Your rooftop solar panels could be at risk from cyberattacks. Here's how we can fortify the tech
ADVERTISEMENT
Solar power experts are warning that tighter controls are needed to stop a cyberattack from devastating the industry.
Energy security
is in the spotlight in Europe, as attacks on energy infrastructure increase. Solar, while less targeted than traditional energy sources, is not immune to malicious actors.
To avoid a dangerous and disruptive event as the continent transitions to a smart system based on renewables, SolarPower Europe has published a report highlighting 'clear remedies' to the potential threat.
'Like any technological revolution, digitalisation presents incredible opportunity, for example, energy system cost savings of €160 billion per year,' says Walburga Hemetsberger, CEO of the association which represents hundreds of solar organisations across Europe.
Related
Fact check: Did wind and solar really cause Portugal and Spain's mass blackout?
'It also comes with new challenges, like cybersecurity. We didn't need anti-virus protection for a typewriter - but we do need it for our laptops. As a responsible, forward-looking sector, we have mapped the cybersecurity challenge, and we're rising to meet it with clear, comprehensive solutions.'
The report, written by risk management organisation DNV, comes in the wake of a
mass power outage
in Spain and Portugal, which some commentators were quick to blame on a cyberattack.
While Spanish power company Red Eléctrica and the Portuguese government have now ruled out this possibility, the blackout still emphasises the need for a secure power grid.
Are solar systems prone to cyberattacks?
Europe's move away from an energy system dependent on a few high-impact targets to a more decentralised system offers clear energy security benefits, the report states.
Ukraine
has learnt this in a particularly brutal way, following repeated cyberattacks on its power grid by Russia.
But to realise these benefits, cybersecurity laws, which focus on old, centralised infrastructure, need to be updated, the experts say. New legislation must address the specific security needs of distributed energy sources, like smaller rooftop solar installations.
Though on a much smaller scale than the strikes on other parts of the energy sector,
the solar sector has faced attacks
and interference, too.
In 2023, a group of Romanian solar customers modified mandatory inverter settings - which convert DC electricity generated by panels into the AC electricity used by homes - to disable the voltage-active power function.
This function is required by the grid operators to reduce active power at high grid voltage, in order to keep the power system running efficiently and safely.
Modifying this grid support function enabled the customers to make more money by not limiting their solar systems during high-voltage events, potentially jeopardising grid integrity as a result.
In a more pernicious incident, pro-Russian hacktivist group Just Evil stole credentials for 22 client sites in Lithuania and posted them on the Dark Web last year. This opened up access to the management portal of these solar sites, although access was not used to carry out further attacks on that occasion.
Analysing risk, the report found that these large utility-scale solar installations are more secure, since they are often managed by experienced utilities and covered by the EU's
Network and Information Security (NIS2) Directive
.
ADVERTISEMENT
Small-scale solar systems, meanwhile, which are often rooftop installations on people's homes or businesses, lack strict cyber rules. They are connected to the clouds of manufacturers, installers, or service providers.
And while the impact of compromising a single installation is low, when grouped together for power system efficiency, they become virtual power plants of significant scale.
Related
Solar balconies are booming in Germany. Here's what you need to know about the popular home tech
World surpasses 40% clean electricity with Europe leading as a 'solar superpower'
How can solar systems be protected from cyberattacks?
The experts propose two overarching solutions to toughen the solar sector's defences.
Number one, they say, existing laws on cybersecurity must be made specific enough to cater to the needs of the
solar sector
.
ADVERTISEMENT
Secondly, new rules should be formulated that keep the control of solar systems via inverters within the EU or jurisdictions that can provide an equivalent level of security.
This is relevant, as the analysis shows that over a dozen Western and non-Western manufacturers control significantly more than 3GW of installed capacity. And a targeted compromise of 3GW generation capacity could have serious implications for Europe's power grid.
The report recommends an approach similar to
GDPR rules
, where control of aggregated distributed devices, like small-scale rooftop solar systems, should only take place in regions judged equivalent in security to the EU.
High-risk entities would then be required to develop cyber solutions, which would be monitored and approved by the competent authorities.
