As renewable energy sources become more widespread, the importance of power plant safety is increasing rapidly. According to a research done, the security vulnerabilities in solar power plants may be open to attack to the electric networks. It was reported 21 security vulnerabilities in inverters produced by the German solar energy material supplier company SMA. According to the research, the vulnerities in the panels can cause serious damage to solar energy plants. Such an attack could cause long-term power outages. For example, when there is a surplus of power there can be a breach on another facility.
PwC Turkey’s “Energy Sector Digital Conversion”, a note that considers an increase in attacks on control systems in the energy sector, said that in the last 5 years there was an increse of 53% of cyber attacks to solar power plants. According to a study conducted by Ernst&Young, 66% of business executives in the energy distribution sector are expecting an increase in their cyber security budgets over the next 12 months. Here also consultancy firms can be helpful. EY Turkey Energy Sector Group Chairman Erkan Baykuş said that the sector in the spread of information technology, digital device environment into nested companies that bring new competencies, “In today’s environment the moving of the ciber security to the upper ranks in budget planning is among the most important investments of the future of a energy sector company”.
An important initial step for understanding the cyber risks of a solar plant is to conduct a full inventory of software and hardware vulnerabilities, Jon Franzino, Director of Grid Security at Grid Subject Matter Experts (GridSME), said. This inventory allows operators to build the cyber security strategy which suits the plant specifications, he said. “You don’t need a gold-plated system everywhere, but you do need to look at this from a risk perspective,” he said. Before the hand over from construction to operations, owners should look to acquire full cyber security documentation from the EPC company, including the latest configuration backups and server images of the systems, Franzino said. If this is not provided by the EPC, a bill of materials can be a good starting point to build a cyber security program, he said.
Many consultancy firms, energy firms and EPC firms around the world are trying to focus, make studies and developments on this situation. Cyber security could effect consumers directly, also the country. Because a vulnerable energy network can let the attackers control the whole electricity system. In Turkey, which has a very big potential of renewable energy, also can be open to these attacks.
Conexio Consulting and its energy division (www.conexioenergy.com) is providing studies on cyber security of energy plants. Conexio can support you with the wide consultancy experience on energy sector in Turkey against these potential threads.