‘Cybersecurity is a real problem, but the Reuters report should be taken with a grain of salt”
The bombshell broke on Wednesday: A Reuters report said unexplained communication devices had been found inside some inverters and energy storage batteries made in China, and US energy officials were reportedly “reassessing the risk posed by Chinese-made devices, according to two anonymous sources.” The report did not name the manufacturers or the number of devices investigated.
“It's clear that the issue of cybersecurity is a real and worrying problem, but this information [in the Reuters report] should be taken with a grain of salt,” Garikoitz Sarriegi, senior project manager at Kiwa PI Berlin Ibérica, told pv magazine. Sarriegi states that, citing the fact that those involved in the “investigation” declined to provide further information, there is no mention of who the manufacturer is, whether multiple manufacturers are involved, or how many units with this problem they have found.
Martin Schachinger, founder of the pvXchange platform and who writes a monthly column in pv magazine on the development of the European PV market, expressed his opinion on the report on LinkedIn: “Unfortunately, the information is still very scarce and superficial. I'm eager to know if more details will be released at some point or if this will be a smokescreen that will further fuel existing conspiracy theories.”
Another point Reuters makes in its article is the ban that the United States government plans to impose starting in 2027 on several of the largest Chinese battery energy storage (BESS) manufacturers due to their close ties to the Communist Party. Several US utility companies fear that, following Huawei's ban, other Chinese inverter manufacturers could face a similar ban. “At Kiwa PI Berlin, we are talking with the largest BESS manufacturers and have verified that several of the smaller players involved use cells from these manufacturers that could be subject to the ban, so these other manufacturers would also be excluded. Given the market share of Chinese manufacturers, we find it difficult to believe that the ban will have any effect unless policies regarding this issue change drastically,” Sarriegi added.
Regarding “backdoor access,” several major Spanish engineering firms have confirmed to the consultancy firm that “they do not install any components not declared in the bill of materials (BOM) and that, without the client's permission, they cannot do anything” — such as updating parameters, modifying firmware, or turning the inverter on or off.
“What's more, it seems that they have occasionally had problems because the client has not granted them access or has been slow to do so,” Sarriegi explained. These Spanish inverter manufacturers can shut down their equipment remotely. “It's something that can be done for security reasons, always with the client's permission. I'm sure that if we ask any other European manufacturer, the answer will be the same,” he added.
Sarriegi affirmed that, in theory, when the equipment is certified, it is ensured that “everything is okay, but firmware updates are usually performed through remote access, and those don't necessarily have to be certified. That's where things can slip in. But you have to be very sure and provide truthful information before dropping such a bombshell.”