Cybersecurity: the increasing importance of an efficient strategy
As solar energy accounts for an increasing share of the power supply, manufacturers of photovoltaic (PV) installations must prioritize cybersecurity. This focus is essential to protect against cyber threats and hacking, ensuring both the reliability of energy supply and compliance with regulatory standards. A Security Operation Centre (SOC) that runs 24/7, data encryption, anomaly detection and endpoint security: these are just some of the many features of SMA’s cybersecurity strategy.
In the landscape of solar energy, cybersecurity has emerged as a critical concern. The increasing energy yield from PV installations makes them an attractive target for hackers. It is also clear that more and more hacker attacks appear to enjoy government backing. Security experts are therefore increasingly being challenged by ‘state’-sponsored hackers with almost unlimited resources. This leads to an ever-increasing interest in cybersecurity among PV-project developers, operators and investors. Separate cybersecurity clauses are now standard in contracts. In fact, contracts covering dozens or even hundreds of pages on cybersecurity are no longer the exception.
A holistic cybersecurity policy
With Sunny Portal powered by ennexOS, SMA operates its own PV monitoring platform managed and operated in Germany. More than 900,000 connected PV installations ranging from 1 kilowatt peak to 60 megawatt peak make it the largest PV monitoring portal in Europe. In order to block access attempts to the portal servers, SMA has set up its own monitoring processes that use several cybersecurity indicators. To secure all internal IT operations SMA employs a large number of IT specialists. SMA has its own Security Operation Centre (SOC) to guarantee security 24/7. While this is expensive, it is also critical for SMA as one of the major inverter manufacturers. The fact that SMA is a German manufacturer is an added bonus for our customers because specific German legislation governing cybersecurity – the IT Security Act 2.0 – is ahead of new European cybersecurity legislation such as the Network and Information Security (NIS) Directive 2 and the Cyber Resilience Act. The IT Security Act 2.0 ensures that SMA as a manufacturer checks that all equipment we deliver is adequately protected against hackers.
SMA’s cybersecurity policy includes everything from cooperation with national cybersecurity authorities through to risk assessments and participation in international working groups. The actual protection of PV installations equipped with SMA inverters involves multiple security layers. Firewalls represent the first layer – in relation to the internet connection. Encryption represents another layer. All the data sent by inverters and data loggers are encrypted. Many hackers use intercepted data to gain access to IT systems, but if that data is encrypted, an IT system cannot easily be hacked.
Security monitoring and anomaly detection represent another layer. Intrusion detection and prevention systems enable us to quickly track down malicious individuals. All our devices are equipped with endpoint security. This makes it harder for malware to breach PV devices.
A joint effort for more security
SMA has made it impossible to commission inverters without changing the password. By default, inverters and dataloggers can be updated with new firmware. The updates can be carried out automatically and remotely. This emphasises the importance for installers to activate automatic firmware updates when they commission an inverter.
SMA has installed a Product Security Incident Response Team (PSIRT) and a protocol outlining how they should respond in the event of an incident. Source code is subject to automated and manual checks based on the principle of dual control. All SMA staff undergo regular training by the IT and cybersecurity staff.
Collaboration with independent security researchers is also a crucial element. SMA’s products and services are regularly subjected to vulnerability tests by a variety of security researchers. The findings of these tests are used to improve the products, initiate countermeasures, and proactively implement new procedures.
In conclusion, SMA’s robust cybersecurity policy not only ensures the protection of its systems but also serves as a significant advantage for installers when engaging with end customers. As cybersecurity threats continue to evolve, SMA remains at the forefront, demonstrating unwavering commitment to safeguarding its technology and ensuring peace of mind for all stakeholders. With a comprehensive approach to cybersecurity, SMA sets a high standard in the solar energy industry, reaffirming its position as a trusted leader in innovation and security.
Interested in learning more about cybersecurity at SMA?
Feel free to contribute!
Thanks for your question or comment. Due to the holiday season we won’t be able to give you an answer before January 2nd. Thanks for your understanding.