Recommendations for Solar Energy Cybersecurity - CYBERSECURITY CONSIDERATIONS CYBERSECURITY IMPACTS OBSERVED WEAKNESSES IN IBR/DER EQUIPMENT
1 June 2023
electric grid • Damage to equipment • Expanded attack surfaces • Loss of IBR/DER service availability • Malicious control of the IBR/DER cyber-physical system through the Internet • Theft of PII and financial information • Logical or physical local ports could offer a foothold into networks (e.g., • Compromise of IBR/DER safety systems enterprise, operational, behind-the-meter) Large-Scale Impacts. [...] • Use a password-protected bootloader that supports secure boot operations and verifies digital signatures and • Track all external libraries and software components for newly discovered vulnerabilities. [...] • Protect and position tamper-detection sensors and alarms on IBR/DER sites and enclosures to prevent an • Configure NIST-compliant passwords and use multi-factor authentication to prevent compromised credentials attacker from bypassing them; consider installing sensors to detect signs of entry. [...] • Employ access-control mechanisms & require authentication and authorization for IBR/DER reconfiguration, • Utilize vulnerability and configuration scanning to ensure systems are updated and do not have unauthorized reprogramming, and firmware updates. [...] • Use the Common Vulnerability Scoring System (CVSS) to evaluate potential vulnerability impacts and prioritize • Ensure clear documentation of critical processes and communicate the document storage location for the response.