All it takes is one hacker and a batch of faulty solar panels to threaten the safety of Europe’s electric grid.

Vangelis Stykas, a cybersecurity consultant, said he figured out how to do it. Using a laptop and smartphone at his home in Thessaloniki, Greece, Stykas bypassed firewalls in panels around the world and gained access to more power than runs through Germany’s entire system.

The “white-hat hacker,” who tests software so companies can fix flaws, said he got far enough inside the controls that he could have turned the devices off, dramatically tipping the supply-demand balance for the power network. Such a drastic fluctuation could stress a grid to the point where it shuts down as a fail-safe, he said.

The exponential growth of rooftop solar systems means millions more connection points to the grid, creating a massive vulnerability that hackers could exploit. The most serious impact may be cascading grid failures across the continent. That risk is a growing concern for utilities and governments dealing with more cyberattacks every year.

[…]

The average number of weekly cyberattacks on utilities worldwide doubled within two years to about 1,100, and they’re occurring more frequently as digitalization takes hold, the International Energy Agency said. The European Union suffered more than 200 reported cyberattacks on energy infrastructure last year, and that number has “largely increased in recent years.”

[…]

“There’s some naivete about the risk,” Harry Krejsa, director of studies at the Carnegie Mellon Institute for Strategy & Technology in Pittsburgh, told the Columbia Energy Exchange podcast last week. “It should be more of a concern than is widely perceived today.”

[…]

The threat is serious enough that NATO ran a security drill in Sweden to find and fix vulnerabilities in solar, wind and hydroelectric systems.

The military alliance says it’s the world’s first such exercise, and the scenario comes amid wars in Ukraine and the Middle East, and the West’s fracturing relationships with Russia and China. The latter is the biggest maker of solar panels.

[…]

  • Radiant_sir_radiant@beehaw.org
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    5 days ago

    In principle it makes sense to give various electrical things in your house a way to talk to each other. For example we have a PV system with a small battery, a boiler connected to the central oil heating with a supplemental electrical heating coil and a wallbox. Before any excess sun is pushed back into the grid, our house will first charge the battery, heat our water (saving oil) and ask the car if it would like to be topped up. Additionally there are several smart power meters to keep an eye on the grid and various parts of the house. In theory we could also tell our washing machine to prefer homemade electricity, though when we want our laundry done we want it done now, so that’s not going to happen.

    These are all systems from different manufacturers and need a LAN connection to talk to each other, and in some cases get other parts to do certain things in order for the system to work.
    In our case that network segment is isolated from the internet, though that requires some above-average skills and dedication. Most PV owners just want a nice app with lots of shiny diagrams and can’t be arsed to set up their own IT infrastructure. Most manufacturers want the dumbest possible devices connected to a cloud solution because a) it moves most things that could break (buggy software) from the customer’s premises to them (never mind what happens if/when their cloud breaks), b) it makes it very easy for their app to access all data, c) it gives them a copy of the data, and d) it lets them sell you subscriptions.

    So in a nutshell, it’s the same problem as everywhere a computer is involved - until after something really bad has happened, security is just that annoying thing that doesn’t add any value but makes things more expensive and more complicated for everyone involved.