Dutch agency investigates cybersecurity of PV inverters after hack

The state-run Dutch Radiocommunications Agency has launched an investigation into whether PV inverters pose a threat to the cybersecurity of the electricity system in the Netherlands, according to Dutch Minister for Climate and Energy Rob Jetten.

In a document published on the Dutch parliament's website, Jetten said that Internet of Things devices such as PV inverters can pose a risk to the electricity grid.

“To mitigate the risks of these devices, we focus on prevention, awareness, and additional legislation that makes products more resilient to digital attacks,” he said. “The Radiocommunications Agency will enter into discussions with the relevant manufacturers on how to improve cybersecurity.”

A Dutch hacker known as “Jelle Ursem” recently gained access to PV systems operated via a monitoring tool developed by Chinese manufacturer Solarman, according to Tweakers, a Dutch media outlet.

“The hacker was able to view the personal data of Dutch customers, create new customers and delete existing users,” reported Tweakers. “He was also able to find out how much electricity customers' solar panels generate via GPS coordinates, and download, adjust and upload inverter firmware.”

The Solarman spokesperson said the problem has been resolved, without any real impact on the affected PV systems.

“We've contacted the Dutch Institute for Vulnerability Disclosure (DIVD), which is also involved in the matter, and explained a bit of facts, but unfortunately the talk was made in the last minutes before disclosure, so we don't have enough time to review the whole process together,” the spokesperson told pv magazine. “We appreciated DIVD's efforts to reduce security vulnerabilities and help address any possibile risks, and will communicate with them in order to improve cyber security of the energy sector.”