Amazon Disclosure Privacy Policy DMCA Policy Terms of Use Contact Us

SMA Scores Information Security Certification

SMA and inverter cybersecurity

With so many inverters connected to its online platform, German solar manufacturer SMA has been taking cyber-security seriously – and its efforts have been recognised.

Most modern grid-connected solar inverters are also internet-connected, providing a potential avenue for those with nefarious intent to cause havoc, both to local systems and potentially the wider electricity network.

In its submission last year concerning the Australian federal government’s Cyber Security Strategy 2023-2030 Discussion Paper, Distributed Network Service Provider (DNSP) Ausgrid said a cyber-attack on its network would “severely disrupt lives and livelihoods”. In a worst-case scenario, it could cost as much as $120 million per hour or over $2.9 billion per day.

One of the risks for such attacks are customer-owned energy devices connecting to electricity networks, such as (but certainly not limited to) inverters; potentially providing millions of entry points for cyber threats. Ausgrid said issues relating to solar inverters and batteries as well as smart meters should be part of any cyber-security review.

Prior to this, the call had been going out to inverter manufacturers for years to harden security, and some have been taking note.

Last week, SMA Solar Technology AG announced it had received TÜV certification1 for ISO/IEC 27001, which is an international standard concerning information security management originally published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, and last revised in 2022.

“This certificate underscores the ongoing efforts we are making to ensure that sensitive information belonging to the users of our systems and solutions is kept safe and secure,” said SMA CFO Barbara Gregor. “It’s a significant milestone, and we will continue doing everything we can to protect the data of our customers, partners, and employees and minimize the threats posed by cyberattacks—because we want to lead the way in cybersecurity for energy solutions.”

1 Million+ Solar Systems Connected To SMA’s Portal

In addition to its other information systems, SMA says more than one million solar power systems in over 200 countries are currently registered in SMA Sunny Portal. This is an online monitoring platform where system owners, operators and installers can access key system data.

In Australia, SMA inverters have been popular, with more than 750,000 small-, medium- and large-scale units installed across the country. How many of that total are active on Sunny Portal nowadays isn’t clear, but you can see some Australian systems with publicly available profiles here.

SMA notes the TÜV certification covers the Portal, which is developed and operated in Germany, and all of the areas and processes required for its operation.

“Inverters are the brain behind every PV system, but unfortunately they are also increasingly becoming a target for hackers,” said SMA’s Information Security Manager Marek Seeger. “The cybersecurity measures we have put in place give us the edge over other companies that manufacture inverters and operate monitoring portals. The TÜV certificate is proof that the security practices we have implemented meet a high standard of quality and reliability.”

Who the “other companies” are wasn’t mentioned of course, but it should be noted SMA wouldn’t be the only inverter manufacturer investing significant resources on keeping information systems secure – but it’s something all should be doing.

Beyond its own in-house efforts, SMA says it is involved in the work of cybersecurity associations such as the Open Web Application Security Project (OWASP).

SMA taking the issue so seriously is encouraging. The firm also has a responsible disclosure program, which encourages the reporting of vulnerabilities. Such policies are important – we’ve seen in the past instances where vulnerability reporting to companies is ignored, the issues reported denied or met with legal threats.

Footnotes

  1. TÜV stands for the German words “Technischer Überwachungsverein”, which translated means Technical Inspection Association.

Original Source: https://www.solarquotes.com.au/blog/sma-information-security-mb3028/