Restrict Remote Access of PV Inverters from High-Risk Vendors - ESMC Solar
esmc.solar

While photovoltaics (PV) play an increasingly central role in Europe’s clean energy transition and energy independence, a hidden vulnerability threatens this progress: the software-based remote access to inverters, the critical “brains” of any PV system.

“Today, over 200 GW of European PV capacity is already linked to inverters manufactured in China – the equivalent of more than 200 nuclear power plants,” said Christoph Podewils, the European Solar Manufacturing Council (ESMC) Secretary General.

“This means Europe has effectively surrendered remote control of a vast portion of its electricity infrastructure.”

[…]

Further concerns include:

  • 70% of all inverters installed in 2023 came from Chinese vendors, mainly Huawei and SunGrow.
  • These two companies alone already control remote access to 168 GW of PV capacity in Europe (DNV Report, p. 40), by 2030, this figure is projected to exceed 400 GW – comparable to the output of 150–200 nuclear power plants.
  • One of these vendors [China’s Huawei] is already banned from the 5G sector in many countries and is currently under investigation in Belgium for bribery and corruption.

[…]

In light of these findings, the ESMC calls for the immediate development of an EU “Inverter Security Toolbox”, modeled after the successful 5G Security Toolbox. This would involve:

  • A comprehensive risk assessment of inverter manufacturers.
  • A requirement that high-risk vendors must not be permitted to maintain an online connection to European electricity systems.
  • Consideration of outright bans for such vendors from connecting to the grid.
  • A replication of Lithuania’s proactive legislation – banning inverters from China – across all EU Member States – ensuring security measures apply to PV systems of all sizes.
  • bluGill@fedia.io
    21·
    2 days ago

    That requirement is easy to appear to meet while still allowing whatever remote actions they want to do. Remember the first step of evil here would be appearing to work perfectly long enough to get a massive install base. Then the setret signal to all fail goes out to them all. i can come up with the above attack so we can safely assume China can too - they likely have other ideas as well.

    • Prunebutt@slrpnk.netEnglish
      13·
      2 days ago

      i can come up with the above attack so we can safely assume China can too - they likely have other ideas as well.

      And why exactly are we to assume that China has an interest to do so? Have we arrived in full-on cold war rhetoric by now? 🙄

      Also: how can the evil Xi Xingping (/s) do an assault on our infrastrugture if we don’t allow the device to phone home? If I can prevent my robot-vacuum to connect to the producer’s servers, why shouldn’t our infrastructure be able to do so?

      • Ninjasftw@lemmy.worldEnglish
        1·
        1 day ago

        Does your robot vacum still have all its functionality if it can’t talk home? Mine certainly doesn’t. I’m pretty sure that big infrastructure components probably all require some form of network communication

      • bluGill@fedia.io
        22·
        1 day ago

        China is making moves on Taiwan, Vietnam, South Korea, and the Philippians. They are building up their military. Nobody knows what will happen in the future, but there is a reasonably possibility of war in the region which the EU will get involved in. The cold war wasn’t all unreasonable fear even if some was.

        You don’t need to phone home. A radio is something you can hide in a chip, using the board itself as an antenna. Then the chip listens for the signal which can be broadcast many ways (the local embassy, satellite, or spys) Isreal already proved that you can attack pagers in ways like this (their radios were hidden in a battery, but the point remains). The engineering is tricky, but well within something China can do.