A recent study by a cybersecurity firm confirmed that the Dutch solar energy grid is vulnerable to multiple types of attacks on its system.
ADVERTISEMENTA new study by a cybersecurity firm confirmed that one of Europe's largest solar energy grids is vulnerable to multiple types of attacks on its system.
Over a six-month period, researchers with cybersecurity firm Secura researched hacker forums on the dark web and conducted interviews with experts from the energy sector to find out where the most common threats to Dutch solar energy would come from.
"There is a significant area of attack in the solar power industry in the Netherlands and… this will expand especially in the future," the report says.
While Germany produces the most solar power in Europe, the Netherlands is the leader in solar energy per capita, the amount of energy produced by person, according toSolarPower Europe, the solar industry’s association.
There are over 3 million solar power installations throughout the Netherlands which in turn deliver between 17 to 20 gigawatts of power to the national energy grid every year, the report found.
The report follows a recent probe by investigative journalism platform Follow the Money that shows that a hacker could have gained control of millions of Dutch smart solar panel systems using a backdoor into their online system.
What attacks should we anticipate?
There are a few reasons why malicious actors might want to attack the Dutch solar system, such as the fact that it accounts for so much of the country’s energy.
For example, the report says that interference by a state actor is "relatively high" because it "allows for an easy route to disruption," which another country could use in negotiation.
"A strategic dependency arises for the Netherlands (in that scenario) because it can affect vital infrastructure," the report says.
The biggest impact that a cyberattack would have is on the central and high-voltage grid: the part of the grid that can hold and deliver the most energy.
That however is unlikely, because the report says, this grid is used by many European states, and would likely not be the source of a targeted attack against the Netherlands.
Hackers could also create too much solar power by manipulating the tipping point for a panel’s inverters, so they transform too much direct current energy from the Sun into alternating current energy, the type that’s needed for the grid.
If that happens, it could create a local power outage that the report says is easy to repair if done on a small individual solar panel.
What happens in case of a cyberattack?
The report says it’s hard to know what will take place after an attack but that money will likely be lost, whether small residential units or a large solar farm are targeted. How much is lost depends on whether any of the equipment is physically damaged.
Power outages could be likely, especially if combined with attacks on wind power generators, battery storage systems, or charging stations.
ADVERTISEMENTIf there are prolonged power outages, the report says it could lead to social unrest because people’s individual needs would not be met. For example, widespread power outages could make it harder for Dutch residents to buy food or use their phones to stay in touch with one another.
The cyberattacks and resulting power outages could also "damage confidence" in solar energy, the report continued, which would "reduce the willingness to invest in it and… delay the energy transition".
Euronews Next reached out to Secura but did not receive an immediate reply.
'We’re a future-looking sector'
While the threat of a cyberattack on solar is low for now, industry group SolarPower Europe said it’s important to put in place more measures to prevent any future attacks.
ADVERTISEMENTDries Acke, deputy CEO of SolarPower Europe, said in a July press release said there are some "clear steps" to take, like improving cyberattack risk assessments and empowering customers to learn more about how to keep their solar panels safe from malicious threats.
The industry is also asking that solar panels be labelled critical products, so they will be subjected to more cybersecurity assessments.
An EU-level threat monitoring group should be formed to look closely at threats to rooftop solar installations or any "centrally coordinated" devices, Acke continued.
"We’re a future-looking sector, on our way to providing the majority of Europe’s electricity. We take that responsibility seriously," Acke added.
ADVERTISEMENTThe EU said in a July report from the bloc’s cybersecurity agency that they are is unprepared for a large-scale attack on its energy infrastructure, including solar.
The report asked the Commission to analyse supply chain vulnerabilities in solar and to find ways to put in place cyberprotection for the technologies that are used to control how and when the panels generate energy.
