This post was originally published in 2017. The tips and techniques explained may be outdated.
Recently Willem Westerhof published a study on cyber security threads regarding PV inverters, in which SMA was mentioned. Unfortunately, the claim has serious concern for our customers. We would like to stress that SMA does not agree with this article.
Please be assured that we have the highest priority for SMA in all respects and that we can protect our inverters and communication products against cyber-attacks. We already assessed the mentioned issues on a technical basis and work intensively on the correction. SMA products and only a few products in our portfolio.
Here are some key facts:
SMA inverter types are affected: Sunny Boy models TLST-21 and TL-21, Sunny Tripower models TL-10 and TL-30.
All other products comply with the latest security standards.
By the Potentials hacker.
Even the devices above are properly protected from hacker attacks, if the users carefully adhere to the measures outlined in our public cyber security guidelines.
Any device not connected to the internet is not directly affected.
There is no such thing as a “secret super password” for all SMA inverters as Westerhoff states. Our inverters are delivered to our customers with a password.
Regarding possible effects on the public power supply, Willem mentions 17 GW of SMA. This is the whole inverter power SMA has sold so far to the residential market. The power produced with the inverters that might be vulnerable to attack is only a small fraction of this, and they are installed all over the world. Thus, there is no danger of grid stability even in the extremely unlikely event that all inverters should be successfully attacked at the same time.
As mentioned before, cybersecurity is an extremely important topic for SMA. We are constantly working on implementing the highest security standards and measures with our devices in order to make them invulnerable to attacks. In this respect, therefore Continually ask our customers, to read and adhere to our we public cybersecurity guidelines in order to prevent possible attacks.
Please find further technically detailed responses to Westerhof’s claims on our company website .
For any further questions please use the comment section.