Sign up to save your podcasts
Or
Share The Clean Energy Hidden Kill Switch
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Clean Energy Hidden Kill Switch
(A post coordinated with Fredrik)
We often celebrate solar farms and massive Battery Energy Storage Systems (BESS) as the heroes of the clean energy transition, allowing us to integrate intermittent sources like wind and solar. But behind this success story lurks a stark geopolitical reality: much of the digital backbone supporting our modern grid is dependent on technology supplied by, and remotely accessible through, geopolitical rivals.
If you’re listening to our latest episode of “Coordinated with Fredrik,” you know we’re diving deep into the hidden vulnerabilities of renewable technology. Here is a breakdown of how the devices enabling our green future might be posing the greatest threat to our energy sovereignty.
The Paradox: How the “Brains” of the Grid Became Vulnerable
Solar power relies on the inverter—the device that converts solar DC power into usable AC power. Far from being simple components, modern “smart” inverters are sophisticated computers that actively manage power flow, optimize performance, and even help stabilize grid frequency. They are, quite literally, the “brains” of the solar system.
This complexity requires connection. These devices rely heavily on manufacturer-hosted cloud platforms for monitoring, updates, and control, often exposing internet-exposed interfaces.
The critical issue is one of extreme supply chain concentration:
* Solar Inverters: Over 70% of the world’s solar inverters come from Chinese manufacturers, including major players like Huawei, Sungrow, and Ginlong Solis.
* The Huawei Inconsistency: This dependency creates a major paradox—Huawei has been banned from large parts of Europe’s 5G networks due to national security fears, yet its technology is welcomed into the digital backbone of the power grid.
* Battery Storage: BESS, vital for grid balancing, also face similar supply chain dependencies, relying heavily on Chinese suppliers (like CATL, dominating 80-90% of the global market) for components that may contain hidden vulnerabilities.
As a result, a massive portion of the EU grid (over 380 GW of solar capacity) is now quietly considered “critical infrastructure by accident”, controlled via foreign software platforms, yet often lacking the stringent security oversight of traditional power plants.
The “Kill Switch” Scenarios: Weaponizing Renewable Energy
Intelligence agencies and experts have flagged this dominance as an emerging security risk—a potential “weapon” for remote shutdowns or strategic coercion.
The convergence of cyber-physical threats means a digital compromise can lead to immediate physical consequences:
* Mass Remote Shutdown: The nightmare scenario is a coordinated attack exploiting the manufacturer’s cloud platform to simultaneously disable thousands of inverters across Europe. Experts warn that losing more than 10 gigawatts (GW) suddenly risks cascading failures, plummeting frequency, fragmentation, and rolling blackouts. Studies suggest that influencing just 3–4 GW of solar inverters could significantly challenge grid stability.
* Grid Destabilization: Instead of simply turning power off, an attacker could manipulate modern inverters to inject large amounts of reactive power (vars), warping voltage levels, overloading compensation equipment, and destabilizing entire regions without any clear sign of sabotage.
* Physical Damage: Access exploits could allow parameter tampering, disabling safety limits, or inducing overcharge cycles in BESS, potentially accelerating degradation or triggering a dangerous thermal runaway fire.
These threats are not merely theoretical. The Deye Incident in late 2024 served as a public “proof of concept” when the Chinese manufacturer remotely “bricked” numerous inverters across North America and other regions, proving the capability for mass disablement exists via the cloud platform.
Even more alarming is the hardware threat: recent inspections have reportedly discovered undocumented “rogue” communication devices, such as hidden cellular radios, embedded inside Chinese-made inverters. These secret components provide a covert, out-of-band channel that can bypass local firewalls, creating a persistent backdoor accessible by a foreign adversary compelled by national security laws to cooperate with state intelligence agencies.
The Path to Energy Sovereignty: Mitigation Strategies
Given the scale of the threat—where millions of consumer-owned devices collectively become a national security vulnerability—policymakers and utilities are seeking urgent solutions:
* Banning Untrusted Remote Access: Following Lithuania’s decisive example in 2024, which banned foreign companies from remotely accessing or controlling its renewable energy assets over 100 kW, the EU is moving toward frameworks like the NIS2 Directive and the Cyber Resilience Act (CRA) to enforce stringent cybersecurity standards.
* Using Secure Local Gateways: A highly effective technical fix involves adopting local API controls via secure gateways. These devices act as intermediaries, ensuring that critical control functions remain local (under the operator’s or owner’s control) and block unauthorized outbound connections to manufacturer cloud platforms. This approach can provide immediate security improvements to existing installations.
* Diversifying Supply Chains: Long-term resilience requires reducing the massive 70-80% dependence on Chinese solar equipment by actively investing in domestic and allied manufacturing of power electronics and control software.
* Rigorous Auditing and Transparency: Requiring independent security audits of inverter hardware and firmware, along with a complete Software Bill of Materials (SBOM) and Hardware Bill of Materials (HBOM), is essential to detect hidden components or backdoors that might bypass software-focused protections.
