The Security Risks of Internet-Exposed Solar Power Systems
www.forescout.com
Forescout’s Vedere Labs follows up on its solar power grid research to discuss the risks of internet-exposed administrative interfaces in inverters.

Archived

Security firm Forescout identified almost 35,000 solar power devices from 42 vendors with exposed management interfaces. These devices include inverters, data loggers, monitors, gateways and other communication equipment.

Key Findings

  • Despite being a rapidly growing renewable energy source, there are security issues with remote inverter management, via cloud applications or direct access to management interfaces within inverters.
  • Internet-exposed solar power devices are much more popular in Europe and Asia than in other regions. Europe accounts for 76% of exposed devices, followed by 17% in Asia and the remaining 8% in the rest of the world. Germany and Greece each account for 20% of the total devices worldwide, followed by Japan and Portugal with 9% each then Italy with 6%.
  • Four of the top 10 vendors with exposed devices are headquartered in Germany, two in China and one each in Austria, Japan, US and Italy. This distribution also does not match the top 10 vendors worldwide by market share, since 9 of those are Chinese.

Mitigation Recommendations

  • Do not expose inverter management interfaces to the internet.
  • Patch devices as soon as possible and consider retiring those that for some reason cannot be patched.
  • If a device needs to be managed remotely, consider placing it behind a VPN and following CISA’s guidelines for remote access.
  • Follow the NIST guidelines for the cybersecurity of smart inverters in residential and commercial installations.
  • WhatAmLemmy@lemmy.worldEnglish
    14·
    1 day ago

    Patch devices as soon as possible and consider retiring those that for some reason cannot be patched.

    Require all device firmware to be open source, and require all other software to be open sourced the moment it stops receiving sufficient support.

    • Hotznplotzn@lemmy.sdf.orgOPEnglish
      6·
      1 day ago

      Yes, and produce more of this stuff in Europe. And do not expose inverter management interfaces to the internet.

    • varyingExpertise@feddit.orgEnglish
      3·
      1 day ago

      …and require electricians to not think of themselves as IT experts that should have any say in configuring anything beyond maybe actual modbus on two wires.

  • germanichwurst@feddit.orgEnglish
    13·
    21 hours ago

    There is no Europe. Just Asia. If a chain of moutain could separate continent then Germany and Italy aren’t on the same one