top of page

National Security: China spies on us even with photovoltaics

Unauthorized communication devices not listed in the product documentation were discovered in some Chinese inverters. Similar devices, including cellular radios, have also been found in Chinese batteries. Only a few days ago, the European Solar Manufacturing Council, the association representing the continent's solar power manufacturers, had sounded the alarm, saying that remote access to Chinese PV inverter software has significant cyber vulnerabilities, including sabotage



U.S. experts disassembling grid-connected equipment to check for safety problems have found unauthorized communication devices, not listed in product documentation, in some Chinese solar inverters.


GettyImages
GettyImages

In addition, undocumented communication devices, including cellular radios, have also been found in batteries from several Chinese suppliers over the past nine months.


The rogue components provide additional, undocumented communication channels that could allow firewalls to be circumvented remotely, with potentially catastrophic consequences.

"We know that China believes there is value in placing at least some elements of our core infrastructure at risk of destruction or disruption," said Mike Rogers, a former director of the U.S. National Security Agency. "I think that the Chinese are, in part, hoping that the widespread use of inverters limits the options that the West has to deal with the security issue."


A spokesperson for the Chinese embassy in Washington said: "We oppose the generalisation of the concept of national security, distorting and smearing China's infrastructure achievements."


The European Council's complaint about solar production

Only a few days ago, the European Solar Manufacturing Council, the association representing the continent's solar power manufacturers, had sounded the alarm, saying that remote access to Chinese PV inverter software has significant cyber vulnerabilities.


In addition to a blanket ban on the import of inverters from China in all European Union (EU) member states, the trade association also called for the immediate adoption of an “Inverter Security Toolbox,” which is a risk monitoring and mitigation system similar to the one created by the EU in the telecommunications sector with 5G cellular network technology.


In his request, the ESMC calls back a relationship on cybersecurity by the consultancy firm DNV, entitled “Solutions for PV Cyber ​​Risks to Grid Stability, which highlights how an attack on just 3 GW of inverter capacity could have "significant implications" for the European electricity grid. This document warns that almost 70% of all photovoltaic inverters installed globally in 2023 will come from Chinese producers.


Previously, in 2023, it was the Dutch Authority for Digital Infrastructure (RDI) that had raised the alarm on the vulnerabilities of solar panel inverters, adding that “none of the nine inverters tested met the standard” of cybersecurity.


Finally, at the beginning of April, researchers from the IT security company Forescout discovery 46 vulnerabilities in solar inverters from three major vendors, among which two of them, Sungrow and Growatt, are based in China.


Lithuanian law

In 2024, Lithuania has approved a rule that limits the possibility for Chinese companies to remotely access the control systems of solar and wind farms and batteries with a power exceeding 100 kW, with the aim of strengthening cybersecurity. This law, which took effect on May 1, 2025, forces operators of new power plants to implement additional safeguards for information management systems and inverters, especially those manufactured by "hostile countries" such as China. While existing Chinese-made equipment will not be banned, operators will need to ensure their systems meet the new safety standards.


The US situation

While no state has enacted an outright ban on Chinese solar and wind farms, there is growing concern at both the federal and state levels about the risks to IT security associated with foreign-made technology in critical infrastructure.


Several states have introduced or approved laws to ban or limit the use of Chinese technology in government agencies, focusing on potential cyberattacks and reliance on equipment from “Countries of Interest.” These bans often target computer systems, drones and other technologies, but the debate is also extending to energy infrastructure.


At the moment, the federal government has limited itself to adopted measures such as banning imports from specific Chinese solar energy companies due to forced labor issues in the Xinjiang region. Although this is not a direct ban on access system, it limits the availability of some Chinese-made components on the U.S. market.

Kommentare


©2020 di extrema ratio. Creato con Wix.com

bottom of page