kravietz 🦇 on Nostr: Yet another demonstration of a “cyberattack on solar panels”, this time by a ...
Yet another demonstration of a “cyberattack on solar panels”, this time by a #Greece security researcher Vangelis Stykas.[^1] Not much detail has been published which I guess is because he’s showing it on some conference, but judging from the past experiences it’s not an attack on the actual #photovoltaic panels but on the PV inverters, which routinely are connecting to the Internet so that their owner can enjoy shiny production charts in mobile apps 😉
These inverters, apart from connecting to a shady server in Asia, also have bugs, which can be found and exploited by various hacking groups worldwide. The end result is that a random person anywhere in the world can make millions of panels stop delivering electricity to the grid at one moment only because they use inverters by one vendor. So much about decentralised #renewables 😉
Of course, this is not a new problem[^2] and it has been noticed by the regulator, which resulted in extending the scope of EU NIS2 cybersecurity directive to the whole electricity sector, including PV and wind (which had been also hacked in the past, including notable 2022 hack by Russians). I don’t now how in other countries, but the ongoing NIS2 enactment attracted outcry from the… photovoltaics lobby, for whom introduction of basic cybersecurity controls into the inverters they’re selling means slightly decreased commission and an extra cost. I guess sustained presence of these vulnerabilities, on the other hand, is a business opportunity, because when millions of inverters are hacked and remotely vandalised, you can just sell new ones 🤷
[^1]: https://www.bloomberg.com/news/articles/2024-12-12/europe-s-power-grid-vulnerable-to-hackers-exploiting-rooftop-solar-panels
[^2]: https://berthub.eu/articles/posts/the-gigantic-unregulated-power-plants-in-the-cloud/
These inverters, apart from connecting to a shady server in Asia, also have bugs, which can be found and exploited by various hacking groups worldwide. The end result is that a random person anywhere in the world can make millions of panels stop delivering electricity to the grid at one moment only because they use inverters by one vendor. So much about decentralised #renewables 😉
Of course, this is not a new problem[^2] and it has been noticed by the regulator, which resulted in extending the scope of EU NIS2 cybersecurity directive to the whole electricity sector, including PV and wind (which had been also hacked in the past, including notable 2022 hack by Russians). I don’t now how in other countries, but the ongoing NIS2 enactment attracted outcry from the… photovoltaics lobby, for whom introduction of basic cybersecurity controls into the inverters they’re selling means slightly decreased commission and an extra cost. I guess sustained presence of these vulnerabilities, on the other hand, is a business opportunity, because when millions of inverters are hacked and remotely vandalised, you can just sell new ones 🤷
[^1]: https://www.bloomberg.com/news/articles/2024-12-12/europe-s-power-grid-vulnerable-to-hackers-exploiting-rooftop-solar-panels
[^2]: https://berthub.eu/articles/posts/the-gigantic-unregulated-power-plants-in-the-cloud/