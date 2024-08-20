Here’s a hypothetical situation. You decide to build your own steam generator plant and connect it to the electric grid. No matter where you live, you’d probably have to meet a ton of requirements from whoever controls your electric power, almost surely backed by your government. Yet, according to a recent post by [Bert], a version of this is going on in Europe and, probably, in many more places: unregulated solar power inverters driving the grid.
If you have just a few solar panels hanging around, that probably isn’t a problem. But there are a sizeable number of panels feeding power — and that number seems to grow daily — having control of the inverters could potentially allow you to limit the grid’s capacity or — if the inverters allowed it — possibly take the grid down by feeding power incorrectly back into the grid.
According to [Burt], a small number of companies control most of the inverters in his country — the Netherlands — and there is virtually no regulation about how they operate. While we don’t think he’s suggesting they would act maliciously, you don’t have to search the news very much to find cases where companies have been hacked or made a mistake that caused major impacts to important systems.
Apparently, inverters in the Netherlands do have to meet certain technical standards, but the post since that’s widely unenforced. But the real point is that the companies managing the switches are not regulated or managed. [Burt] thinks that EU-wide legislation is needed to forestall some future disaster.
You might think this isn’t a realistic scenario, but you just have to think about Crowdstrike to realize it could happen. Or other major network outages. We aren’t usually fans of more regulation, but [Burt] makes some interesting points. What do you think?
10 thoughts on “Does Solar Energy Make Us Vulnerable?”
Thanks for the heads-up.
I’ve put some PV on my roof, with an inverter. Of course, I’ve yet refused to install any app. It seems to be quietly doing its job without any connectivity (unless it has hacked some neighbour’s wifi’s password). Now the quest begins to find out whether it can be reverse-engineered.
I think regulators should force those companies to agree on standardized, open protocols. Otherwise, the temptation to sell the data to some broker is just… too high.
The problem is ‘convenience’. As soon as any control from the outside is active your system is vulnerable. That’s why my home is ‘unsmart’ (this needs a better word).
There is monitoring and alerts in place but one has to walk up to the physical appliance to make changes to it’s behaviour.
I call that “resilient”.
The best thing politicians do is doing nothing.
Laws and regulations are not for the better, and usually the only real result from it is more cost.
That said, the solution lies in the motivation to more companies fill that market, augmenting the options and making it hard to do big hits, but the government tend to create big solid blocks with it’s partners, creating the problem to later on try to solve with laws.
The difference is that solar PV is expected to misbehave in a massive way anyways. Hundreds and thousands of Megawatts can fade in or out in a matter of minutes, repeatedly, with clouds and sunset/sunrise. The grid-tie inverters have no “inertia”, so they don’t contribute to the frequency stability of the grid at all, and they can switch off in milliseconds en-mass for any disturbance. The regulators just subsidized everyone to put solar PV on the grid, with priority access over everything else by law, and told the power utilities to deal with it.
The end result was power quality issues, the “duck curve”, high ramping costs and indeed a growing risk of cascade failure type of situations – but that’s just the new normal. With this sort of setup, any malicious actor can only do as much harm as it’s already doing to the grids.
It’s not entirely correct to say that the solar inverters are unregulated – they’re positively regulated. There’s rules in place that power utilities have to accept the connection and the power.
Otherwise they would have placed their own regulations and set their own prices to limit the installation of solar PV to a more manageable level.
Yeah having you control your home installation through a connection to the manufacturer rather than restricting the whole thing to LAN access by default is definitely a disaster waiting to happen. Frustrating, because this seems like exactly the sort of problem that regulators are terrible at understanding, let alone fixing.
[Bert] Hubert becomes [Burt] in the article, can you please fix that?
Grid coupled solar is a disaster. A home should either be self sufficient or dependent on the grid (with optional auxiliary backup power). Delivering back to the grid at some time and taking at other times puts unnecessary strain on the grid and requires communication. Communication with the grid has safety and privacy implications. Hackers can see who is home by monitoring power consumption and sell that data to thieves who break into homes when the owners are away. Hackers could potentially cause power outages or even fires if they exploit bugs in inverter firmware. It’s not a matter of if, but when.
