Cybersecurity Intrusion Detection System for Large-Scale Solar Field Networks

Historically, the solar industry has adopted minimal cybersecurity protections. At best, deployments consist of installing perimeter defense solutions driven by regulatory and stakeholder requirements. Today, critical infrastructure systems are a growing target for nation state sponsored cyber adversaries. As these cyberattacks increase both in volume and sophistication, new solutions are needed to safeguard the growing demand for renewable energy. However, widescale adoption of advanced cyber technologies requires solutions that also address the industry’s extreme cost sensitivity. Operant’s Phase I and II projects established a superior distributed intrusion detection system for large scale solar sites that detects cyberattacks through secure network traffic inspection of both internal ‘lateral’ and external site communications. This is necessary because the traditional approach, adding perimeter firewalls, is being challenged by two trends: the growth of fully encrypted traffic, and the knowledge that attackers regularly penetrate perimeter defenses but then spend extended periods in lateral movement throughout the network. We successfully engaged with key commercialization partners: the leading solar cybersecurity consulting firm and a major electrical utility. Their insights confirmed the need for our intrusion detection system. More importantly, we learned that existing solutions are only being adopted by the largest projects above 75 MW which must comply with NERCCIP regulations. This threshold presents a unique commercialization opportunity for our solution: Sites larger than 75 MW are regulated to provide cybersecurity controls; while smaller distributed generation sites are unregulated and cybersecurity capabilities are neglected due to costs. Smaller sites are much more numerous and have no remote visibility into network traffic for either cyber or operational reasons. The lack of remote visibility leads to expensive and unnecessary travel to remote sites for operational problems and increased downtime overall. The NERCCIP 75 MW threshold may be reduced, yet there are no existing cyber solutions that are costeffective for smaller sites Working alongside our commercialization partners in this Phase IIB effort we propose a lowcost, comprehensive, and modular solution appropriate for both the smallest solar sites and scalable up to the largest systems. By combining our cyber intrusion detection system with our existing communications solutions, we will create an integrated cybersecurity, communications, and operational visibility platform. Deployed on commonly used offtheshelf equipment, this will reduce costs while improving security by displacing existing patchwork solutions and multiple hardware components. Operant already has commercial partner commitments to help fill this need and directly participate in this project helping with product definition, facilities, and marketing. With this Phase IIB effort, we can directly impact the security of the nation’s growing solar fleet, while staying within the necessary cost envelope required for rapid adoption.