FBI Warns of Rising Cyber Threat in Renewable Energy Sector

Lorenz Duchamps
By Lorenz Duchamps
July 4, 2024US News
FBI Warns of Rising Cyber Threat in Renewable Energy Sector
Solar panels at the ENGIE Sun Valley Solar project in Hill County, Texas, on March 1, 2023. (Mark Felix / AFP via Getty Images)

The FBI is warning that America’s expansion of renewable energy infrastructure increases the risks of cyber attacks within the power industry.

In a private industry notification released on July 1, the FBI outlined that these attacks may include hackers seeking to steal intellectual property, disrupt power generation, or ransom vital information for geopolitical motives or financial gain.

“With federal and local legislature advocating for renewable energies, the industry will expand to keep pace, providing more opportunities and targets for malicious cyber actors,” the FBI said in the notification.

The document highlighted a 2019 incident involving a private company operating solar assets that lost the ability to monitor approximately 500 megawatts of its wind and photovoltaic sites across California, Utah, and Wyoming due to a denial-of-service attack exploiting an unpatched firewall.

Such an attack is an attempt to disrupt the normal functioning of a network, service, or website by overwhelming it with a flood of internet traffic from multiple sources.

“While it was unclear if this specific incident was a deliberate cyberattack targeting this specific company, the incident highlighted the risks posed by a security posture that relies on outdated software,” the FBI said.

The agency noted that while cyber attacks on residential solar systems “have been rare historically,” hackers could seek to target other systems such as microgrids—which are local power systems that can operate independently during power outages—or inverters at solar farms.

“Researchers are working to counter this potential risk through a passive sensor device that can detect unusual activity in the electrical current,” the FBI said.

The law enforcement agency detailed that a cyber attack against a solar panel system—either residential or commercial—would likely focus on targeting the system’s operational software and hardware, noting specifically that hackers “could attempt to gain control over a solar panel system through the inverters.”

“Inverters are responsible [for] converting the direct current (DC) energy that the solar panels generate into practical alternating current (AC) electricity,” the notification explains.

The agency said it encourages current and former employees of companies within the renewable industry to report cyber intrusions targeting either themselves or their organization.

The FBI’s notification was issued just days after cyber security company Dragos said the Nordic region—Denmark, Finland, Iceland, Norway, and Sweden—experienced “a significant uptick in cyber threats,” particularly in sectors such as renewable energy.

“The Nordic region is renowned for its advanced digital infrastructure and high levels of connectivity. As these countries spearhead technological and renewable energy advancements, their exposure to cyber risks also escalates,” the cyber security company said in a blog post released on June 28.

Preparing for Cyber Threats

The FBI issued guidelines that the renewable energy industry can implement to address espionage and cyber threats:

  • Routinely monitor network activity for unusual or suspicious traffic and activity;
  • Update company networks to patch any potential security vulnerabilities, along with the use of firewalls and antivirus software;
  • Report computer network intrusions to the appropriate law enforcement organizations;
  • Report unexpected visits to company facilities or suspicious solicitations to employees while attending conferences or during foreign travel to law enforcement;
  • Carefully consider risks from vendors to avoid exposure to deliberate exploitation of supply chain vulnerabilities as an attack vector.

The agency has also recommended that network defenders, individuals or teams responsible for protecting networks, apply general mitigation techniques to reduce the potential for attacks. These include maintaining offline backups of data, ensuring backup data is encrypted, and reviewing the security posture of third-party vendors and those interconnected with the organization.