ESMC Warns of Cybersecurity Risks in Europe’s Solar Infrastructure Due to Chinese Inverters
solarquarter.com
The European Solar Manufacturing Council (ESMC) urges immediate EU action to address cybersecurity threats posed by Chinese-made PV inverters. With over 200 GW of Europe's solar capacity under foreign control, the ESMC calls for an “Inverter Security Toolbox” to safeguard energy sovereignty and prevent potential grid disruptions and cascading blackouts.

Archived

Here is the original study: Restrict Remote Access of PV Inverters from High-Risk Vendors

The European Solar Manufacturing Council (ESMC) has issued a stark warning, highlighting a critical threat to Europe’s energy autonomy stemming from the unregulated remote access capabilities of PV inverters produced by non-European, high-risk manufacturers—particularly those from China. A recent study by DNV substantiates these concerns.

As solar power becomes increasingly integral to Europe’s clean energy goals and energy security, a major vulnerability looms: software-enabled remote access to PV inverters—the essential control units of solar power systems.

[…]

The threat is real, not hypothetical. Internet connectivity is essential for modern inverters to perform grid support functions and participate in power markets. However, this connectivity also enables remote software updates, allowing manufacturers to potentially modify device performance from afar. This poses serious cybersecurity risks, including the danger of intentional disruption or large-scale shutdowns. A recent DNV report, commissioned by SolarPower Europe, highlights the credible risk of cascading blackouts due to coordinated or malicious manipulation of inverters.

  • kbal@fedia.io
    162·
    2 days ago

    This can be solved by not connecting your solar panels to the Internet, or putting them behind a secure VPN if you really need remote access for some reason.

    • kbal@fedia.io
      6·
      2 days ago

      (Or perhaps if things need to connect to some kind of grid management services, a firewall with appropriate rules — i.e. ones that do not allow connections to or from random addresses in China. Or some combination of both. Depends on the requirements but it’s not that complicated. Consult your local IT security expert.)

      • futatorius@lemm.eeEnglish
        1·
        5 hours ago

        Yeah, excellent suggestion. There’s no reason for a device to accept incoming requests from Chinese IP addresses for any reason. In fact, I’d keep them on the WAN and block anything incoming from the internet-- you can do a secure tunnel to your WAN if you really want remote access. I’d alert on outgoing requests and block them unless you confirm them. If the device is phoning home to Winnie, then consider blocking outgoing entirely.

        I’m not a security expert either, but the systems I build always pass security audits with no major findings, so I think my rules of thumb are good.