Recently Willem Westerhof published a study on cybersecurity threads regarding PV inverters, in which SMA was mentioned. Unfortunately, the claim has caused serious concern for our customers. We would like to stress that SMA does not agree with this article, as some of his statements are not correct or greatly exaggerated.
Please be assured that the security of our devices has highest priority for SMA in all respects and that we do everything we can to protect our inverters and communication products against cyber-attacks. We already assessed the mentioned issues on a technical basis and work intensively on the correction. The stated potential security issues only affect older SMA products and only a very few products in our portfolio.
Here are some key facts:
- From our extensive product portfolio, only the following SMA inverter types are affected: Sunny Boy models TLST-21 and TL-21, Sunny Tripower models TL-10 and TL-30.
- All other products comply with the latest security standards.
- We want to stress that even with the inverters mentioned above, the assault vectors require extremely high efforts and extensive expertise by a potential hacker.
- Even the devices mentioned above are properly protected from hacker attacks, if the users carefully adhere to the measures outlined in our public cyber security guidelines.
- Any device not connected to the internet is not directly affected.
- There also is no such thing as a “secret super password” for all SMA inverters as Westerhoff states. Our inverters are delivered to our customers with a default password and we actively ask our customers to change this password to a personal secure password immediately after installation.
- Regarding possible effects on the public power supply, Willem mentions 17 GW of solar inverter power sold to the private market by SMA. This is the whole inverter power SMA has sold so far to the residential market. The power produced with the inverters that might be vulnerable to an attack is only a small fraction of this, and they are installed all over the world. So we see absolutely no danger to grid stability even in the extremely unlikely event that all inverters should be successfully attacked at the same time.
As mentioned before, cybersecurity is an extremely important topic for SMA. We are continually working on implementing the highest security standards and measures with our devices in order to make them invulnerable to attacks. In this respect, we also continually ask our customers, to read and adhere to our public cyber security guidelines in order to prevent possible attacks.
Please find further technically detailed responses to Westerhof’s claims on our company website.
For any further questions please use the comment section.
I’m the head of Corporate Communications at SMA.
Everything that is related to the company or could be of interest to colleagues, the press and investors worldwide. Of particular importance for me is transparent communication, which is intelligible and covers relevant issues.
What even my colleagues don’t know about me:
At the age of 16, I took part, surreptitiously, in demonstrations against nuclear power plants in Brokdorf and Gorleben, Germany. Until today, my parents are completely unaware of this.