7/9/2026 Cassandra Smith
Written by Cassandra Smith
"If the power goes out, that's not just a utility problem, that's a you and me problem too." This underscores the importance of securing our distributed energy resources (DER), according to David Emmerich with the Information Trust Institute (ITI) within The Grainger College of Engineering at the University of Illinois Urbana-Champaign.
DERs such as solar panels, rooftop chargers and wind turbines all use inverters to convert their output into grid-compatible power. While these resources bring huge benefits, inverters can also carry major cyber vulnerabilities. The college is participating in a multi-institutional Department of Energy (DOE)-funded project to protect these crucial systems from bad actors.
The program targets grid-scale DER deployments — think fields of solar panels with many inverters, which convert the resource into the needed energy type. The inverters (electronic circuit that converts electric signals from DERs to a form usable in distribution grids) contain data called telemetry that allows utilities to track where power is coming from and balance supply to the public.
There are several reasons an attacker would see DERs as attractive targets.: They have embedded computer components, are spread across many locations and are generally harder to protect than centralized plants. Emmerich said an attacker could shut an inverter down, falsify its reported power values or even manipulate what tells the system how to feed power into the grid. Logan Marlow, a research programmer within ITI, said attacking inverters can overload transformers and transmission lines, causing equipment damage beyond just the DER itself. "It's a grid-level problem, not just for DER, but for everyone potentially."
The Georgia Institute of Technology is leading the $4.2 million DOE project, which aims to develop a method based on artificial intelligence (AI) that can automatically locate and eliminate threats to distributed energy resources. To bring that vision to life, Georgia Tech assembled a team of partners, each contributing a different piece of the puzzle: a national laboratory handles attack path analysis, another partner organization focuses on protocol research and Illinois leads exploitation research — testing how these vulnerabilities could actually be exploited in the real world.
Illinois' involvement traces back to a personal connection. Georgia Tech's principal investigator, Saman Zonouz, holds a doctorate from Illinois and had previously worked with ITI. When he set out to build a team with strong testbed and electric-power-systems experience, he reached out directly to his alma mater.
The project's timeline reflects this staggered start: Georgia Tech launched the program in September 2024, with Illinois' contract beginning a few months later, in January 2025. Phase one is set to wrap up this September, with a possible 12-month extension pending DOE approval.
Illinois is researching the historical Common Vulnerabilities and Exposures database for issues affecting inverters. The team uses representative devices called programmable logic controllers whose control logic closely mirrors that of real inverters. "We are doing research around known exploits for those, and then actually how can we make use of those exploits ourselves to demonstrate this stuff is possible," Emmerich said. "Our role in this is taking the theoretically possible in our simulated systems and testing it against real physical equipment." For the data side of the research, the team works with real electric power equipment without live power running through the systems. "We're just using the data side of it, so there's no power involved. So, if an attacker had access to that inverter, what could they do from there," Emmerich said. That is a real-life concern, as a compromised inverter could allow an attacker to get through a host, firewall and automation control, ultimately opening breakers at a substation.
Illinois has a history with this area of work. Marlow brought up the Ceer Test Bed. "We're well known for that. We have cyber-physical equipment that is the type that is used by utilities," Marlow said. "So, we're able to create these realistic environments, but we also have a lot of networking that we've done and that previous colleagues have done that we benefit from." Those contacts can answer questions about live environments and maintaining real power flows. Marlow said that when they first started this project, they had questions about DER deployments. They spent several months setting up meetings with industry contacts and gathering information about structuring environments.
Those conversations turned into a generalized model of a "generic DER deployment" that could be built in their laboratory. Since they could not replicate one specific utility, they synthesized patterns from many. That model was then shared with the national lab, National Laboratory of the Rockies, so it could feed its automated, AI-assisted attack graph generation.
As the team awaits a decision from the DOE on a possible extension, the stakes of their work are only growing. The number of solar panels, EV chargers and other inverter-based devices connected to the grid is rising every year, and each one is a potential entry point for an attacker. By finding these vulnerabilities in the lab before someone finds them in the field, Illinois and its partners are helping ensure that the next wave of clean energy doesn't come with a new set of blind spots — keeping the lights on for the utilities and the public who depend on them.
The Grainger College of Engineering Affiliations
David Emmerich is a principal cyber-physical range architect within the Information Trust Institute.
Logan Marlow is a research programmer within the Information Trust Institute.