Here is the original study: Restrict Remote Access of PV Inverters from High-Risk Vendors
The European Solar Manufacturing Council (ESMC) has issued a stark warning, highlighting a critical threat to Europe’s energy autonomy stemming from the unregulated remote access capabilities of PV inverters produced by non-European, high-risk manufacturers—particularly those from China. A recent study by DNV substantiates these concerns.
As solar power becomes increasingly integral to Europe’s clean energy goals and energy security, a major vulnerability looms: software-enabled remote access to PV inverters—the essential control units of solar power systems.
[…]
The threat is real, not hypothetical. Internet connectivity is essential for modern inverters to perform grid support functions and participate in power markets. However, this connectivity also enables remote software updates, allowing manufacturers to potentially modify device performance from afar. This poses serious cybersecurity risks, including the danger of intentional disruption or large-scale shutdowns. A recent DNV report, commissioned by SolarPower Europe, highlights the credible risk of cascading blackouts due to coordinated or malicious manipulation of inverters.
says the ignorant tankie while Chinese troops are in Ukraine. there’s no credible threat of US invasion so leave your whataboutisms at the door of your instance
Let’s just ignore the threats of taking Greenland, Canada and Panama… and whoever else will get added to that list.
I mean, it’s not like the US has invaded a bunch of other countries in the past decades, right?
But accusing others of being a tankie. Quite ironic.
we’re on a European board talking about Chinese attacks on European infrastructure. I’m not aware of US invasion threats to EU countries (which Greenland isn’t a part of).
I’m aware of the Snowden leaks and the CIA worldwide spying networks. those are valid concerns, however I don’t think the risk to privacy can be compared to the yearly cyber attacks perpetuated by China against the EU. Only one of these will be used in a potential war against us since the US is a NATO ally.
who cares who the US invaded in the past? I never said they didn’t, you’re bordering on whataboutism.
The same principle of strategic independence though can and should be applied to everyone, including China and the US. It’s clear that US is not a reliable ally, it was very clear when they shut down F-16s remotely in Ukraine to bully them into submission. Nothing is stopping them from shutting down power grids if these are in their hands to push EU to do whatever is not in its interests.
It’s not like the risk of invasion is the only criteria to use for deciding to be independent on core technologies.
i agree, if I had to choose I’d definitely want an economic/cyber war with the US over the much more likely conventional war with China
I think you are greatly underestimating what someone controlling the tech (note: here you don’t need cyber attacks) for critical infrastructure can do. Shut down power and water and the war finishes before it even starts. Let alone communications, payment systems, banking systems, government websites and all the other services that depend on cloud (i.e., mostly US companies).
The new directive (DORA I think? In get confused with the names) does include for a reason the mandatory exit plan for cloud providers ready.
And I’m not aware of Chinese invasion threats to EU countries, now what? While not a full member, Greenland is an OCT member of the EEA.
I’m aware. But we have many security flaws that don’t just involve China, yet nobody seems to care about. That’s what the meme is criticising. It doesn’t mean we should let China do what it wants, in fact I’m also in favor of eliminating such risks, but it’s only ever “China this, China that”, while ignoring things like e.g. networking infrastructure provided by the US. It’s the one-sided reporting, i.e. red scare, that’s annoying.
For how long though? And spying on politicians and high-ranking army officials is most definitely going to be used against us in a potential war. This already happened, despite us being NATO allies. It wasn’t just EU citizens, they fucking spied on Angela Merkel and other EU officials. But yeah, nothing to worry about, they’re our allies after all…
Keep in mind: “It may be dangerous to be America’s enemy, but to be America’s friend is fatal”
I do, and you should too, if you don’t blindly trust your “allies”. Accusing us of whataboutism, while you were writing about “Chinese troops in Ukraine” in response to a meme criticising the one sided reporting on security risks… absolutely wild.
Are they still? They’re not behaving like allies.
The only whataboutism is coming from your comment.
to point number 2, China is also a fascist state. your meme is whataboutism because it’s implying we should leave China alone while at the same time China is committing the same abuses that the US does. I’m a FOSS advocate in software and hardware, most Chinese tech doesn’t meet the standards of respecting human rights
It just implies that we should treat the US and Chinese more similarly. Whether this means avoiding the US more or working more closely with China is completely up to interpretation.
Is that a problem with Chinese tech, or just proprietary tech? Because apart from privacy, I can’t tell which human rights tech is supposed to respect, and lack of privacy is an issue not limited to Chinese tech.
not using Uyghur slave labor in East Turkestan would be a bare minimum for example. I’m not implying that China is alone in this, it’s a problem in all the other capitalist countries.
even if they made their tech open source, I highly doubt they’d stop exploiting the populace
So you’re talking about the tech industry, not the tech itself.
Assuming that the “Uyghur forced labor” claim isn’t just American propaganda: Do you really think forced labor is used for the tech industry? Skilled workers, who are needed for the tech industry, are a bit harder to exploit and it seems like the main concern with forced labor of Uyghurs is cotton. To my knowledge, the whole tech industry is located mostly in eastern China.
And how do you know that “most of Chinese tech doesn’t respect human rights”, when referring to forced labor? Do you track down the production chain of Chinese products? Or was there some investigation that I missed? These seem like absurd claims to me, so I’d really like a few sources.
gonna assume you aren’t just a genocide denier and you’re asking for sources in good faith:
https://www.antislavery.org/reports/uyghur-forced-labour-green-technology/
https://www.researchgate.net/publication/366812496_In_Broad_Daylight_Uyghur_Forced_Labour_and_Global_Solar_Supply_Chains
https://www.npr.org/sections/goatsandsoda/2023/02/01/1152893248/red-cobalt-congo-drc-mining-siddharth-kara
https://archive.is/renxw
I’m a genocide denier in the sense that I see what may be happening in Xinjiang as a violation of human rights, not a genocide just yet. But your second link seems convincing enough for me to read more about, thanks.
The issues in the Congo are true. I didn’t think about them before because I consider them mostly a failure of the Congo to enforce labor laws, but obviously Chinese companies aren’t innocent here.
FOSS is certainly easier to audit, though there’s still a risk of malicious contributors introducing backdoors or other exploits.
And just to be clear, there are groups within China who are relentlessly executing cyber-attacks against European and US assets. China’s not the only source, but it’s the biggest (at least based on what we’re seeing at my workplace, which includes a high-volume website). And nothing happens in China for long without the CCP’s approval. So, at least de facto, assume that’s in line with Chinese government policy.
The best course of action is to never assume any third party is going to protect your data unless someone credible has independently confirmed it. Don’t buy internet-connected devices unless there’s a damned good reason for them to be connected, and even then, firewall the hell out of them and make sure there’s no path from such a device to your sensitive data. If you have a home LAN for your various connected devices, keep that stuff logically (and ideally physically) separate from your personal data.