The European electricity network has become a ‘smart grid.’ This offers many opportunities for sustainability but also makes our energy system more vulnerable to digital attacks. In a time of increasing threat of hybrid warfare, the government and the energy sector realize that we as a society must prepare for possible disruption of the energy system and do everything we can to prevent it.
Various institutions test smart devices, set safety standards, and monitor compliance with these standards. However, parties such as our grid operators only have control over the energy grid equipment up to the front door. They are not allowed to look beyond the electricity meter, where most smart equipment is located. DIVD is allowed to do this and by identifying devices that can form a botnet, DIVD helps to make the smart grid more secure.
DIVD has been conducting research into vulnerabilities in equipment of the energy system, such as charging stations, solar panel inverters, home batteries, and (Home) Energy Management Systems. Previous findings have led to several parliamentary questions and follow-up actions by authorities such as RDI, the Dutch Authority on Digital Infrastructure.
DIVD has therefore set up a research line in collaboration with the energy sector to reduce the digital vulnerability of our energy system. We have also built a hardware lab to test devices and scenarios. DIVD is also a CVE Numbering Authority (CNA) and can publish new vulnerabilities, enabling the whole supply chain to prioritize patching.
In this talk, we will demonstrate how we could have generated outages using zero-days we found in solar converters and electric car chargers. But we also did it with just one user-password combination…