ADVERTISEMENT
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Euronews
8 hours ago
- Euronews
Musk threatens to decommission SpaceX's Dragon capsule in Trump feud
SpaceX founder Elon Musk has threatened to decommission a key space capsule used to take supplies to the International Space Station as part of his ignited feud with US President Donald Trump. Musk started the conflict by calling Trump's "Big Bold Beautiful Bill," a budget reconciliation bill, a "digusting abomination" on his social media platform X. The post ignited a series of back-and-forth blows between Trump and Musk over social media. Trump then threatened to cancel government contracts given to Musk's SpaceX and Starlink internet services, which Musk then responded to by saying he would decommission the Dragon spacecraft immediately. Musk later said he wouldn't decommission the craft in response to an account called Alaska (with no apparently relation to the US State) that called the back and forth a "shame" and asked Musk to "step back for a few days," to "cool off." The Dragon capsule, developed with the help of government contracts, is an important part of keeping the International Space Station (ISS) running. The US' space agency NASA also relies heavily on SpaceX for other programmes including launching science missions and, later this decade, returning astronauts to the surface of the Moon. SpaceX is the only US company capable right now of transporting crews to and from the space station, using its four-person Dragon capsules. Boeing's Starliner capsule has flown astronauts only once; last year's test flight went so badly that the two NASA astronauts had to hitch a ride back to Earth via SpaceX in March, more than nine months after launching last June. SpaceX also uses a Dragon capsule for its own privately run missions. The next one of those is due to fly next week on a trip chartered by Axiom Space, a Houston company. The company has used its rockets to launch several science missions for NASA as well as military equipment. Last year, SpaceX also won a NASA contract to help bring the space station out of orbit when it is no longer usable. SpaceX's Starship mega rocket is what NASA has picked to get astronauts from lunar orbit to the surface of the moon for the first two landing missions. Russia's Soyuz capsules are the only other means of getting crews to the space station right now. The Soyuz capsules hold three people at a time. For now, each Soyuz launch carries two Russians and one NASA astronaut, and each SpaceX launch has one Russian on board under a barter system. That way, in an emergency requiring a capsule to return, there is always someone from the US and Russia on board. With its first crew launch for NASA in 2020 — the first orbital flight of a crew by a private company - SpaceX enabled NASA to reduce its reliance on Russia for crew transport. The Russian flights had been costing the US tens of millions of dollars per seat, for years. NASA has also used Russian spacecraft for cargo, along with US contractor Northrup Grumman. The EU published a digital strategy on Thursday to diversify and expand digital alliances with "like-minded partners" such as Japan, South Korea, Canada and India, but no mention was made of the US. This year, digital trade agreements with Singapore and South Korea were signed to facilitate data flows - despite critics warning it could pave the way for threats to personal data. The bloc also plans to structure its growing diplomatic network through the creation of a Digital Partnership Network, aimed at connecting these relationships in a more strategic and coordinated way. But while the strategy highlights a wide array of partners, the absence of references to further meeting under the EU-US Trade and Technology Council (TTC) with the United States was notable. This forum of discussion between the two blocs on trade and technology was created in 2020 to de-escalate tensions during US President Donald Trump's first mandate. Quizzed by Euronews on the future of the TTC, Tech Commissioner Henna Virkkunen replied that trade negotiations were currently the priority - without elaborating. While the EU's other big tech competitor, China, is also absent from the strategy – Virkkunen said that digital cooperation will be discussed during the July 2025 EU-China summit. In its immediate neighbourhood, the bloc is prioritising integration with the EU Digital Single Market notably for Ukraine, Moldova and the Western Balkans – to assist integration into the EU. These countries will benefit from support to align with EU rules on areas such as digital identity, secure infrastructure and regulatory frameworks, paving the way for potential mutual recognition of digital services. In Africa, Asia and Latin America, the strategy builds on the Global Gateway initiative, the EU's strategic response to China's Belt and Road adopted in 2021. Through this framework, the EU is co-financing the deployment of secure submarine cables, AI factories, and digital public infrastructure, while, according to Commissioner Virkkunen, promoting European tech standards and regulatory models abroad. The Commission said that they will move forward with the implementation of new digital partnerships, including preparations for agreements with countries in the Southern Neighbourhood and sub-Saharan Africa. A dedicated Tech Business Offer, a mix of private and public EU investment, will be rolled out to support digital projects in partner countries. A first meeting of the new Digital Partnership Network is also planned, involving representatives from the EU and its partner countries. Meanwhile, joint research programmes are set to be launched with Japan, Canada and South Korea, notably in quantum technologies and semiconductors.
