ESMC Warns of Cybersecurity Risks in Europe’s Solar Infrastructure Due to Chinese Inverters
solarquarter.com
The European Solar Manufacturing Council (ESMC) urges immediate EU action to address cybersecurity threats posed by Chinese-made PV inverters. With over 200 GW of Europe's solar capacity under foreign control, the ESMC calls for an “Inverter Security Toolbox” to safeguard energy sovereignty and prevent potential grid disruptions and cascading blackouts.

Archived

Here is the original study: Restrict Remote Access of PV Inverters from High-Risk Vendors

The European Solar Manufacturing Council (ESMC) has issued a stark warning, highlighting a critical threat to Europe’s energy autonomy stemming from the unregulated remote access capabilities of PV inverters produced by non-European, high-risk manufacturers—particularly those from China. A recent study by DNV substantiates these concerns.

As solar power becomes increasingly integral to Europe’s clean energy goals and energy security, a major vulnerability looms: software-enabled remote access to PV inverters—the essential control units of solar power systems.

[…]

The threat is real, not hypothetical. Internet connectivity is essential for modern inverters to perform grid support functions and participate in power markets. However, this connectivity also enables remote software updates, allowing manufacturers to potentially modify device performance from afar. This poses serious cybersecurity risks, including the danger of intentional disruption or large-scale shutdowns. A recent DNV report, commissioned by SolarPower Europe, highlights the credible risk of cascading blackouts due to coordinated or malicious manipulation of inverters.

  • futatorius@lemm.eeBanned from communityEnglish
    1·
    22 hours ago

    The CLOUD Act is to allow data stored outside the US by US-based cloud providers to be accessed by selected foreign countries that have issued subpoenas and have requested US government assistance. It’s not a backdoor per se, and anyone with any sense encrypts their data before uploading it to the cloud instead of relying on cloud provider encryption services. Even if the US government weren’t snooping, there’s the risk that a cloud provider could be compromised by other hostile actors. Though it’s not all that wise to assume that cloud providers’ encryption services don’t have backdoors, unless that’s been confirmed by an impartial third-party audit. I know of no such audits.

    The PATRIOT Act is a human-rights nightmare for many reasons, but doesn’t grant the US government anti-privacy powers that the CLOUD Act doesn’t. It’s just more vaguely worded.

    And if you really want some worse Kafkaeque misery, FISA warrants will give you plenty if your or your firm’s name is on one.

    • !Europe Mod Team@feddit.orgMEnglish
      1·
      5 hours ago

      The CLOUD Act and Patriot Act contradicting GDPR is the reason why the EU needed the various Privacy Shields to give some legal basis for declaring data transfers to the US legal.

      And no, most people don’t encrypt their data before uploading to US cloud providers. That’s the issue.

      /f