‘Rogue’ devices found in Chinese solar inverters raises cybersecurity alarm in Europe
-
Spain reconsiders possibility of hackers causing blackouts
The possibility of the blackouts being caused by a cyberattack was immediately considered, though the grid operators in Spain and Portugal both said at the time there was no evidence of hacking, a point that was echoed by authorities and politicians.
Now, reports suggest Spanish authorities are investigating whether smaller power generators were a weak link that was exploited by cyber criminals to target the electricity grid, according to the Financial Times ...
[The original FT article is behind a paywall.]
[The original FT article is behind a paywall.]
The archived version, however, is not
-
Ok, what are European vendors for inverters? I really want solar, but I would prefer local vendors.
Fronius is Austrian and there are a few others but none producing microinverters that I’m aware of. If you are doing an install with no shading issues during the day, regular inverters are preferable though since the costs are cheaper and there’s no DC-AC-DC loss if you include a battery backup.
-
Ok, what are European vendors for inverters? I really want solar, but I would prefer local vendors.
There are some for the mid to large scale, which this would affect. Less so for small scale like <<100 kWp.
-
US energy officials have found unexplained communication equipment inside some Chinese-made inverter devices.
[...]
Reuters reported the presence of undocumented and “rogue” communication devices in a number of Chinese-made solar inverters. These could potentially introduce unregulated and undocumented remote communication channels to the inverters, by which an actor could remotely bypass the cybersecurity firewalls that utility companies use to prevent direct communication back to China.
[...]
It's not as fun and exciting James Bond shit when a supply-chain attack happens too close to home, huh? At least it didn't explode in anyones faces.
-
Ok, what are European vendors for inverters? I really want solar, but I would prefer local vendors.
Fronius, SMA, Victron.
The unfortunate bit is that apparently e.g. Huawei inverters are extremely reliable, whereas e.g. cheaper SMA models are not.
-
Fronius, SMA, Victron.
The unfortunate bit is that apparently e.g. Huawei inverters are extremely reliable, whereas e.g. cheaper SMA models are not.
I wonder if an incentive to be well built and reliable ends up being the fact they are strategic assets that can be “called into service” for decades.
This is some conspiracy brain thinking, but… they did find secret communication devices…
-
US energy officials have found unexplained communication equipment inside some Chinese-made inverter devices.
[...]
Reuters reported the presence of undocumented and “rogue” communication devices in a number of Chinese-made solar inverters. These could potentially introduce unregulated and undocumented remote communication channels to the inverters, by which an actor could remotely bypass the cybersecurity firewalls that utility companies use to prevent direct communication back to China.
[...]
Not naming the manufacturers is very disappointing
-
It's not as fun and exciting James Bond shit when a supply-chain attack happens too close to home, huh? At least it didn't explode in anyones faces.
Or pockets...
-
Not naming the manufacturers is very disappointing
wrote on last edited by [email protected]Not naming the manufacturers is very disappointing
It is. So I looked it up:
According to the info I found, Huawei battery systems, and concerning solar panel electricity invertors they mentioned Sungrow, Growatt, and SMA.
Growatt has arranged a patch, they claim.Many of these Chinese systems have little to none (security) updates.
-
Fronius, SMA, Victron.
The unfortunate bit is that apparently e.g. Huawei inverters are extremely reliable, whereas e.g. cheaper SMA models are not.
SMA is on the list.
-
Not naming the manufacturers is very disappointing
It is. So I looked it up:
According to the info I found, Huawei battery systems, and concerning solar panel electricity invertors they mentioned Sungrow, Growatt, and SMA.
Growatt has arranged a patch, they claim.Many of these Chinese systems have little to none (security) updates.
What makes you believe that those software issues from a month ago are in any way related to the undocumented communication hardware found now?
-
SMA is on the list.
wrote on last edited by [email protected]In case you're referring to the comment by HowRu68 above, I don't think that those software vulns are related to this issue at all.
-
In case you're referring to the comment by HowRu68 above, I don't think that those software vulns are related to this issue at all.
Yea that's the one I was referring too. If not then that's good
-
Hmmm. Unnamed "people" of some unnamed US spook organization find rogue devices in an undisclosed number of Chinese solar inverters and batteries of not named brands which alerts Europe. Smells fishy.
Unnamed "people" of some unnamed US spook organization
People employed by a state actor to screen hardware (or closely related to screening) probably aren't supposed to leak stuff like this. Nobody wants a potential adversary knowing what you do/do not know.
rogue devices in an undisclosed number of Chinese solar inverters and batteries of not named brands
Again, there's no benefit to telling, especially when this could tie back to a leaker. How could they disclose a number? They deconstruct a sample selection, not every single one that's installed. What would the public even do with brand information? Throw away the commercial utility grade inverters tied into their nonexistent home grid?
which alerts Europe
Spain just had a very public massive grid failure. Even if they don't trust the US diplomatically, they could very easily take this info and verify it on their own devices.
Every smart car on the road has a backdoor killswitch and GPS tracking, "just in case" it needs to be used against a private individual. You think a state actor supplying 30-40% of the global market (allies and adversaries alike) wouldn't do the same thing?
