Technologies that underpin solar and wind energy storage systems, which are central to transferring renewable power to the grid, are potential hacking risks, experts noted at a congressional hearing Tuesday.
As the U.S. grid is undergoing a major digital and generation transformation, the reliance on inverter-based resources is a major point of weakness since the equipment is both digitally native and because China is a major manufacturer many of those devices, said Paul Stockton, former Assistant Secretary of Defense, said during the hearing.
“Manufacturers in China are important producers of inverters being deployed nationwide across the United States and I think looking at supply chain risks — not just availability of critical products — but the risks that China will exploit these products in order to conduct attacks on the grid,” Stockton told the members of the House Committee on Energy and Commerce.
While the threat vector from inverter-based generation may be only a small portion of total electricity generation — roughly 14% — those numbers are expected to go up in the coming years.
The inverters convert direct current (DC) electricity generated by solar panels to alternating currents (AC) that is used by the electric grid. Inverters also distribute power based on software that identifies the state of the grid, a boon for efficiency but come with security concerns, according to a 2022 Energy Department study on the cybersecurity of distributed energy resources.
The report also noted that “distribution rooftop solar and large-wattage, customer-owned devices present new attack potential, can aggregate to magnitudes like traditional resources, and will challenge traditional cyber defense postures through their administration by many different parties.”
“If we can secure those devices we have an opportunity to transition to a stronger resilience strategy to defend the grid and make sure that we can counter the objectives of our future adversaries,” according to Stockton prepared opening remarks.
The hearing comes on the same day the Biden administration announced a labeling system for “smart” devices such as home appliances. But the Department of Energy also announced that it will look at power inverters for the initiative to develop cybersecurity labeling.
“Today’s announcement marks an important milestone in our journey toward a more secure energy sector to benefit all Americans,” said Puesh Kumar, Director of the DOE Office of Cybersecurity, Energy Security, and Emergency Response in a statement. “We look forward to partnering with the Federal Communications Commission, the Cybersecurity and Infrastructure Security Agency, DOE National Laboratories, and our industry partners to advance the cybersecurity of energy systems.”