Key Findings — Volume 1
- Analysis of 50 vulnerability reports and 4 confirmed cyberattacks targeting solar energy systems since 2012
- Threat activity has increased significantly as solar systems become more numerous and digitally connected
- Attack vectors range from remote exploits of inverter interfaces to sophisticated supply chain compromises
Overview
As solar energy systems become more numerous and reliant on digital technology, they become both more critical to grid stability and more vulnerable to cyberattacks. This inaugural volume of DERSec’s Public History of Solar Energy Cyberattacks and Vulnerabilities presents a comprehensive analysis of the threat landscape.
Through detailed examination of 50 vulnerability reports and four confirmed cyber attacks occurring between 2012 and 2024, this research demonstrates that threat activity targeting solar infrastructure has increased significantly — both in frequency and sophistication.
Historical Context
The research traces the evolution of solar cyber threats from early-stage reconnaissance and basic web application vulnerabilities to sophisticated protocol-level attacks and coordinated campaigns targeting fleet management systems. Key milestones include:
- 2015–2018: Initial wave of SCADA/HMI vulnerabilities in solar monitoring platforms
- 2019–2021: Emergence of inverter-specific CVEs targeting SunSpec Modbus interfaces
- 2022–2024: Escalation to protocol-level attacks, firmware tampering, and supply chain compromises
Growing Attack Surface
With over 250 GW of distributed solar installed in the US alone, and millions of internet-connected inverters worldwide, the potential for coordinated cyberattacks on solar infrastructure represents a significant national security concern.
Download the Full Report
Access the complete Volume 1 research report with detailed incident timelines, vulnerability categorizations, and threat actor analysis.