SolarQuotes has been receiving enquiries about a Reuters story published last week alleging the discovery of undocumented communication devices found in Chinese solar inverters and batteries in the USA. Is it something for Australian home solar owners to be worried about?
It’s been interesting watching this story repeated around the web with increasingly frantic headlines, such as:
“Revealed: China has secretly installed kill switches in solar panels sold to the West – which could see Beijing plunge its enemies into darkness in the event of WW3”.
That’s quite a headline — almost long enough to be a story on its own and an interesting variation on the original, which was:
“Rogue communication devices found in Chinese solar power inverters”
What’s This All About?
The Reuters report claims communication devices not listed in product documents have been found in some Chinese solar inverters and batteries by U.S experts.
“The rogue components provide additional, undocumented communication channels that could allow firewalls to be circumvented remotely, with potentially catastrophic consequences, the two people said,” states the report.
In such a scenario, solar inverters could potentially be switched off remotely or have their settings changed. It’s not a major threat if this happens to a small number of units, but electricity grids are finely tuned beasts and such an action en masse could destabilise power grids, cause damage to energy infrastructure, and trigger widespread blackouts.
But there’s some really important information missing from the report:
- Who these “experts” that allegedly found the devices are.
- How many inverters/batteries were found to have these alleged rogue communication devices.
- Whether this was gear only associated with utility-scale applications.
- The manufacturers involved.
The U.S. government hasn’t publicly acknowledged the alleged discoveries. So, there’s nothing concrete on this, the sources are anonymous, and the claims vague.
This doesn’t mean it hasn’t happened, but there’s also a bigger picture. Let’s say these allegations came from government sources. There are all sorts of reasons why US energy officials might be casting aspersions around Chinese tech (and renewables in particular) right now aside from the ongoing adversarial nature of the relationship between the two countries.
It’s no secret US President Donald Trump, who has an interesting take on truth generally, wants more fossil fuels and more local manufacturing. He’ll do whatever it takes to make that happen regardless of the fallout or who is impacted along the way.
In terms of manufacturing, it’s not only foreign companies he’s targeting, but local firms manufacturing overseas too — and not necessarily just in China. An example of the latter is a recent conversation he had with Apple CEO Tim Cook.
“I had a little problem with Tim Cook yesterday,” Trump said. “I said to him, ‘my friend, I treated you very good. You’re coming here with $500 billion, but now I hear you’re building all over India.’ I don’t want you building in India.”
Nice little company you’ve got there Tim, be a real shame if something happened to it.
Home Solar Security
The Reuters report is somewhat of a nothing-burger as it currently stands; but something good to come from it is Australian solar power system owners getting interested in/concerned about (or unfortunately, panicky in some cases) cybersecurity related issues.
Here are a couple of related articles from the SolarQuotes blog worth taking a look at:
- Is “Not-Made-In-China” A Safer Bet For Your Solar Battery?
- How To Protect Your Solar Inverter From Hackers (quite old, but still relevant)
While state-sponsored bad actors and companies kowtowing to governments are a genuine risk to solar security, non-government backed criminal organisations and the bored kids down the road who have a bit of tech nous are a threat as well. It’s not only “rogue communications devices” of concern, but just plain old security flaws resulting from human error; and systems not being patched with the fixes — that’s not confined to solar gear from China.
Is your internet-connected inverter’s/battery’s firmware up-to-date? It’s worth checking your device’s interface, or with your installer as they often have access as well for troubleshooting purposes.
About Michael Bloch
RSS - Posts
If you have (or know someone with) some networking skills it’s also worth segmenting IoT style devices – like inverters – from your personal devices. These IoT devices are less likely to see regular updates and often emphasise functionality/compliance over security. One way is to create a VLAN (Virtual LAN) for the IoT devices that has a route to the internet but not to your personal network. This isn’t difficult and a lot of prosumer stuff supports this functionality, but it isn’t plug it in, change the default password and walk away level configuration. Since a lot of stuff is monitored/managed via The Cloud these days not having a direct route to the IoT network isn’t a big deal, and you can always temporarily connect a device to that network for configuration/troubleshooting. We’re not talking national security secrets here so temporary connections to less secure networks are OK.
The thing with all of that, is that some inverter manufacturers provide the data required for interfacing, and some do not, and, it depends on the inverter brand’s communication protocol used, etc. Some open source software exists, for dealing with PV inverters – https://github.com/BorisBrock/Sunalyzer, https://github.com/dj-nitehawk/Hybrid-Inverter-Monitor, are just a couple that are available.
The issue of security, is still significant, when people have non-proprietary software interacting with appliances such as PV inverters, etc. If the computer that is communicating directly with the appliance, is breached or infected, then, the appliance is stuffed, and, the problem becomes viral.
The man who services our air con told me that, years ago, technicians stopped using their own controller switches, and, require the householders’ own controller switches, as a householder had interfaced directly with their a/c and infected it, and a technician’s controller switch then spread it.
This has always been one of my underlying concerns, i thing this article only plays down that typically the Chinese have been known to do this kind of thing for years, we are going to have 3-4 billion dollars worth of subsidies batteries over the next few years and i would say a good majority of its going to come from China, i wish Australia hadn’t killed its manufacturing industry it would be great to see those dollars stay in aus rather than go offshore. ow well time will tell.
With all of the cellphones, radios, television sets, computers, and torches, made in China, first they remotely disable those, so no-one can communicate and find what is happening. Then, they remotely disable all of the white goods – all the white goods are now made China, so that no-one can wash their clothes or cook food, or keep things cold, leading to the only thing likely to cause Australians to take any action over any issue – no cold beer.
The whole thing about the Chinese turning this off and that off, and stopping things from working as we think they should, sounds like the famous song “Tennessee Bird Walk” (https://www.youtube.com/watch?v=yzNavzvHZYY).
So, what is going to happen, with the infamous Chernobyl submarines, that are going to cost 300,000,000,000AUD plus blowouts at 200% per year – with the Tesla badge on the front and the Made In China sticker on the bottom?
Will it be Trump or the Chinese emperor, both enemies of Australia, that remotely detonates them?
Not mentioned in this article, but noted in the Reuters piece, is that other nations including Lithuania and Estonia recognise the threat to energy security. Lithuania passed a law in November “blocking remote Chinese access to solar, wind and battery installations above 100 kilowatts – by default restricting the use of Chinese inverters.”
Presumably the 100 kW cap on Chinese solar, and batteries means they’re still lawful for home installations, just not commercial scale. Yet again it seems like Australia is going crosswise with the rest of the advanced world.
There are 31 nations currently using nuclear, and 3 more in the process of building their first nuclear plants. Belgium was intending to close their 40 year old nuclear power plants but has now reversed that decision for at least a decade. And Denmark, previously heavily reliant on its own gas production, now reliant on wind for the majority of power, has voted to investigate nuclear power for energy security.