Report: Solar panels installed in Europe vulnerable to cyber attacks

An ethical hack of solar panels in the Netherlands has revealed their vulnerability to cyber attacks, prompting industry calls for more rigorous safety assessments.

While wind turbines, which are highly networked and equipped with hundreds of sensors, are traditionally considered more vulnerable to outside interference than solar panels, a Dutch citizen may have proved otherwise.

A Dutch white hat hacker could have gained control of millions of smart solar panel systems, reports investigative outlet FollowTheMoney, using a backdoor.

The findings confirm a 2023 report by a Dutch agency which found that converters, essential parts of solar panels that make the electricity suitable for the power grid and which are usually connected to the web, can be “easily hacked, remotely disabled or used for DDoS [Distributed Denial of Service] attacks.” DDoS is one of the most common types of attacks, which basically try to overwhelm a system.

EU industry association SolarPower Europe said the bloc “needs more robust cybersecurity rules for distributed energy sources” in a statement commenting on the hack.

The share of solar power in the European grid has surged from 1% in 2010 to 9% in 2023, and with it the disruptive potential of a cyberattack on solar panels has likewise grown.

“Devices that can be centrally co-ordinated or managed (for example, aggregated rooftop solar installations) must be subject to an EU or nationally authorised layer of monitoring,” stressed Dries Acke, deputy CEO of the lobby group.

report by the EU’s own cybersecurity agency from 24 July found that the union is ill-prepared for a concerted attack on its energy infrastructure, whether by a foreign state or by malicious insiders.

With electricity being so essential, any attack on Europe “attracts considerable pre-positioning activity by advanced threat actors” in the power sector should they aim at “executing a destructive attack” it adds.

 

Share: