Category Archives: ICS / SCADA Cybersecurity

Cybersecurity Risks in Solar Power Systems

Solar power has become a vital part of the global energy network, supplying clean energy to millions. But this rapid growth has exposed vulnerabilities in solar power systems that could have serious consequences. Recent discoveries by cybersecurity experts highlight the potential risks associated with solar inverters and controllers, which convert solar energy into electricity.

How Solar Power Systems Are Exposed

Solar power systems increasingly rely on the Internet of Things (IoT), connecting them to a vast network of devices. This connection, while beneficial for energy management, also opens the door to cyberattacks. Inverters and controllers play a key role in converting solar-generated power into electricity that can be used on the grid. When these devices are vulnerable, the entire power grid can be at risk.

The Impact of Vulnerabilities in Solar Inverters

Cybersecurity analysts at BitDefender recently found serious flaws in solar inverter platforms used by Solarman and Deye. These flaws put 195 gigawatts of solar power—20% of the world’s solar output—at risk. The vulnerabilities include the potential takeover of entire accounts, duplication of access tokens, excessive data sharing, and weak passwords. Attackers could exploit these weaknesses to disrupt power generation, access sensitive information, and destabilize power grids.

The Need for Stronger Cybersecurity Measures

The risks posed by these vulnerabilities are significant. If exploited, they could lead to large-scale disruptions in electricity generation, threatening the stability of power grids and national security. The decentralized nature of solar power adds to the challenge, making the system more vulnerable to cyber threats. As solar energy becomes more common, manufacturers and utility companies must prioritize cybersecurity in the development and operation of these systems. Regular security assessments, timely updates, and protection of all components against potential attacks are essential steps.

Cyber actors have recently developed new capabilities to remotely interact with Schneider Electric equipment. This equipment includes Schneider Electric TM241 or TM251 programmable logic controllers (PLC), Schneider Electric Modicon M221 PLCs, TM241MESE PLC, and Schneider Electric Lexium 32 servo drives (LXM32AD18N4). However, there is currently no indication of active exploitation.

The capabilities of the exploit framework are significant. They aim to log into a PLC, change the password protecting the ladder logic project file, remotely read the project file from the PLC, and alter device operations. A malicious cyber actor could use these new capabilities to perform reconnaissance in an industrial control system (ICS) environment or alter physical performance within the ICS environment. This could potentially result in destructive effects or denial of service. Additionally, the exploit has further capabilities to interact and write data to Lexium drive servo motors over the OpenCAN protocol through the PLC.

General PLC Security Recommendations

The Department of Energy and Schneider Electric encourage owners and operators to follow industry cybersecurity best practices for PLC devices. These recommendations include:

1. Locate control and safety system networks and remote devices behind firewalls: Isolate them from business network interactions and the Internet. This ensures that unauthorized access is minimized and reduces the risk of exposure to external threats.
2. Never leave controllers in the “Program” mode: This mode should be reserved for specific maintenance tasks and should not be the default operational state. This reduces the risk of unauthorized modifications to the controller’s configuration.
3. Limit PLC programming activities to specific systems: These systems should not be used for other purposes. Ensure that mobile and transient devices (such as laptops) are scanned and validated prior to connection to an ICS network. This practice helps prevent the introduction of malware and unauthorized software.
4. Use secure methods for remote access: When remote access is required, utilize secure methods such as Virtual Private Networks (VPNs) and multi-factor authentication to access ICS networks. It is important to recognize that VPNs may have exploitable vulnerabilities and should be updated to the most current version available.

By adhering to these recommendations, owners and operators can enhance the security of their PLC devices and reduce the risk of cyber threats. Maintaining a robust cybersecurity posture is essential to protect critical infrastructure and ensure the reliable operation of industrial control systems.