What if a few gigawatts of solar power disappeared without a warning or a cloud in the sky?
Imagine a hostile force had control of half your national power generation at lunchtime and could just flip a switch to bring you to your knees? Or how about a crime syndicate wanting a ransom paid by 5pm?
Steve Milloy: Communist China is setting us up for solar panel-based disaster:
“Solar panels that make the electricity suitable for the power grid and which are usually connected to the web, can be “easily hacked, remotely disabled or used for DDoS [Distributed Denial of Service] attacks.” DDoS is one of the most common types of attacks, which basically try to overwhelm a system… Solar panels were outlined as a vulnerability in several scenarios, also due to the dominance of a single country, China, in the supply chain.”
It’s only a week without electricity…
Daniel Croft, CyberDaily (October 2023)
Cyber Security CRC chief executive Rachael Falk said… that an attack on the solar grid could spark a “black start” event, which could result in the entire power grid going down. … “This could bring down an entire power grid, and it could take a week to recover,” she said.
[Falk said] the threat presented by foreign-manufactured solar inverters is a recent one, as only recent models are internet-connected due to increased interest in smart home technology.
“Traditionally, cyber risk with solar inverters was low because they were not connected to the internet,” said Falk. “However, as the popularity of smart home energy systems has boomed, this has changed, with most solar inverters now web connected.”
The EU and the US have both had a wake up call in the last few weeks
A Dutch white hat hacker got into one system a couple of weeks ago with 4 million panels in 150 countries, exposing a major flaw. That software glitch in American Enphase inverters was fixed quickly once they were aware of it, but how many other doors remain open?
Only two weeks ago another group called Bitdefender claimed that 20% of the worlds solar panels and 195 gigawatts of capacity, had been at risk of cybercrime for months. Rooftop solar management software by Solarman and Deye (both Chinese solar manufacturers) is used by 2 million “solar plants” and 10 million devices. Hackers could have been able to take control of the inverters (which could “change the way the inverters interact with the grid”. They could also steal quite a lot of data, including real time GPS locations and production. What if they could target individuals?
Apparently those issues were reported in May but are now patched too. (I guess no one would be mentioning any issues which are not patched, would they?) SecurityBrief has the gory details.
Whatever threats exist in the Netherlands, Australia is a sitting duck
Even at lunchtime in winter, sometimes half of the Australian national grid power comes from solar panels. That’s 12 gigawatts of solar power out of 25 gigawatts in toto. (And it’s similar in WA). Here in the renewable crash test dummy, fully 58% of the solar inverters that are connected in to the internet come from companies headquartered in China. (And the rest are headquartered elsewhere, but who knows, maybe they’re made in China too, where 70% of the worlds solar inverters come from?)
Solar power is a large part of the Australian NEM, even in winter. The black line is total generation. The NEM includes NSW, QLD, Vic, Tas, SA. (Source: Anero.id)
So Cyber-expert Falk gave us that warning of a black start disaster in October last year, and how far have we got? By January we were redoing our cybersecurity plans, but somehow still forgetting about smart home devices like solar inverters and control of our national critical infrastructure. But, not to worry, by February we had the news that we were hiring Standards Australia, to develop “a roadmap”. (That’ll stop them!) Meanwhile we’re still going gangbusters on solar installations.
We can always rely on the government to get nothing done, help the enemy…
White hat hacker shines spotlight on vulnerability of solar panels installed in Europe
By Nikolaus J. Kurmayer | Euractiv
An ethical hack of solar panels in the Netherlands has revealed their vulnerability to cyber attacks, prompting industry calls for more rigorous safety assessments.
A Dutch white hat hacker could have gained control of millions of smart solar panel systems, reports investigative outlet FollowTheMoney, using a backdoor.
The findings confirm a 2023 report by a Dutch agency which found that converters, essential parts of solar panels that make the electricity suitable for the power grid and which are usually connected to the web, can be “easily hacked”…
A report by the EU’s own cybersecurity agency from 24 July found that the union is ill-prepared for a concerted attack on its energy infrastructure, whether by a foreign state or by malicious insiders.
How much will that cost?
We need to test and possibly replace inverters and fix the software:
A report by the Perth’s Cyber Security Cooperative Research Centre “recommends assessments be conducted on all solar inverters sold in Australia, with identified vulnerabilities requiring remediation. The report also says cyber security ratings should be introduced for solar inverters and IoT devices more generally, as well as recommending solar inverters with identified serious cyber vulnerabilities be banned from retail sale in Australia.
Thanks to Marc Morano of Climate Depot.