Monday, August 25, 2025
  • Privacy Policy
  • Contact
  • Terms & Conditions
Environmental Magazine
Advertisement
  • Home
  • News
  • Climate Change
  • Energy
  • Recycling
  • Air
  • Fossil Fuels
  • Water
No Result
View All Result
Environmental Magazine
  • Home
  • News
  • Climate Change
  • Energy
  • Recycling
  • Air
  • Fossil Fuels
  • Water
No Result
View All Result
Environmental Magazine
No Result
View All Result
Home News

Cybersecurity risk with solar power systems could have large-scale ramifications, explains new study

March 31, 2025
in News
A A

Cybersecurity vulnerabilities in solar power systems pose potential risks to grid security, stability and availability, according to a new study

The SUN:DOWN research – conducted by Forescout Research, a specialist in cybersecurity – investigated different implementations of solar power generation. “Our findings show an insecure ecosystem — with dangerous energy and national security implications,” says the group’s blog, which seems to reserve these more concerning ramifications for the impact of a coordinated attack against large numbers of systems.

The report reviews known issues and presents new vulnerabilities with systems offered by three leading solar power system manufacturers: Sungrow, Growatt, and SMA. It presents seemingly realistic power-grid-attack scenarios with the potential to cause emergencies or blackouts. It also advises on risk mitigation for owners of smart inverters, utilities, device manufacturers, and regulators.

Forescout Research summarises its main findings as follows:

  • We cataloged 93 previous vulnerabilities on solar power and analyzed trends:
    Due to growing concerns over the dominance of foreign-made solar power components, we analyzed their common countries of origin:
    • There’s an average of over 10 new vulnerabilities disclosed per year in the past three years
    • 80% of those have a high or critical severity
    • 32% have a CVSS score of 9.8 or 10 which generally means an attacker can take full control of an affected system
    • The most affected components are solar monitors (38%) and cloud backends (25%). Relatively few vulnerabilities (15%) affect solar inverters directly
  • New vulnerabilities:
    • 53% of solar inverter manufacturers are based in China
    • 58% of storage system and 20% of the monitoring system manufacturers are in China
    • The second and third most common countries of origin for components are India and the US
  • New vulnerabilities:
    • We analyzed six of the top 10 vendors of solar power systems worldwide: Huawei, Sungrow, Ginlong Solis, Growatt, GoodWe, and SMA
    • We found 46 new vulnerabilities affecting different components in three vendors: Sungrow, Growatt and SMA.
    • These vulnerabilities enable scenarios that impact grid stability and user privacy
    • Some vulnerabilities also allow attackers to hijack other smart devices in users’ homes

While the new vulnerabilities have now been rectified by the vendors in question, Forescout said they could allow attackers to take full control of a fleet of solar power inverters via a couple of scenarios. For example, by obtaining account usernames, resetting passwords to hijack the respective accounts, and using the hijacked accounts.

Attackers can then interfere with power output settings, or switch them on and off at the behest of a botnet. “The combined effect of the hijacked inverters produces a large effect on power generation in a grid,” says the blog. “The impact of this effect depends on that grid’s emergency generation capacity and how fast that can be activated.”

The report discusses the example of the European grid. Previous research showed that control over 4.5GW would be required to bring the frequency down to 49Hz — which mandates load shedding. Since current solar capacity in Europe is around 270GW, it would require attackers to control less than 2% of inverters in a market that is dominated by Huawei, Sungrow, and SMA.

The group provides a number of recommendations. For example, to treat PV inverters in residential, commercial, and industrial installations as critical infrastructure. This would mean  following NIST guidelines for cybersecurity with components like smart inverters in residential and commercial installations

Owners of commercial and industrial solar installations should consider security during procurement, and conduct a risk assessment when setting up devices. Other recommendations are outlined in the blog and full report.

ShareTweetSharePinSendShare

Related Articles

News

UK plans for geological disposal of nuclear waste declared “unachievable” by Treasury

August 20, 2025
News

Plastics pollution talks conclude in deadlock again, but progress is still possible

August 19, 2025
News

Spending Review 2025: A catalyst for sustainable, integrated infrastructure?

August 18, 2025
News

London’s ‘Wet Wipe Island’ is the first such mass to be removed by mechanical means

August 13, 2025
News

AI-driven continuous water monitoring system to be adopted by Yorkshire Water

August 13, 2025
News

Environmental health trade group calls for extra resources to help tackle issue of empty homes

August 11, 2025

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Energy Developers Want Reforms to Virginia’s Process for Connecting Renewables to the Grid, Hoping to Control Costs 

May 7, 2024

Scotland not yet climate ready, Climate Change Committee says

March 26, 2022

Don't miss it

Activism

The Woman Holding Chinese Mining Giants Accountable

August 24, 2025
Fossil Fuels

Great Lakes Microplastics Research Could Inform National and Global Policy

August 23, 2025
Activism

Citing Environmental Concerns, Judge Orders Alligator Alcatraz to Wind Down Operations

August 22, 2025
Fossil Fuels

There’s a ‘Lake’ of Oil Under LA’s Soon-to-Close Refinery. Who’s Going to Clean It Up?

August 22, 2025
Activism

Colombia’s President Called Out an Alabama Company’s Coal Exports to Israel. Now Alabamians Are Protesting

August 22, 2025
Fossil Fuels

Pennsylvania Lured Shell to the State With a $1.65 Billion Tax Break. Now the Company Wants to Sell Its Plant

August 22, 2025
Environmental Magazine

Environmental Magazine, Latest News, Opinions, Analysis Environmental Magazine. Follow us for more news about Enviroment and climate change from all around the world.

Learn more

Sections

  • Activism
  • Air
  • Climate Change
  • Energy
  • Fossil Fuels
  • News
  • Uncategorized
  • Water

Topics

Activism Air Climate Change Energy Fossil Fuels News Uncategorized Water

Recent News

The Woman Holding Chinese Mining Giants Accountable

August 24, 2025

Great Lakes Microplastics Research Could Inform National and Global Policy

August 23, 2025

© 2023 Environmental Magazine. All rights reserved.

No Result
View All Result
  • Home
  • News
  • Climate Change
  • Energy
  • Recycling
  • Air
  • Fossil Fuels
  • Water

© 2023 Environmental Magazine. All rights reserved.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.