A planned German law, the “Solar Peak Law” to stabilize the power grid has raised significant concerns from the Federal Office for Information Security (BSI). The agency, responsible for countering cyber threats, has identified a “high risk potential” in the planned law, according to a spokesperson, who spoke to the press.
The concern stems from the fact that Chinese companies, and by extension the Chinese government, could gain direct access to a critical part of Germany’s power supply through internet-connected components of solar panels. The German government plans to use the inverters, a type of control unit, of solar panels to reduce green energy surpluses during periods of low demand, such as Easter and Pentecost. Many of the inverters used in Germany are manufactured by Chinese companies and could be remotely controlled over the internet.
Under the planned law, the government intends to obligate inverter manufacturers to disconnect solar panels from the grid if necessary to maintain system stability. The goal is to prevent power grid operators from having to implement targeted regional power outages in Germany to maintain the grid’s frequency.
The Federal Office for Information Security, however, warns against allowing Chinese companies to play a role in this process. “The BSI views the planned remote control of inverters by manufacturers, possibly through a cloud in a foreign country, as a significant risk potential” a spokesperson for the agency explained. “The fact that manufacturers, possibly through a cloud in a foreign country, could have direct access to a large number of devices in the European grid network, in the BSI’s view, poses a significant risk potential.”
Hackers could also gain unauthorized access, the BSI warns, as “besides the direct access of the manufacturer, security vulnerabilities in the products or the manufacturer’s cloud could enable unauthorized access for third parties.” The agency recommends that energy transition installations, such as solar panels, be operated locally and controlled through intelligent metering systems to minimize the risk of cyber threats.