TÜV Rheinland experts have succeeded in hacking commercially available PV inverters within a few minutes. The company said that this is an issue because storage systems typically communicate with the inverter, too.
The possible impact of an attack ranges from manipulating the power output of the PV system to harming the battery or adversely influence electricity grids and maybe paralyze them completely.
“In times of millions of renewable energy sources and the necessity of intelligent grids and in view of more than 75,000 home storage systems now installed, it is even more important to check whether the system is vulnerable,” said Dr. Daniel Hamburg, head of the Global Center of Excellence Testing and Certification at TÜV Rheinland. “Solar systems must be able to communicate with the provider securely and without errors so that feeding in the electricity takes place within the allowed operating states.”
Inverter as a communicator
Inverters convert the direct current generated by PV modules into alternating current that they feed into the distribution grid. By hacking the inverters, it is possible to gain access to the battery management system, too. In doing so, it is possible to trick the battery into an unsafe status and, on a wider scale, to attack the entire electricity grid by specifically causing massive power fluctuations.
“We were able to re-parametrize commercially available inverters without any problems,” said Roman-Alexander Brück, laboratory head for solar components at TÜV Rheinland. His colleagues had successfully penetrated inverters deploying several approaches among them a brute force attack or stealing passwords.
Inspection of cyber security recommended
Cyber security and protection against hacker attacks is not included in the standard functional safety inspection of solar system components designed to ensure smooth operation.
“Therefore, we recommend that manufacturers have their systems inspected and eliminate potential vulnerabilities,” said Brück.
“We use specifically developed security-by-design solutions and provide support to make the systems robust and protect them against unwanted interference,” said Dr. Hamburg. “The aim is to ensure that the system cannot be driven into a dangerous state and that the communication with the grid operator takes place safely as planned.”
TÜV Rheinland will be talking more about this topic at Intersolar in Munich, June 20-22, 2018, hall A2, booth 177.