Valentin Conrad’s master’s thesis at the Department of Computer Science at TU Darmstadt examines commercially available inverters for balcony power plants that make solar power usable for domestic consumption. The research assistant and laboratory engineer at the LOEWE Center emergenCITY has identified significant IT security gaps – including the possibility of remotely controlling or switching off devices. The brands Hoymiles, Deye, Growatt, Anker, AP Systems, Ecoflow, and NEP were analyzed in this regard and are largely affected. The resulting risk to grid stability and energy supply received considerable media attention.

Spiegel Online, Deutschlandfunk, Der Standard, and Bild picked up on the topic and reported on the reactions of professional associations and authorities. There was unanimous agreement that Conrad’s findings provide an opportunity to focus more closely on IT security in decentralized energy supply. Even though Christian Ofenheusle, CEO of the German Energy Storage Systems Association (BVES), sees “no cause for panic,” the companies affected should now take action and remedy the defects in their inverters.

Claudia Plattner, President of the Federal Office for Information Security (BSI), called for binding security standards and certifications for Internet-enabled energy technology. An expansion of the BSI’s authority in decentralized power supply would also be appropriate.

Several media outlets also referred to the EU’s planned Cyber Resilience Act, which stipulates minimum standards for IT security. While some voices fear that the requirements may be too low, others criticize the additional bureaucratic effort involved.

Specialist portals such as IT Boltwise, t3n, Golem, photon.info, Solarserver, Giga, Computerbild, and Netzwelt also published articles on Valentin Conrad’s work. The tenor of the general reporting can be summarized with a subheading from Solarserver: “Need for action without alarmism.”

Back in August, Die Zeit reported on serious security vulnerabilities in the software of many inverters and the resulting dangers.

The media sees Conrad’s study as an important contribution to the discussion about IT security in the energy transition and the need for robust protection mechanisms for decentralized systems.