BY AGLAÉ BANGE
The energy sector has long been a prime target for cyberattacks, pushing governments and private companies to strengthen cybersecurity measures.
In 2015–2016, energy infrastructure accounted for more than one-third of cyberattacks globally. By 2023, attacks against utilities – including energy companies – had risen by more than 200%. Such attacks can trigger power outages, equipment failures, fires and the fraudulent misuse of connected devices.
Japan’s rapidly expanding renewable energy sector has not been immune.
In 2024, nearly 800 remote monitoring devices in solar installations were compromised in a single cyberattack and then used to conduct fraudulent online bank transfers – the most significant cybersecurity incident to date involving Japan’s renewable energy sector. The incident intensified debate over the vulnerabilities created by interconnected renewable energy assets and accelerated a major regulatory shift.
The issue is more urgent as Japan’s power system grows more decentralized. Aggregators are combining distributed solar, storage and flexible demand assets into portfolios that participate in balancing and price-setting mechanisms. This turns connected renewable energy equipment into economically valuable infrastructure as well as cybersecurity risks.
Under new rules, a state-backed cybersecurity certification scheme known as Japan Cyber-Security Technical Assessment Requirements (JC-STAR) will become mandatory for projects involving interconnected solar, wind, battery storage and fuel-cell equipment.
Although cybersecurity is the primary justification, the policy may also reflect broader industrial and strategic concerns, including protection of Japan’s fast-growing BESS market and rising unease over dependence on foreign-made equipment.
While implementation imposes additional costs and administrative burdens on developers and manufacturers, the framework could ultimately strengthen the sector’s operational resilience and supply-chain transparency.