Cyber Attack on Solar Panels Could Disrupt Half of Germany’s Power Grid

Most people would not consider cyber attacks on solar panels to be capable of causing much damage. Researchers, however, have shown that such threats should not be taken lightly. There are multiple vulnerabilities found in products manufactured by the leading providers of photovoltaics. A serious cyber attack against solar panels could shut down an entire nation’s power grid.

Hacking Solar Panels Could Be a Thing

Given the current popularity of solar panels, it is only normal that security researchers would take a closer look at their built-in security. As it turns out, top manufacturers have left significant security vulnerability in their products, all of which could be exploited by cybercriminals with relative ease. If these vulnerabilities were to be exploited on a large scale, they might very well shut down power grids in entire nations. 

New research on these security vulnerabilities was published late last week. The worst-case scenario is known as the “Horus Scenario” and relates to 21 different vulnerabilities that have been discovered. Two-thirds of these flaws rely on receiving CVE (Common Vulnerabilities and Exposures) identifiers. The researcher disclosed these flaws to the manufacturers in question back in December of 2016, and he even gave them proof of concept attack vectors in January of 2017. This shows that those flaws required being patched sooner rather than later.

If a malicious actor were to exploit any of the flaws pointed out by this research, he or she would succeed in damaging the normal functioning of a solar power plant. Power grids are built in such a way that any disturbance will have a long-lasting effect. If one panel is attacked, the issue will quickly spread to other photovoltaic panels as well. Considering how power grids are often interconnected in many countries, this could have major repercussions due to a cascading domino effect. If country A’s grid goes out, they will necessarily draw power from country B, which then requires more power from country C, and so on.

Interconnected power grids are based on the principle of estimated power supply and consumption. A solar eclipse, for example, allows power grid regulators to increase the production of electricity using other means in order to cover the lack of energy generated by solar plants. An unplanned malicious attack, however, gives no room to prepare backup solutions. It would effectively cripple some countries’ power grids altogether, although it remains to be seen just how long that effect would last.

According to the security researcher involved with this project, a hacker could easily shut down production of solar plants and cause the equivalent of a solar eclipse. It is not hard to see why this would have incredibly dire consequences. While it would cause a monetary loss for the solar plant’s owners, this would only be a secondary concern in the grand scheme of things. After all, the power grid itself would undergo a massive shock.

One country which would be severely affected by such a hack is Germany, since between 30 and 50 percent of its power demand is covered by photovoltaic panels. A cyber attack on that grid in particular at the right time would take out nearly half of the country’s entire power supply, which would be catastrophic. It could also cause continent-wide power outages due to the way its power grid is interlinked with the rest of Europe. Solar energy cannot be stored indefinitely, and producing new power takes up a lot of valuable time.