[German]An unpleasant but by no means new realization. Some countries are "proud" of the installed capacity of solar collectors. But a Greek white hat hacker has shown how he could hack into numerous European solar systems using a laptop and the internet and simply switch them off
Advertising
Some time ago, I came across the following tweet on the topic, which Bloomberg presented in the article Hacking Rooftop Solar Is a Way to Break Europe's Power Grid.
Security specialist Vangelis Stykas only needed a laptop and a smartphone to access solar installations in Europe from his home in Thessaloniki, Greece. To do this, he bypassed the firewalls that are supposed to protect solar installations worldwide from access.
Vangelis Stykas claims to have had access to the entire German network of solar installations. The white-hat hacker, who tests software for companies, told Bloomberg that he had penetrated the control system of the solar plants to such an extent that he could have switched off the inverters.
Such a shutdown could cause the power grid to become unstable, meaning that it would have to be shut down for safety reasons due to the loads that occur. This could result in cascading grid failures throughout Europe. The above demonstrates the growing risks for utilities and governments, which are facing more cyberattacks every year.
Advertising
"We are becoming more and more dependent on these devices, but even if they become critical national infrastructure, they are not completely secure," Stykas told Bloomberg. "If these devices can be hacked, the European power grid, which is the foundation of our entire lifestyle, is vulnerable."
There were more than 200 reported cyberattacks on energy infrastructure in the European Union in 2023. A few days ago, Romania's Electrica SA (approx. 4 million customers) was the victim of a cyberattack, although critical power supply systems were not affected, it said.
"There is a certain naivety about risk," Harry Krejsa, head of studies at the Carnegie Mellon Institute for Strategy & Technology in Pittsburgh, attests to the industry and users. Attacks can be driven by greed (ransom payments or market manipulation) via terrorism (keeping nations in the dark), but can also be used in a war (Russian cyberattacks on Ukraine's power supply).
The threat is so serious that NATO conducted its first-ever security exercise in Sweden to find and fix vulnerabilities in solar, wind and hydroelectric plants.
"When we look at the security threats to renewable energy systems, they look very different from what we're used to," Bloomberg quotes Freddy Jonsson Hanberg, head of the NATO sessions, as saying. "There are a variety of ways to attack these systems. They are vulnerable."
The EU's biennial Cyber Europe exercise in June 2024 focused on energy for the first time. Hypotheses included responding to state-led threats against operators of electricity distribution systems and gas storage facilities.
Energy companies have so far managed to secure their critical infrastructure against attackers. But millions of solar installations on private properties and connected to the internet are opening up vulnerabilities that make the energy supply vulnerable to attackers.
Similar articles:
Deye deactivates solar inverters in USA, UK and Pakistan
Advertising
