In 2024, the focus was on nuclear energy with "A Practical Analysis of Cyber-Physical Attacks Against Nuclear Reactors", and this year it is the turn of solar photovoltaic generation, completing the coverage of the carbon-free energy sources I consider crucial for Europe's energy sovereignty.
I hope it will be useful and interesting, just as the previous one was for some people.
The paper is structured to facilitate a linear reading and understanding by a variety of readers, although a minimal technical background is assumed.
What will you find in this paper? A mix of theory and practice.
An introduction that describes the technical characteristics, from both cyber and physics perspectives, of photovoltaic generation, grid-following inverters, and power grids required to understand the subsequent cyber-physical attack scenarios
“Cyber-physical Attacks on Solar Inverters” characterizes the type of impact a successful exploitation of grid-following inverters can have on the power grid. It is also a comprehensive analysis of those aspects of the Iberian blackout that can realistically be replicated through cyber means.
“Responsible Disclosure and Vulnerabilities” details real-world vulnerabilities discovered as part of this research in some of the largest European inverter manufacturers, such as Siemens, Ingeteam, and Fimer.
The number of impacted inverters is in the tens of thousands, representing tens of GW of generation. .
Download PDF