by Seeger is especially proud that SMA can guarantee data storage and processing in Germany— a particular concern for more and more customers. “Germany rightly enjoys a high reputation in regards to data protection and data security—all around the world,” said Seeger.
Feel free to contribute!