The Czech national cybersecurity agency has warned that Chinese solar inverters represent a threat to the country’s data security.
The increasing digitisation and presence of “complex technological solutions” in critical sectors like energy represent a security threat, the National Cyber and Information Security Agency (NÚKIB) warned yesterday.
Try Premium for just $1
- Full premium access for the first month at only $1
- Converts to an annual rate after 30 days unless cancelled
- Cancel anytime during the trial period
Premium Benefits
- Expert industry analysis and interviews
- Digital access to PV Tech Power journal
- Exclusive event discounts
Or get the full Premium subscription right away
Or continue reading this article for free
Infrastructure systems like energy grids, healthcare and transportation are increasingly dependent on cloud-based data storage and processing and remote control. NÚKIB said this means that the providers of those technology solutions “can significantly influence the operation of critical infrastructure and/or access important data, making trust in the reliability of the provider absolutely crucial.”
Those devices are increasingly connected to the Internet and can be controlled remotely by their manufacturers. The agency identified photovoltaic inverters as a high-risk product alongside large language models, electric vehicles, smart meters, medical technologies and personal devices like smart phones and watches.
NÚKIB cited “Confirmed malicious activities by actors linked to the PRC (People’s Republic of China) directed against the Czech Republic” as background for its concerns, including a “campaign” by the hacking group APT31.
It added that the “political and legal environment of the PRC… allows Chinese government authorities access to data stored on the territory of the PRC or significant interventions by Chinese government authorities in the operation of private companies.” This could raise questions about the security protocols of Chinese inverter producers. NÚKIB included Hong Kong and Macau in its risk assessment.
Companies using Chinese-made solar inverters “must take the threat into account in their risk analyses and respond to the identified risks by implementing adequate security measures” as a result of the findings, under the Czech Cybersecurity Act.
Inverter cybersecurity
Earlier this year, it was reported that US energy officials found “rogue” communication devices in Chinese-made solar inverters, which could have opened back-channels for data sharing with China or for hackers to bypass security measures.
The announcement sparked concern in Europe. The European Solar Manufacturing Council (ESMC), a trade group representing EU solar manufacturers, called on the European Commission to investigate the “risk potential for sabotage and espionage” and the ability of component manufacturers to “significantly influence” European grids.
The Lithuanian government has already limited the access of Chinese inverters to its solar and wind projects amid cybersecurity concerns.
SolarPower Europe, the continent’s leading trade body, has called for greater cybersecurity measures at the European level, especially as solar PV and other distributed energy resources take a larger portion of the energy mix.
Like most of the world, Europe is heavily reliant on Chinese-made renewable energy products, particularly for solar PV. Simultaneously, the continent’s inverter manufacturers are struggling against market headwinds and increased price competition from Asian supplier, something which SolarPower Europe has said needs to be addressed.
