US Authorities Warn of Hidden Radios in Solar-Powered Highway Infrastructure
The US Department of Transportation (DOT), through the Federal Highway Administration (FHA), has issued a warning regarding the discovery of hidden cellular radios in certain foreign-made inverters and batteries used within solar-powered highway infrastructure. This includes equipment like traffic cameras, weather stations, and EV chargers, raising concerns about potential security risks and remote tampering.
Concerns over Undocumented Communication Devices
The warning, prompted by a four-page security note, advises scanning solar-powered highway infrastructure for rogue devices, specifically hidden radios within batteries and inverters. While the advisory doesn't specify the exact equipment or the nature of the radios, concerns have been raised about the potential for these devices to be used for malicious purposes, potentially allowing remote control or data theft. The country of origin of the devices was not mentioned, though such devices are typically imported from China.
Industry Response and Regulatory Gaps
Uri Sadot, Managing Director of SolarDefend, a cybersecurity firm, expressed frustration with the lack of clear direction from the DOT and the focus on the leak of information rather than addressing the underlying security issue. He noted that original equipment manufacturers already design inverters for remote servicing, highlighting the need for stronger regulatory measures in the US and Europe. He also referred to a previous Reuters article from May, which reported that American energy officials had become concerned after experts found rogue communication devices in some Chinese inverters and batteries.
Global Actions and Countermeasures
While the US is taking steps to address these concerns, other countries have already implemented stricter regulations. China's 2019 MLPS 2.0 regulations place limitations on foreign parties installing remotely controllable distributed energy resources onto its grid. India has also introduced reporting requirements for inverters and distributed generation sites. In late May, SolarPower Europe urged the European Union to implement strict cybersecurity regulations for solar infrastructure, following findings of undocumented components in energy equipment imported into Denmark. This week, Czechia's cybersecurity office said Chinese solar inverters in small power plants are a potential security threat.
Potential Risks and Mitigation Strategies
The risks associated with these hidden radios include simultaneous outages, surreptitious data theft, and potential remote manipulation of highway infrastructure. Anomadarshi Barua, a George Mason University academic, stated that such devices could be used to trigger surges or send rogue commands, potentially sabotaging roadside infrastructure or even tampering with autonomous vehicle systems. The DOT advisory recommends that authorities inventory inverters, scan devices for unexpected communications, disable or remove undocumented radios, and ensure proper network segmentation.