• 5 min read
Getting residential rooftop solar set up tends to be a pretty streamlined process: Installers mount the necessary hardware and panels, connect them to the system’s inverter and the home’s electrical system, and give homeowners the necessary credentials to access the inverter.
That typically involves a basic—and easy to guess—password, which can leave the system vulnerable to attacks.
That’s just one example of clean energy’s lack of widespread cybersecurity—most renewable infrastructure is digitally native, meaning it’s inherently hackable. For years, though, this daunting reality has been largely unspoken in the industry out of fear that it could hinder the energy transition’s momentum. But as more renewables are added to the grid and hacking attempts increase, clean energy is reckoning with its vulnerabilities and the need for greater energy cybersecurity.
Thrown off balance: It’s not just residential solar that can be hacked; large solar farms are also the target of malware, just like existing grid infrastructure. Energy hacks are intended to wreak havoc and maximize downtime of compromised assets, which can be accomplished by hitting a commercial-sized renewable plant or hundreds of residential solar systems at once.
The impact for energy companies is lost profit from compromised power-purchase and service-level agreements; but for governments, grid destabilization—which can happen when just 5%–10% of the grid goes down—could be disastrous. Control over renewable systems can be held for ransom or used for extortion, too.
“The reason it doesn’t just freak out individuals, but also governments are involved, is because what could happen if a million of these systems are told to turn off at once?” Uri Sadot, a solar cybersecurity expert and managing director of SolarDefend, told Morning Brew. “That’s the big scare, and that throws the grid off balance.”
Energy hacks can originate from a variety of categories, from rogue teenagers and sophisticated ransomware groups to US adversaries like Russia and China. A majority of attacks are automated and target poorly secured inverters with weak passwords, but different technical components made by different companies working together can create vulnerabilities, too. Third-party vendors could have access to systems that operators aren’t aware of, especially if parts manufacturers get acquired by a new parent company.
And if system components come from China—and a majority do—cybersecurity mechanisms are less likely to be built into technology.
“They don’t pay any attention to anything that they’re not required to,” Sadot said of renewable technologies manufactured in China. “Some great products are coming out of China, but not these ones.”
Prevention strategies: Preventing energy hacks on residential equipment is fairly straightforward: Each system should have its own unique password and avoid making its wi-fi signal, or SSID, publicly accessible. Additionally, any energy management applications—and the phones or computers that run them—should be kept up to date, as software updates traditionally include new malware prevention. Solar installers should also hire cybersecurity teams to make the systems they sell better protected from malware and botnet attacks, Sadot said.
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
But when it comes to combating cyber attacks on larger energy resources, regulation and coordinated government strategy is needed. Harry Krejsa, the director of studies at Carnegie Mellon’s Institute for Strategy and Technology and a former cyber policy advisor for the Trump and Biden administrations, told Morning Brew that on a federal level, clean energy and cybersecurity experts have historically seldom worked together.
“So we started working in the last couple of years of the Biden administration to break down those barriers and establish a mutually intelligible language,” Krejsa said. “They can solve each other’s problems, but under normal circumstances, would not organically be in a lot of the same rooms.”
Krejsa’s preferred strategy is what he calls “layered defense,” which involves scrutinizing which components of renewable technology have high cybersecurity risks and need to be made domestically or sourced from geopolitical allies, and which are low risk and can be manufactured anywhere.
“A single photovoltaic panel is a fairly dumb, commoditized piece of equipment. And if one panel in a giant field of them fizzled one day—even if it was the Chinese military that did it—we’re probably not going to worry too much about that,” Krejsa said. “There are various layers of smart inverters, [distributed energy resource] management software, virtual power plants, and dispatch tools that can serve as fire breaks well before that kind of intrusion could cause a threat.”
New rules: Though he’s had a close-up view of just how many international cyber threats the US power system is up against, Krejsa sees digitally run renewables as an opportunity to further protect the grid, not a potential vulnerability.
And recently, energy regulators have stepped up to the plate. Last year, the North American Electric Reliability Corporation (NERC) added new critical infrastructure protection policies to its Reliability Standards that require energy operators to monitor and analyze energy data for “anomalous network activity.” This followed a Federal Energy Regulatory Commission (FERC) initiative that required all inverter-based energy resources to adhere to NERC’s standards, ensuring their near ubiquity across the industry.
Such federal updates were an exciting development for energy cybersecurity experts like Richard Pfeifer.
“These governing bodies are getting smarter. They’re becoming more educated, just like the hackers and attackers,” Pfeifer, who serves as head of US sales and strategy at software company Cyber Energia, told Morning Brew. “And we’re playing offense instead of defense.”
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Industry news By Morning brew Inc.
© 2026 Morning Brew Inc.
All Rights Reserved.

source