The recent discovery of unexplained components in Danish energy equipment highlights the urgent need for stronger EU solar cybersecurity rules, according to SolarPower Europe.
Walburga Hemetsberger, CEO of industry group SolarPower Europe, has said that the recent discovery of unexplained components in imported Danish energy equipment underscores the urgent need for stronger cybersecurity rules across the European Union’s solar infrastructure.
“This is highly concerning,” Hemetsberger told pv magazine in an email, noting that the suspicious elements were not solar components. “It is important that an investigation is underway.”
Her comments follow reports by Danish media outlets that trade association Green Power Denmark had found unexplained electronic components in imported circuit boards destined for the country's energy infrastructure. The discovery was made during a recent routine inspection, and the group said an investigation is now underway. The Danish authorities have reportedly declined to comment on the matter thus far.
“We’ve been warning that cybersecurity of modern energy systems is a growing concern, which needs robust, fact-based analysis,” said Hemetsberger. “Digitalization comes with great efficiency and cost wins, but it also comes with new challenges that Europe should address head on.”
A Green Power Denmark official told Reuters earlier this week that the discovered components could serve a range of potential purposes, but noted that their inclusion in critical systems was still deemed unacceptable, regardless of intent. The official did not identify the origin of the supplier.
A recent SolarPower Europe report on cybersecurity, produced in collaboration with DNV, calls for mandatory, solar-specific cybersecurity standards and limits on remote inverter access from outside the European Union. The report also calls for updated legislation to address risks unique to distributed energy systems such as rooftop PV arrays.
“Furthermore, to secure inverter hardware, software bills of material for solar inverters must be comprehensive and transparent, as required by the Cyber Resilience Act,” said Hemetsberger. “Regular, random checks must prove the software bill of materials is correct.”
Earlier this month, Reuters reported that unexplained communication devices had been found inside some Chinese-made inverter devices in the United States. The news agency cited unnamed sources as saying that US energy officials are now reassessing the risk posed by Chinese-made devices.
This followed the separate recent discovery of undocumented communication devices in some Chinese solar inverters, according to Reuters. The number of affected devices was not disclosed. The news agency said that similar components had also been found in batteries from multiple Chinese suppliers, according to one source.