Ultimately, securing the grid requires a holistic approach. We must acknowledge the geopolitical dimension of renewable technology and treat energy cyber defense with the urgency traditionally reserved for military systems. Europe and the US face a clear choice: continue trading one dependency (fossil fuels) for another (vulnerable green technology), or act proactively to ensure their bright solar future is not controlled by an unseen hand on the switch.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit frahlg.substack.com
View all episodes
By Fredrik Ahlgren(A post coordinated with Fredrik)
We often celebrate solar farms and massive Battery Energy Storage Systems (BESS) as the heroes of the clean energy transition, allowing us to integrate intermittent sources like wind and solar. But behind this success story lurks a stark geopolitical reality: much of the digital backbone supporting our modern grid is dependent on technology supplied by, and remotely accessible through, geopolitical rivals.
If you’re listening to our latest episode of “Coordinated with Fredrik,” you know we’re diving deep into the hidden vulnerabilities of renewable technology. Here is a breakdown of how the devices enabling our green future might be posing the greatest threat to our energy sovereignty.
The Paradox: How the “Brains” of the Grid Became Vulnerable
Solar power relies on the inverter—the device that converts solar DC power into usable AC power. Far from being simple components, modern “smart” inverters are sophisticated computers that actively manage power flow, optimize performance, and even help stabilize grid frequency. They are, quite literally, the “brains” of the solar system.
This complexity requires connection. These devices rely heavily on manufacturer-hosted cloud platforms for monitoring, updates, and control, often exposing internet-exposed interfaces.
The critical issue is one of extreme supply chain concentration:
* Solar Inverters: Over 70% of the world’s solar inverters come from Chinese manufacturers, including major players like Huawei, Sungrow, and Ginlong Solis.
* The Huawei Inconsistency: This dependency creates a major paradox—Huawei has been banned from large parts of Europe’s 5G networks due to national security fears, yet its technology is welcomed into the digital backbone of the power grid.
* Battery Storage: BESS, vital for grid balancing, also face similar supply chain dependencies, relying heavily on Chinese suppliers (like CATL, dominating 80-90% of the global market) for components that may contain hidden vulnerabilities.
As a result, a massive portion of the EU grid (over 380 GW of solar capacity) is now quietly considered “critical infrastructure by accident”, controlled via foreign software platforms, yet often lacking the stringent security oversight of traditional power plants.
The “Kill Switch” Scenarios: Weaponizing Renewable Energy
Intelligence agencies and experts have flagged this dominance as an emerging security risk—a potential “weapon” for remote shutdowns or strategic coercion.
The convergence of cyber-physical threats means a digital compromise can lead to immediate physical consequences:
* Mass Remote Shutdown: The nightmare scenario is a coordinated attack exploiting the manufacturer’s cloud platform to simultaneously disable thousands of inverters across Europe. Experts warn that losing more than 10 gigawatts (GW) suddenly risks cascading failures, plummeting frequency, fragmentation, and rolling blackouts. Studies suggest that influencing just 3–4 GW of solar inverters could significantly challenge grid stability.
* Grid Destabilization: Instead of simply turning power off, an attacker could manipulate modern inverters to inject large amounts of reactive power (vars), warping voltage levels, overloading compensation equipment, and destabilizing entire regions without any clear sign of sabotage.
* Physical Damage: Access exploits could allow parameter tampering, disabling safety limits, or inducing overcharge cycles in BESS, potentially accelerating degradation or triggering a dangerous thermal runaway fire.
These threats are not merely theoretical. The Deye Incident in late 2024 served as a public “proof of concept” when the Chinese manufacturer remotely “bricked” numerous inverters across North America and other regions, proving the capability for mass disablement exists via the cloud platform.
Even more alarming is the hardware threat: recent inspections have reportedly discovered undocumented “rogue” communication devices, such as hidden cellular radios, embedded inside Chinese-made inverters. These secret components provide a covert, out-of-band channel that can bypass local firewalls, creating a persistent backdoor accessible by a foreign adversary compelled by national security laws to cooperate with state intelligence agencies.
The Path to Energy Sovereignty: Mitigation Strategies
Given the scale of the threat—where millions of consumer-owned devices collectively become a national security vulnerability—policymakers and utilities are seeking urgent solutions:
* Banning Untrusted Remote Access: Following Lithuania’s decisive example in 2024, which banned foreign companies from remotely accessing or controlling its renewable energy assets over 100 kW, the EU is moving toward frameworks like the NIS2 Directive and the Cyber Resilience Act (CRA) to enforce stringent cybersecurity standards.
* Using Secure Local Gateways: A highly effective technical fix involves adopting local API controls via secure gateways. These devices act as intermediaries, ensuring that critical control functions remain local (under the operator’s or owner’s control) and block unauthorized outbound connections to manufacturer cloud platforms. This approach can provide immediate security improvements to existing installations.
* Diversifying Supply Chains: Long-term resilience requires reducing the massive 70-80% dependence on Chinese solar equipment by actively investing in domestic and allied manufacturing of power electronics and control software.
* Rigorous Auditing and Transparency: Requiring independent security audits of inverter hardware and firmware, along with a complete Software Bill of Materials (SBOM) and Hardware Bill of Materials (HBOM), is essential to detect hidden components or backdoors that might bypass software-focused protections.
Ultimately, securing the grid requires a holistic approach. We must acknowledge the geopolitical dimension of renewable technology and treat energy cyber defense with the urgency traditionally reserved for military systems. Europe and the US face a clear choice: continue trading one dependency (fossil fuels) for another (vulnerable green technology), or act proactively to ensure their bright solar future is not controlled by an unseen hand on the switch.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit frahlg.substack.com