All it takes is one hacker and a batch of faulty solar panels to threaten the safety of Europe’s electric grid.

Vangelis Stykas, a cybersecurity consultant, said he figured out how to do it. Using a laptop and smartphone at his home in Thessaloniki, Greece, Stykas bypassed firewalls in panels around the world and gained access to more power than runs through Germany’s entire system.

The “white-hat hacker,” who tests software so companies can fix flaws, said he got far enough inside the controls that he could have turned the devices off, dramatically tipping the supply-demand balance for the power network. Such a drastic fluctuation could stress a grid to the point where it shuts down as a fail-safe, he said.

The exponential growth of rooftop solar systems means millions more connection points to the grid, creating a massive vulnerability that hackers could exploit. The most serious impact may be cascading grid failures across the continent. That risk is a growing concern for utilities and governments dealing with more cyberattacks every year.

[…]

The average number of weekly cyberattacks on utilities worldwide doubled within two years to about 1,100, and they’re occurring more frequently as digitalization takes hold, the International Energy Agency said. The European Union suffered more than 200 reported cyberattacks on energy infrastructure last year, and that number has “largely increased in recent years.”

[…]

“There’s some naivete about the risk,” Harry Krejsa, director of studies at the Carnegie Mellon Institute for Strategy & Technology in Pittsburgh, told the Columbia Energy Exchange podcast last week. “It should be more of a concern than is widely perceived today.”

[…]

The threat is serious enough that NATO ran a security drill in Sweden to find and fix vulnerabilities in solar, wind and hydroelectric systems.

The military alliance says it’s the world’s first such exercise, and the scenario comes amid wars in Ukraine and the Middle East, and the West’s fracturing relationships with Russia and China. The latter is the biggest maker of solar panels.

[…]

  • Emily (she/her)
    link
    fedilink
    arrow-up
    6
    ·
    6 days ago

    I briefly worked for a company who worked on household power technology. Their product would attempt to predict energy prices, weather patterns, and usage to sell your excess energy at peak prices. Like discussed in the article, this company collected usage data and controlled the sale of energy back to the grid centrally. They did this because it meant they could better train their prediction models and run them on more powerful hardware. The controllers would have needed internet connectivity anyway to query energy prices, and putting the prediction on device would have just made them more expensive and worse. Even when I worked there (back in 2015 I think), they were already very aware of the threat vectors discussed by this article and took some measures to prevent it.

    In my opinion they were (/are, still exist) a responsible company run by competent people. They did not collect the data out of “greed”, and I strongly suspect that the people in these comments implying that the data is collected to be sold have never actually worked in the industry and have very little idea of the specific value of energy usage data. I can’t really speak authoritatively for other companies, but I would guess that, like the one I worked for, their products are internet connected simply because it improves the product. For example, people expect things to be controllable or viewable from an app from anywhere, and that requires internet connectivity.