As UK businesses continue investing in solar energy and battery storage to combat high energy costs and reduce carbon emissions, a new challenge is emerging: cybersecurity risks tied to distributed energy resources (DERs).
While solar power brings resilience and long-term savings, systems like smart inverters – which control how energy flows between the grid, solar panels, and storage units are increasingly being targeted by cybercriminals. Without the right protections in place, even a small-scale installation can become a gateway for attackers.
A Growing Security Risk for UK Energy Infrastructure
According to Ofgem, DERs, particularly solar arrays are playing a growing role in the UK’s transition to a smart, low-carbon energy system. Many are connected to online platforms that allow for real-time monitoring, remote control, and data sharing with utilities.
But with this convenience comes exposure. As the National Cyber Security Centre (NCSC) warns, any system connected to the internet is potentially vulnerable to attack. This includes DER technologies used in schools, local authorities, hospitals, manufacturing sites, and commercial estates.
In 2024, Dutch security researchers discovered a serious vulnerability in the software of Enphase IQ Gateways used globally in solar systems. If exploited, it could have granted attackers access to over 4 million devices worldwide. This was not a one-off. The UK has also seen vulnerabilities in DER-related IoT devices exploited for botnets, ransomware attacks, and supply chain intrusions.
Smart Inverters, Simple Passwords, Serious Consequences
The core issue is that many smart inverters and management systems still rely on:
- Weak or default passwords
- Unencrypted communication
- Shared login credentials across teams and third parties
In too many cases, Multi-Factor Authentication (MFA) is not enabled – leaving these systems wide open.
The NCSC’s guidance on Cyber Security for Industrial Control Systems strongly recommends enforcing MFA for all remote access. MFA ensures that even if a password is stolen, the attacker still cannot log in without a second verification method, such as a code on a mobile device.
Why MFA is Critical for DER Security
Smart inverters are often connected to:
- Cloud platforms
- Building management systems (BMS)
- Energy analytics tools
- Third-party maintenance providers
Each connection is a potential entry point for an attacker. Without MFA, these access points can be exploited to:
- Hijack energy assets
- Disrupt grid operations
- Move laterally into internal IT systems
Even small-scale installations pose risk if they connect to wider networks. During peak demand, attackers could exploit multiple DERs to manipulate data sent to the grid, or cause power instability by simulating incorrect output levels.
How DTE Can Help?
At DTE, we help UK organisations secure the growing number of connected systems in their operations- from IT infrastructure to on-site energy assets. As a Gold Partner of RSA Security, we provide proven identity and access management tools, including:
- Enterprise-grade Multi-Factor Authentication (MFA)
- Role-based access controls for DER and inverter systems
- Credential monitoring and alerting
- Zero Trust access strategies for cloud-connected assets
Whether you’re deploying solar for cost savings or sustainability targets, it’s critical to treat these systems like the operational technology they are and protect them accordingly.
Don’t Wait for a Breach to Act
Contact DTE to secure your DER systems with robust, RSA-powered MFA and identity protection solutions tailored to your needs.
