US energy officials have discovered undocumented communication equipment inside some Chinese-made solar inverters, according to a report from Reuters. The devices, described as “rogue” and “unexplained,” may allow “unregulated and undocumented remote communication channels” that could bypass cybersecurity firewalls and remotely access US power infrastructure.

Similar equipment was reportedly found in Chinese-made batteries. Though the number of affected products and their manufacturers were not disclosed, energy analyst Wood Mackenzie noted that Chinese companies Huawei and Sungrow “dominated over 50% of the global inverter market share in 2023.”

Inverters, often called the “heart” or “brain” of a solar PV system, are highly digitalized and essential for controlling the flow of electricity. If compromised, they could be used to “remotely disrupt or switch off solar power supply,” causing blackouts or damaging infrastructure.

Abigail Ross Hopper, CEO of the Solar Energy Industries Association (SEIA), called the discovery “a serious issue that the industry needs to address,” adding that it’s further reason to “maintain tax credits that are onshoring the production of inverters and the entire solar supply chain in the United States.”

The news has prompted a strong response in Europe. The European Solar Manufacturing Council (ESMC) warned that “with over 200GW of Europe’s solar capacity relying on these inverters… the security risk is systemic.” The group urged the European Commission to examine the “risk potential for sabotage and espionage” and called for “rigorous audit and validation tools” along with a transparent software bill of materials.

A recent report from SolarPower Europe and DNV stated that inverter security risks were “above acceptable limits,” and noted that cyberattacks on even 3GW of inverter capacity could have “significant implications” for power systems across the US and Europe.