France 24
9 hours ago
- France 24
Russia cuts interest rates from two-decade high as economy slows
Russia's economy has been marked by volatility since it launched its full-scale military offensive on Ukraine in 2022, with growth now slowing after a period of what officials called "overheating". The Kremlin has massively ramped up military spending to support the campaign, pouring funds into weapons production and the army -- outlays which have helped secure strong growth despite a barrage of Western sanctions. "The Russian economy is gradually returning to a balanced growth path," the bank said in a statement, acknowledging the slowdown. Inflation is still running above 10 percent, though it noted that price "pressures" were "continuing to decline." The bank had come under increasing political pressure this year to cut interest rates, which businesses said was throttling the economy and killing investment. Friday's decision was the first time the central bank has moved to cut rates since September 2022. It warned that despite the one percentage-point cut, "monetary policy will remain tight for a long period."
Local France
12 hours ago
- Local France
TotalEnergies in landmark greenwashing trial in France
It is the first such case in France targeting a major energy company and one that could set a legal precedent for corporate environmental advertising, which is starting to face tighter regulations in the European Union. The civil case stems from a March 2022 lawsuit by three environmental groups accusing TotalEnergies of 'misleading commercial practices' for saying it could reach carbon neutrality while continuing oil and gas production. The plaintiffs took that legal route because 'greenwashing', or the act of claiming to be more environmentally responsible than in reality, is not specifically covered under French law. Starting in May 2021, TotalEnergies advertised its goal of 'carbon neutrality by 2050' and touted gas as 'the fossil fuel with the lowest greenhouse gas emissions'. At the time, the company had changed its name from Total to TotalEnergies to emphasise its investments in wind turbines and solar panels for electricity production. The plaintiffs allege that TotalEnergies made around 40 'false advertisements' in their lawsuit. 'For the average consumer, it is impossible to understand that TotalEnergies is actually expanding fossil fuel production,' said Clementine Baldon, a lawyer for the NGOs. The company's strategy 'will not help the energy transition', Baldon told the court. 'It delays it, even prevents it, and it contributes to putting the objectives of the Paris accord at risk,' she added, referring to the international agreement aimed at curbing climate change. TotalEnergies maintains it has not engaged in misleading commercial practices. 'Greenwashing would be to promise that the petrol sold in service stations is carbon neutral,' said the company's lawyer, Francoise Labrousse. TotalEnergies had 'never said its products are good for the climate', she added. Advertisement TotalEnergies also insisted that the messages are part of its institutional communications regulated by financial authorities and not consumer law. It also argued the NGOs are misusing consumer protection rules to challenge its corporate strategy, and that no consumer organisation is party to the case. The NGOs want the Paris court to rule on the legality of ads presenting natural gas as essential to the energy transition. Climate experts say methane leaks from the gas industry have a powerful warming effect on the atmosphere. But TotalEnergies noted Greenpeace Belgium had previously considered natural gas useful for the energy transition and noted the group still uses fossil fuels in its boats. Environmental groups in recent years have turned to the courts to establish case law on companies misleading consumers by appearing more eco-friendly than they are. In Europe, courts ruled against Dutch airline KLM in 2024 and Germany's Lufthansa in March over misleading consumers about their efforts to reduce the environmental impact of flying. In Spain, utility Iberdrola failed to secure a conviction against Spanish oil and gas company Repsol over similar allegations of 'false' environmental claims. A greenwashing case against Australian oil and gas producer Santos, challenging its claim to be a 'clean fuels' company, has been ongoing since 2021. Advertisement Other fossil fuel companies, under pressure from advertising regulators or legal complaints, have had to scrap or correct ad campaigns. Shell, for example, received a warning in the UK and had to stop promoting 'carbon-neutral' gasoline in several countries, including Germany, the Netherlands and Canada. New European laws now ban vague, generic environmental claims, such as 'green' or '100 percent natural' product, and aim to require brands to more strictly substantiate environmental claims on labels and in advertising. TotalEnergies has said it plans to show that its messages 'about its name change, strategy and role in the energy transition are reliable and based on objective, verifiable data'. At the end of the hearing, the judge said a ruling would be given on October 23.
