These ethical hackers could easily disable millions of solar panels: “Then you’d have a national blackout.”

As the energy transition takes hold, more and more solar panels are being installed on our rooftops. But how easy is it to hack these devices? Quite simple, explain ethical hackers. “We were able to take full control of these devices.”

Solar panels are becoming an increasing part of our energy supply. That’s good for the climate, but how well are these new energy sources protected against cyber attacks from abroad? It’s inconceivable that countries like Russia would try to attack the power grid through our solar panels.

the pirate

Together with Wietse Boonstra and Frank Breedijk from the Dutch Vulnerability Research Institute (DIVD), we put it to the test. DIVD is made up of so-called “ethical hackers” who look for weaknesses in the cybersecurity of our energy grid. And they find plenty. “When we look for solar panels, charging stations or other smart devices, we almost always manage to certify them,” says Breedijk.

Wietse and Frank demonstrate how easy it is to hack, take over, and even shut down the device from the outside. “The solar panels run through an inverter controlled by a box. It’s a smart unit, so it can be hacked. We replaced the panel itself with a light bulb for this demonstration.”

Which led to the cessation of millions of families

She designed a special program to access the solar panels' operating system. “We created a script that would allow us to access the inverter. The solar panels would then be turned off within a few seconds.”

And indeed: after a few seconds, the light goes out and the “solar panel” of our test setup is turned off. This is just for one solar panel, explains Bredik, but ethical hackers could pull off this “trick” with many devices. “In theory, we could do this with millions of households around the world. That’s a very large number.”

blackout

This makes it possible to shut down part of the Netherlands or even the entire country, Bredijk continues. “Depending on how many solar panels you can take over and how you do it, you can cause a regional or even a national power outage. A blackout.”

According to cybersecurity expert Dave Masland, our energy grid is not well prepared for digital attacks from the outside. “I think our digital infrastructure is extremely vulnerable right now. It’s not because of ignorance, it’s because of the sheer complexity that we’re dealing with. And at the scale that we’re talking about now, we need to improve our energy grids, our transportation grids, our water systems, and keep everything secure, that’s a very difficult task, while at the same time continuing our digital transformation.”

The Russians are already there.

Cybersecurity, Masland explains, is not about vague visions of the future, but about harsh reality. This is demonstrated by the many videos of Russian hackers circulating online. The images show the hackers the damage they can actually cause. “For example, Russian hackers recorded a video where they are in the control system of a water facility in Texas. You can literally see that they are in the system and can adjust all sorts of values. Think, for example, the amount of chlorine.”

According to Masland, this corresponds to a form of “psychological warfare” by Russia. “They are deliberately spreading this to scare citizens. This way they show: 'We are in your house.' And this way they can also harm our health.”