[dataflow]

> It’s also possible that the manufacturer gets hacked, and subsequently sends out attacker controlled and wrong software updates to the inverters, with possibly dire consequences.

> There are also people that claim that the many Chinese companies managing our power panels for us might intentionally want to harm us. Who knows.

Wait, seriously? The European power system relies on Chinese companies not messing it up remotely? And the debate is over whether the companies will stay nice? For heaven's sake, isn't it obvious that during a war the Chinese government can force them to just destroy the continent's power system remotely? How is this not seen as a extreme continental security risk?

[shagie]

> It’s also possible that the manufacturer gets hacked, and subsequently sends out attacker controlled and wrong software updates to the inverters, with possibly dire consequences.

Idaho National Lab is one of those places that researches this. https://inl.gov - their domains are energy (primarily nuclear and integrated) and national security ... and securing the grid is the intersection of that.

And some time back... https://www.wired.com/story/how-30-lines-of-code-blew-up-27-... ( https://web.archive.org/web/20201101002448/https://www.wired... ) . The story is from 2020. The event is from 2007.

The test footage linked in the article is on YouTube - https://youtu.be/LM8kLaJ2NDU

The wikipedia article on the test: https://en.wikipedia.org/wiki/Aurora_Generator_Test

From the wired article the key part of how it broke:

> A protective relay attached to that generator was designed to prevent it from connecting to the rest of the power system without first syncing to that exact rhythm: 60 hertz. But Assante’s hacker in Idaho Falls had just reprogrammed that safeguard device, flipping its logic on its head.

> At 11:33 am and 23 seconds, the protective relay observed that the generator was perfectly synced. But then its corrupted brain did the opposite of what it was meant to do: It opened a circuit breaker to disconnect the machine.

> When the generator was detached from the larger circuit of Idaho National Laboratory’s electrical grid and relieved of the burden of sharing its energy with that vast system, it instantly began to accelerate, spinning faster, like a pack of horses that had been let loose from its carriage. As soon as the protective relay observed that the generator’s rotation had sped up to be fully out of sync with the rest of the grid, its maliciously flipped logic immediately reconnected it to the grid’s machinery.

[afh1]

Shutting off nuclear to rely on gas from Russia was not seen as an extreme continental security risk. This is nothing...

[lifestyleguru]

Another security issue are all these cheap always connected IP cameras from China. Meantime the most recent achievement of EU lawmakers is cap permanently attached to a bottle. No wonder, as at least in case of my country we are sending the most corrupted sleazy individuals to the EU parliament and commission.

[amelius]

They already can by simply turning open some power mosfets in their fleet of EVs.

[bilbo0s]

Yeah.

I'm not sure everyone is really thinking clearly here.

Don't get me wrong, they should get rid of this practice of cloud monitoring. A consumer should be able to access monitoring over the internet without an intermediary. They should, of course, be allowed to contract with an intermediary if that is their desire.

But the security argument?

Yeah, that ship has sailed. Total war, means total war. Your power grid, your internet, your communications, and your fossil fuel deliveries will all see material disruption. I wouldn't count on being able to stop those disruptions by banning a few web sites. (And frankly, during total war, those disruptions would be the least of your problems in any case.)

Best bet for places like Europe, China, the US and Russia is, just don't do total war with each other. If you choose to do it anyway, then you can see what you can expect from that in the documents filed under "Play stupid games, win stupid prizes."

[crazygringo]

You're turning war into a black-and-white "total war" situation. Total war is rare, and no -- no ships have sailed.

It's easy to imagine a scenario where something happens between China and Taiwan, Europe gets involved in a way that majorly pisses off China, and China decides to sabotage Europe's grid in response.

Nothing about that is "total war" with Europe, and it's not like Europe is going to escalate with nukes either because that would be wildly disproportionate.

But it's a major vulnerability that should be fixed as quickly as possible. It's negligent for that to even be an option for China, because it certainly doesn't seem like Europe can do anything similar to the grid in China.

Your idea that security vulnerabilities don't matter, that "that ship has sailed", is false and irresponsible.

[bilbo0s]

You've totally missed the point.

No one advocated ignoring the vulnerability. I, myself, specifically stated that monitoring should be direct. Consumers should unilaterally decide where, when and how their assets are monitored.

The material point on security is that there are many, many methods of disrupting a power grid. Even when you are looking for plausible deniability, shutting down solar panels from cloud website doesn't make a list of your top 10 options. (In fact, it won't make the list in those scenarios precisely because you are looking for plausible deniability.)

Let's imagine a power grid as modern societies know them today, except all consumers monitor their solar panels themselves, and none of those consumers outsource this monitoring function to any third party foreign or domestic. Power grids can still be materially disrupted in this scenario. Especially in the case of total war. Obviously in the case of open war. And particularly in the case of cold war.

As I said, I advocate consumers disconnecting any power generation functions from networks. But if I'm in the seat coming up with post conflict, or even simply emergency recovery, operating assumptions, I'm not counting on those panels generating power. It's just irresponsible to do so. In total war EMP will knock most of that generation off line where you're luck enough not to have it eliminated entirely. In cold or open war, disruptions to distribution can and will render that generation useless. (Just ask Ukraine.)

Consumer cloud, or even personal, monitoring of solar panels does not enhance, nor does it degrade, your adversary's ability to disrupt your power grid when your adversary is at that super power level. If you believe it does, you're either not looking at the full spectrum of what you're calling "vulnerabilities" extant in the infrastructure of modern societies. Or you're underestimating the full spectrum of capabilities of modern military powers. Both, frankly, are fatal mistakes in the types of crises we're postulating.

[crazygringo]

No, your point was clearly stated:

> But the security argument? Yeah, that ship has sailed. Total war, means total war.

Those are your words.

I'm saying, focusing on total war is irresponsible and leads you to draw false conclusions. In the real world, limited conflicts are what we're dealing with 99.9+% of the time, thank goodness.

And now in your new comment, for some reason you're focusing on "plausible deniability" which is another red herring. If China wants to disrupt Europe's grid, it doesn't care about plausible deniability -- the entire point is to publicly retaliatiate. It just needs to do it, as easily as possible. The idea that relying on a cloud vulnerability "doesn't make a list of your top 10 options" doesn't make any sense at all. It might very well be the #1 option, or one of three tactics employed simultaneously.

[bilbo0s]

The security argument against cloud based monitoring has sailed.

With or without cloud based monitoring, our power grids can be disrupted.

That's the commonly accepted meaning of "that ship has sailed" as a colloquialism with respect to cloud based monitoring.

Also, you, yourself, brought up the idea of cold war style confrontation. The basis of most actions against proxy supporters in cold war style conflicts is plausible deniability. It's not a red herring, it's a widely adhered to tenet of cold war style conflict planning when targeting said proxy supporters.

I tried to cover total war, open war, and cold war to address the full spectrum of likely super power on super power active confrontations. In each scenario, the existence, or non-existence, of cloud based monitoring of solar panels, has no effect on the ability or inability of your adversary to disrupt your power grid.

Which disruption was the central thesis of your assertion. I was simply explaining why it was false.

You are being willfully argumentative at this point. If you didn't want to address cold war scenarios, why did you bring them up? You have a nice day sir or ma'am.

[formerly_proven]

Same continent that bought energy for decades from its strategic enemy. Coincidence? Probably not. Boundless naivete and corruption? Also yes.

[ragebol]

Russia wasn't an enemy for a while. The belief was that engaging with them would ensure they wouldn't be an enemy again. That failed.

Germany was an enemy once as well