ESMC Warns of Cybersecurity Risks in Europe’s Solar Infrastructure Due to Chinese Inverters
solarquarter.com
The European Solar Manufacturing Council (ESMC) urges immediate EU action to address cybersecurity threats posed by Chinese-made PV inverters. With over 200 GW of Europe's solar capacity under foreign control, the ESMC calls for an “Inverter Security Toolbox” to safeguard energy sovereignty and prevent potential grid disruptions and cascading blackouts.

Archived

Here is the original study: Restrict Remote Access of PV Inverters from High-Risk Vendors

The European Solar Manufacturing Council (ESMC) has issued a stark warning, highlighting a critical threat to Europe’s energy autonomy stemming from the unregulated remote access capabilities of PV inverters produced by non-European, high-risk manufacturers—particularly those from China. A recent study by DNV substantiates these concerns.

As solar power becomes increasingly integral to Europe’s clean energy goals and energy security, a major vulnerability looms: software-enabled remote access to PV inverters—the essential control units of solar power systems.

[…]

The threat is real, not hypothetical. Internet connectivity is essential for modern inverters to perform grid support functions and participate in power markets. However, this connectivity also enables remote software updates, allowing manufacturers to potentially modify device performance from afar. This poses serious cybersecurity risks, including the danger of intentional disruption or large-scale shutdowns. A recent DNV report, commissioned by SolarPower Europe, highlights the credible risk of cascading blackouts due to coordinated or malicious manipulation of inverters.

  • aminoEnglish
    1·
    2 days ago

    we’re on a European board talking about Chinese attacks on European infrastructure. I’m not aware of US invasion threats to EU countries (which Greenland isn’t a part of).

    I’m aware of the Snowden leaks and the CIA worldwide spying networks. those are valid concerns, however I don’t think the risk to privacy can be compared to the yearly cyber attacks perpetuated by China against the EU. Only one of these will be used in a potential war against us since the US is a NATO ally.

    who cares who the US invaded in the past? I never said they didn’t, you’re bordering on whataboutism.

    • Spectrism@feddit.orgEnglish
      2·
      1 day ago

      I’m not aware of US invasion threats to EU countries

      And I’m not aware of Chinese invasion threats to EU countries, now what? While not a full member, Greenland is an OCT member of the EEA.

      we’re on a European board talking about Chinese attacks on European infrastructure

      I’m aware. But we have many security flaws that don’t just involve China, yet nobody seems to care about. That’s what the meme is criticising. It doesn’t mean we should let China do what it wants, in fact I’m also in favor of eliminating such risks, but it’s only ever “China this, China that”, while ignoring things like e.g. networking infrastructure provided by the US. It’s the one-sided reporting, i.e. red scare, that’s annoying.

      Only one of these will be used in a potential war against us since the US is a NATO ally.

      For how long though? And spying on politicians and high-ranking army officials is most definitely going to be used against us in a potential war. This already happened, despite us being NATO allies. It wasn’t just EU citizens, they fucking spied on Angela Merkel and other EU officials. But yeah, nothing to worry about, they’re our allies after all…

      Keep in mind: “It may be dangerous to be America’s enemy, but to be America’s friend is fatal”

      who cares who the US invaded in the past?

      I do, and you should too, if you don’t blindly trust your “allies”. Accusing us of whataboutism, while you were writing about “Chinese troops in Ukraine” in response to a meme criticising the one sided reporting on security risks… absolutely wild.

    • sudneo@lemm.eeEnglish
      3·
      2 days ago

      The same principle of strategic independence though can and should be applied to everyone, including China and the US. It’s clear that US is not a reliable ally, it was very clear when they shut down F-16s remotely in Ukraine to bully them into submission. Nothing is stopping them from shutting down power grids if these are in their hands to push EU to do whatever is not in its interests.

      It’s not like the risk of invasion is the only criteria to use for deciding to be independent on core technologies.

      • aminoEnglish
        1·
        2 days ago

        i agree, if I had to choose I’d definitely want an economic/cyber war with the US over the much more likely conventional war with China

        • sudneo@lemm.eeEnglish
          2·
          2 days ago

          I think you are greatly underestimating what someone controlling the tech (note: here you don’t need cyber attacks) for critical infrastructure can do. Shut down power and water and the war finishes before it even starts. Let alone communications, payment systems, banking systems, government websites and all the other services that depend on cloud (i.e., mostly US companies).

          The new directive (DORA I think? In get confused with the names) does include for a reason the mandatory exit plan for cloud providers ready.