A recent study by a cybersecurity firm has confirmed that the Dutch solar grid is vulnerable to multiple types of attacks against the system.
advertisement
New research by a cybersecurity firm has confirmed that one of Europe's largest solar power grids is vulnerable to multiple types of attacks against its systems.
Researchers from cybersecurity firm Secura spent six months scouring dark web hacker forums and interviewing energy sector experts to find out where the most common threats to solar power in the Netherlands come from.
“The Dutch solar PV industry represents a significant attack surface that will likely grow, especially in the future,” the report said.
Germany produces the most solar power in Europe, but the Netherlands comes out on top in solar power per capita (electricity generated per person), according to solar industry group Solar Power Europe.
According to the report, there are more than three million solar photovoltaic installations across the Netherlands, contributing 17-20 gigawatts of electricity to the national grid each year.
The report follows a recent investigation by investigative journalism platform Follow the Money, which suggested hackers could have used a backdoor into online systems to gain control of millions of smart solar panel systems in the Netherlands.
What attacks should you expect?
There are several reasons why bad actors might want to attack the Dutch solar system, including the fact that it provides the majority of the Netherlands' energy.
For example, the report states that state-actor interference is “relatively high” because it “allows for an easy path of disruption” that other countries could use in negotiations.
“(That scenario) would create a strategic dependency for the Netherlands due to the potential impacts on critical infrastructure,” the report said.
The greatest impact of cyber attacks would be on the central and high-voltage electricity grid, the parts of the grid that can store and distribute the most energy.
However, the report said this was unlikely as the grid is used in many European countries and would be an unlikely source for a targeted attack against the Netherlands.
Hackers could also create excess solar power by manipulating the tipping points of the panels' inverters, resulting in excess direct current energy from the sun being converted into alternating current energy needed for the power grid.
That could cause localized power outages, but the report said they could be easily fixed with small, individual solar panels.
What happens if there is a cyber attack?
The report said it is unclear what would happen after an attack, but that whether a small residential unit or a large solar power plant is targeted, money would likely be lost. How much would depend on whether equipment is physically damaged.
Power outages are highly likely, especially when combined with attacks on wind turbines, energy storage systems and charging stations.
advertisement
The report said that prolonged power outages could lead to social unrest as people's individual needs are not met. For example, widespread blackouts could make it difficult for Dutch residents to buy food or contact each other using their mobile phones.
The report also said cyber attacks and the resulting power outages could “undermine confidence” in solar energy and “reduce investment incentives in solar energy and slow the energy transition”.
Euronews Next contacted Secura but did not immediately receive a response.
“We are a future-oriented industry.”
While the threat of cyber attacks on solar power is currently low, industry group Solar Power Europe says it's important to take further steps to prevent future attacks.
advertisement
Doris Acke, deputy CEO of SolarPower Europe, said in a July press release that there were “clear steps” to be taken, such as improving cyber-attack risk assessments and helping customers learn more about how to keep their solar panels safe from malicious threats.
The industry is also calling for solar panels to be labeled as a critical product and undergo more cybersecurity evaluations.
Ake also said an EU-level threat monitoring group should be set up to closely monitor threats to rooftop solar installations and “centrally coordinated” installations.
“We are a future-oriented industry and on track to supply the majority of Europe's electricity – a responsibility we take seriously,” Ake added.
advertisement
The EU is unprepared for large-scale attacks on its energy infrastructure, including solar power, a report published by its cybersecurity agency in July said.
The report called on the European Commission to analyze vulnerabilities in the solar power supply chain and find ways to put in place cyber protections for the technology used to control how and when panels produce energy.
