The state-run Dutch Radiocommunications Agency has launched an investigation into whether PV inverters pose a threat to the cybersecurity of the electricity system in the Netherlands, according to Dutch Minister for Climate and Energy Rob Jetten.
In a document published on the Dutch parliament's website, Jetten said that Internet of Things devices such as PV inverters can pose a risk to the electricity grid.
“To mitigate the risks of these devices, we focus on prevention, awareness, and additional legislation that makes products more resilient to digital attacks,” he said. “The Radiocommunications Agency will enter into discussions with the relevant manufacturers on how to improve cybersecurity.”
A Dutch hacker known as “Jelle Ursem” recently gained access to PV systems operated via a monitoring tool developed by Chinese manufacturer Solarman, according to Tweakers, a Dutch media outlet.
“The hacker was able to view the personal data of Dutch customers, create new customers and delete existing users,” reported Tweakers. “He was also able to find out how much electricity customers' solar panels generate via GPS coordinates, and download, adjust and upload inverter firmware.”
The Solarman spokesperson said the problem has been resolved, without any real impact on the affected PV systems.
“We've contacted the Dutch Institute for Vulnerability Disclosure (DIVD), which is also involved in the matter, and explained a bit of facts, but unfortunately the talk was made in the last minutes before disclosure, so we don't have enough time to review the whole process together,” the spokesperson told pv magazine. “We appreciated DIVD's efforts to reduce security vulnerabilities and help address any possibile risks, and will communicate with them in order to improve cyber security of the energy sector.”
This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: editors@pv-magazine.com.
6 comments
By submitting this form you agree to pv magazine using your data for the purposes of publishing your comment.
Your personal data will only be disclosed or otherwise transmitted to third parties for the purposes of spam filtering or if this is necessary for technical maintenance of the website. Any other transfer to third parties will not take place unless this is justified on the basis of applicable data protection regulations or if pv magazine is legally obliged to do so.
You may revoke this consent at any time with effect for the future, in which case your personal data will be deleted immediately. Otherwise, your data will be deleted if pv magazine has processed your request or the purpose of data storage is fulfilled.
Further information on data privacy can be found in our Data Protection Policy.