“`markdown
Vast Array of Solar Power Equipment Left Exposed Online
According to a recent report from the industrial cybersecurity firm Forescout, nearly 35,000 solar power devices worldwide are remotely manageable and openly accessible to anyone with an internet connection. These devices, which are crucial for operating solar energy infrastructure, come from 42 different manufacturers.
While some of these management interfaces may have password protections, Forescout notes that virtually none of them needed to be online. Any exceptions should have been secured behind Virtual Private Networks (VPNs). The ten vendors with the highest number of exposed devices have all disclosed vulnerabilities in the past decade, heightening the risk of these devices being accessible on the public internet.
The transition to renewable energy and the increasing digitization of the power grid have created significant cybersecurity risks. Forescout’s findings highlight how the lack of secure design practices in critical infrastructure can endanger lives and potentially destabilize entire regions.
Forescout’s report, which is based on a scan of public IP addresses using the Shodan search engine, details the distribution of solar equipment with internet-accessible management interfaces. The findings reveal that these devices are more common in Europe and Asia, with three-quarters located in Europe and 17% in Asia. Notably, Germany and Greece each account for 20% of the total number of exposed devices.
Interestingly, the ten vendors with the most exposed devices do not necessarily align with those holding the largest market shares. For instance, global leader Huawei does not appear on Forescout’s list. The most frequently observed device left accessible online is SMA’s Sunny WebBox, which collects and reports data on solar inverter performance. This device has been discontinued since 2015 and has consistently been among the most exposed solar devices, despite a hard-coded vulnerability being disclosed in September 2015.
The number of exposed devices fluctuated significantly, dropping from 80,000 in December 2014 to 9,500 at the time of the vulnerability disclosure, but it has risen again to 13,000 recently. Cybersecurity experts warn that discontinued infrastructure with known vulnerabilities poses a severe risk. Rob Lee, CEO of the industrial cyber firm Dragos, emphasized that while solar farms and other distributed energy resources require connectivity, it must be properly secured. He advocates adopting an “assume-breach” mindset due to the attractiveness of these systems to adversaries.
Some devices may be remotely accessible simply because their operators are unaware of their existence amid complex infrastructure management. Gary Kneeland, a senior product manager at Claroty, explained that without complete visibility into how these exposed assets communicate, operators cannot effectively control them. He noted that vulnerabilities in devices left online remain a persistent issue for sectors striving to digitize, particularly in the energy industry.
Kneeland concluded by stating that attackers do not require sophisticated tools; they just need access.
“`
Original article by NenPower, If reposted, please credit the source: https://nenpower.com/blog/significant-cybersecurity-risks-as-thousands-of-solar-power-devices-found-exposed-online/
