Archived

Security firm Forescout identified almost 35,000 solar power devices from 42 vendors with exposed management interfaces. These devices include inverters, data loggers, monitors, gateways and other communication equipment.

Key Findings

• Despite being a rapidly growing renewable energy source, there are security issues with remote inverter management, via cloud applications or direct access to management interfaces within inverters.
• Internet-exposed solar power devices are much more popular in Europe and Asia than in other regions. Europe accounts for 76% of exposed devices, followed by 17% in Asia and the remaining 8% in the rest of the world. Germany and Greece each account for 20% of the total devices worldwide, followed by Japan and Portugal with 9% each then Italy with 6%.
• Four of the top 10 vendors with exposed devices are headquartered in Germany, two in China and one each in Austria, Japan, US and Italy. This distribution also does not match the top 10 vendors worldwide by market share, since 9 of those are Chinese.

Mitigation Recommendations

• Do not expose inverter management interfaces to the internet.
• Patch devices as soon as possible and consider retiring those that for some reason cannot be patched.
• If a device needs to be managed remotely, consider placing it behind a VPN and following CISA’s guidelines for remote access.
• Follow the NIST guidelines for the cybersecurity of smart inverters in residential and commercial installations.

Archived

Security firm Forescout identified almost 35,000 solar power devices from 42 vendors with exposed management interfaces. These devices include inverters, data loggers, monitors, gateways and other communication equipment.

Key Findings

• Despite being a rapidly growing renewable energy source, there are security issues with remote inverter management, via cloud applications or direct access to management interfaces within inverters.
• Internet-exposed solar power devices are much more popular in Europe and Asia than in other regions. Europe accounts for 76% of exposed devices, followed by 17% in Asia and the remaining 8% in the rest of the world. Germany and Greece each account for 20% of the total devices worldwide, followed by Japan and Portugal with 9% each then Italy with 6%.
• Four of the top 10 vendors with exposed devices are headquartered in Germany, two in China and one each in Austria, Japan, US and Italy. This distribution also does not match the top 10 vendors worldwide by market share, since 9 of those are Chinese.

Mitigation Recommendations

• Do not expose inverter management interfaces to the internet.
• Patch devices as soon as possible and consider retiring those that for some reason cannot be patched.
• If a device needs to be managed remotely, consider placing it behind a VPN and following CISA’s guidelines for remote access.
• Follow the NIST guidelines for the cybersecurity of smart inverters in residential and commercial installations.

Patch devices as soon as possible and consider retiring those that for some reason cannot be patched.

Require all device firmware to be open source, and require all other software to be open sourced the moment it stops receiving sufficient support.

Patch devices as soon as possible and consider retiring those that for some reason cannot be patched.

Require all device firmware to be open source, and require all other software to be open sourced the moment it stops receiving sufficient support.

Archived

Security firm Forescout identified almost 35,000 solar power devices from 42 vendors with exposed management interfaces. These devices include inverters, data loggers, monitors, gateways and other communication equipment.

Key Findings

• Despite being a rapidly growing renewable energy source, there are security issues with remote inverter management, via cloud applications or direct access to management interfaces within inverters.
• Internet-exposed solar power devices are much more popular in Europe and Asia than in other regions. Europe accounts for 76% of exposed devices, followed by 17% in Asia and the remaining 8% in the rest of the world. Germany and Greece each account for 20% of the total devices worldwide, followed by Japan and Portugal with 9% each then Italy with 6%.
• Four of the top 10 vendors with exposed devices are headquartered in Germany, two in China and one each in Austria, Japan, US and Italy. This distribution also does not match the top 10 vendors worldwide by market share, since 9 of those are Chinese.

Mitigation Recommendations

• Do not expose inverter management interfaces to the internet.
• Patch devices as soon as possible and consider retiring those that for some reason cannot be patched.
• If a device needs to be managed remotely, consider placing it behind a VPN and following CISA’s guidelines for remote access.
• Follow the NIST guidelines for the cybersecurity of smart inverters in residential and commercial installations.

There is no Europe. Just Asia. If a chain of moutain could separate continent then Germany and Italy aren't on the same one