Supply Chain Cybersecurity Recommendations for Solar Photovoltaics

Research output: NRELTechnical Report


Solar photovoltaic (PV) cybersecurity is a growing field of research. As deployments of solar PV has increased, cyber risk has also increased. However, utility solar PV installations are not required to comply with North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) unless they meet a minimum generation threshold of 75 Megawatts (MW). Individual residential scale solar PV deployments will not meet that generation threshold and are therefore excluded from NERC CIP requirements. With most solar installations below 75MW, solar PV has been deployed with minimal oversight and highly variable cybersecurity maturity. The resources that make up the digital supply chain can include software, code, data, as well as other digital components. However as clean energy technology advances, cybersecurity threats and vulnerabilities continue to evolve and grow in sophistication. Solar PV faces a unique challenge in which it can be deployed in residential buildings and purchased by a consumer directly. This makes the supply chain of PV a unique challenge, where responsible parties for cybersecurity vary widely depending on the type of solar PV being deployed. Supply chain cybersecurity for solar PV represents a critical area for ensuring safe operations as the U.S. moves towards a clean energy future.
Original languageAmerican English
Number of pages28
StatePublished - 2023

NREL Publication Number

  • NREL/TP-5R00-87135


  • cybersecurity
  • photovoltaics
  • recommendations
  • solar
  • solar PV
  • supply chain


Dive into the research topics of 'Supply Chain Cybersecurity Recommendations for Solar Photovoltaics'. Together they form a unique fingerprint.

Cite this