China's inverter army was attacked in Australia, GoodWe responded exclusively!

As geopolitical relations become increasingly complex, my country's photovoltaic products are increasingly facing unreasonable attacks and accusations overseas. In the past, these attacks were mostly directed at photovoltaic modules, but now some people have begun to target photovoltaic inverters produced in China.

More than half of the households in the South River area of ​​Perth, Australia's fourth largest city, have installed rooftop solar; Image: Western Power

Almost all people in the photovoltaic industry have a natural liking for Australia. Australia is not only a mature and complete photovoltaic market, but also the cradle of photovoltaic technology industrialization, the home of the University of New South Wales, and a good friend and mentor of Chinese photovoltaic companies, Professor Martin Green.

And now, also in Australia, a very dangerous attack and accusation against Chinese photovoltaic inverters is taking place here.

01

Dangerous and hostile accusations

Opposition to the Australian government appears to have found a trap to oppose rooftop solar PV in Australia and to turn the tables on Chinese-made PV products, which are the source of Australia's renewable energy targets.

Australian opposition home affairs and cyber security spokesman James Paterson is spearheading the effort.

Regarding the attack on the Chinese inverters, the author quoted the view of Renew Economy, the most influential local green energy transition media, "This week, the Coalition has become more creative and more desperate to undermine Australia's commitment to promote renewable energy development. New claims claim that 60% of rooftop solar inverters in the renewable energy targets promoted by the federal government will be subject to cybersecurity risks."

Patterson, a former fellow at the Institute of Public Affairs, a lobbying group funded by fossil fuel companies, is a strong opponent of renewable energy and, like many of his coalition partners, supports nuclear power.

Patterson has publicly told the media that his recent concerns focus on a key part of the "renewable energy boom": the "smart inverters" that have made him uneasy about the nearly 20GW of rooftop solar installed by Australian homes and businesses, although the vast majority of it was installed under the supervision of the Coalition government.

He told Sky News Australia, "Experts told him that when these products (photovoltaic inverters) account for a large enough proportion of our rooftop solar energy, it will have an impact on our power grid, and the real danger point will appear, and it may be attacked and exploited by hackers."

“Not only would this damage the inverter and the power supply, it could actually damage our entire power grid and take our entire grid offline,” Patterson sensationally said. “In the most dangerous strategic environment since World War II, we cannot allow our power grid to be filled with exploitable cybersecurity vulnerabilities.”

Who is this Patterson?

Patterson recently successfully persuaded the Australian government to abandon the use of closed-circuit television surveillance systems produced by Hikvision, and called on government agencies to do the same with its more than 3,000 DJI drones.

In addition, on July 11, the Australian Senate's "Special Committee on Foreign Interference through Social Media Software" held a hearing. James Patterson is the chairman of this committee. Because Tencent refused to attend the hearing, Patterson directly criticized it, saying that "Tencent's repeated refusal to attend the hearing shows that it disregards Australian law."

According to media reports, in the past two years, an Australian "cybersecurity company" called "Internet 2.0" has emerged to launch public opinion smear campaigns against China. The company's founder, Robert Porter, is Patterson's cybersecurity "consultant."

It is not surprising that Patterson launched an attack on inverters produced in China.

Curiously, while Patterson is against renewable energy, he is also a vocal supporter of nuclear energy. His Australian opposition party has made nuclear energy a key policy and envisions something called "micro-nuclear energy" that could supposedly power hospitals and mines.

Putting aside the fact that nuclear energy is the most expensive, wouldn’t it be even more dangerous if it were attacked by hackers?

02

GoodWe's response

GoodWe booth at SNEC 2023

Renew Economy reported GoodWe’s response to the incident under the title “‘We operate independently’: Chinese inverter giant responds to PV Alliance intimidation campaign”.

In an email to RenewEconomy late Thursday , GoodWe said its commitment to data security and cybersecurity was “unwavering”.

“GoodWe is firmly committed to data security and cybersecurity,” GoodWe CEO and founder Huang Min said in the statement.

“Given recent concerns about security risks associated with smart inverters and Chinese ownership in Australia’s energy sector, we want to reassure our customers, partners and consumers that we take these issues extremely seriously.

"Transparency and compliance are core to our corporate values. We comply with all applicable laws and regulations in China and other countries where our products are distributed," the statement said.

“As our company operates independently and without external influence, we can assure our customers that our smart inverters are manufactured with the highest data security standards in mind.”

James Patterson previously stated that "smart inverters are networked devices that can be remotely controlled via the Internet." His press release included a "fact sheet" that disclosed a list of suspected smart inverter manufacturers, including Huawei, Sungrow and GoodWe.

The author has not found any public response from Huawei, Sungrow Power Supply, etc.

03

There is only one truth

Local media questioned Patterson's views; Source: solarquotes

Several Australian media outlets have questioned Patterson's views.

Solarquotes reports that it is easy to assume that Patterson is focused on attacking renewable energy targets rather than truly understanding cybersecurity risks. It would be a farce if renewable energy targets were once again held hostage to political point-scoring.

So how real are these risks? The Australian government, regulators and industry are aware that smart inverters are vulnerable to cyber attacks due to their connection to the public internet, meaning they can be hacked and used for malicious purposes like other such consumer devices.

However, Patterson’s argument is not valid. The risk of critical security vulnerabilities (such as insecure logging into inverters) does not depend on the country in which the product is manufactured. Any device exposed to the internet with a vulnerability can be exploited by any attacker who finds it.

"Senator Paterson seems to be suggesting that Chinese suppliers are building secret backdoors into their products - that one day, 10,000 Huawei inverters (or Growatt, Arrow, Sungrow or GoodWe) will be taken over by hackers, paralyzing Australia's power grid."

But this is not true. Because grid-connected, networked inverters do not exist in a vacuum.

If they are part of a virtual power plant, they will be controlled by a third party. That third party is managing the batteries, the grid, the import and export of electricity. These schemes are not managed by consumers who don’t understand cybersecurity – they should be managed by an organisation with cybersecurity expertise, familiar with the Australian Signals Directorate’s list of eight essential cybersecurity controls, and its Australian Information Security Handbook.

At a minimum, controlling the organization of the inverter group can ensure that the smart inverter communicates with the network management center through an encrypted channel and does not establish connections with other external network addresses.

Under Australia’s Critical Infrastructure Act, which was sponsored by the previous government – ​​of which Senator Patterson was a member – if the organisation controlling thousands of inverters via the cloud is a large infrastructure provider (AGL, Origin, Energy Australia etc) then they will be in the hands of companies that have already invested millions in security and are protected by it.

Grace Young, chief innovation officer at Watt Watchers and one of the “experts” Patterson cites in his “fact sheet,” said she “could not agree” with some of Patterson’s assertions.

“We need to think about policies and protections for the kinds of threats we see and can foresee, but this should not stop progress on renewable energy.

Regarding inverters from China, Grace Yang said that even if Australia immediately banned all Chinese inverters, the same safety issues would still exist.