Solar Winds Hack – Preventing Future Energy & Security Catastrophe

by Roy Morrison

The Solar Winds hack, attributed to Russian intelligence, exposes the existential vulnerability of the U.S. electrical infrastructure including its nuclear plants.

The control and safety of our electric grid is now in the trustworthy hands of Vladimir Putin. What could possibly go wrong? What? We do not want to be at the mercy of malign foreign actors?

The transformation to a decentralized solar and energy storage system now underway is crucial, not just to escape from climate catastrophe, but to build a secure and reliable energy system resistant to hack attacks.

Solar Winds Hack: Power Grid & Nuke Vulnerability

The 2020 Solar Winds hack did more than just gain entry for malware and for data theft from networks of multiple U.S. agencies like Homeland Security, two national laboratories; the Federal Energy Regulatory Commission; the National Nuclear Safety Agency, as well as Microsoft, Cisco, Intel, and 15 electric, oil, and gas companies.

But there’s more. The Solar Winds hack also gained clear access to the networks of at least two OEMs (Original Equipment Manufacturers) who supply power companies and update their controls and systems on an ongoing basis. Access to OEM operating systems by hackers means that a utility network could potentially be malware free but the OEM software granted ongoing access to the network could be used to gain knowledge of system operation and vulnerabilities weaponized in the future for malign purposes.

Putin in Action: Ukraine Example

In 2015, hackers shut down several Ukraine power plants for up to six hours in mid-winter, including an operating nuclear plant. They returned in 2016, this time for an hour and also shut down Ukraine State Administration of Railway Transport that runs the national rail system.

Malware programs like BlackEnergy2, BlackEnergy3, and KillDisk were found to have infected the Ukraine grid initially through spearfishing attacks. The hackers gained the ability to operate system breakers and shut down gird operations. This was combined with denial of service telephone attacks. At the same time KillDisk disabled some operator computers that meant open breakers needed to be closed manually. The Ukraine hacks were considered more of a test run of what can be done as well as a warning.

Nuclear plants require offsite power for normal operations of safety equipment. Offsite power is generally provided, for redundancy, by multiple separate power lines. If offsite power is cutoff, nuclear safety depends on operation of onsite diesel generators and battery backup. The failure of the backup generators flooded by the tsunami led to catastrophe at Fukushima and massive radiation releases and contamination.

Decentralized Solar and Micro Grid and Safety

Unlike the vulnerability of centrally controlled networks, the movement toward 100 percent renewable energy systems provides literally millions of distributed points of energy and storage. The renewable electric and storage system will include a plethora of micro-grids, ranging from single site nano-grids to large city micro-grids, each with their own substantial renewable generation and energy storage that will include the plug in batteries of millions of electric vehicles.

Instead of receiving signals from utility central to increase or decrease generation to maintain utility grid voltage and frequency, a renewable based energy system can monitor voltage and frequency at each generation site and respond accordingly.

The existing utility grid system depends on specialized power plants designed to rapidly throttle output up and down as voltage and frequency rises and falls. This is called AGC (Automatic Generation Control).

Your home solar utility system and its power inverters already have, or can be retrofitted to provide voltage and frequency control and the ability to disconnect itself from the utility feeder if voltage and frequency falls outside of acceptable levels. And, at the same time, renewable micro-grids can be programmed to ignore bogus malware signals to decrease or increase output.

What this means, is that in the future, city sized micro-grids will have the capacity to separate the micro-grid from the utility system and continue operation using their own micro-gird based renewable energy and storage.

Planning for a secure renewable energy system design should start now on the feeder and substation level to facilitate the ability of feeders and micro-grids to respond to voltage and frequency variations and to ignore central malware signals. Malware can easily endanger grid stability by sending false signals for generators to either increase or reduce power production, or simply shutting off power plants. Diverse renewable systems measuring voltage and frequency can easily be programmed to ignore malware commands.

This is not rocket science. But it is a fundamental change in mindset from central to decentralized control. This does not eliminate the need for sophisticated utility grid system balancing software, but it recognizes the ability of the micro-grids to continue to function properly and securely at somewhat reduced energy levels in the absence of utility grid operation.

Now’s the time to start planning and implementation double speed for a reliable renewable future. A prosperous, sustainable and secure future is based on zero fuel cost renewable energy. Renewable energy is an ecological necessity. Renewable Energy is a security necessity.


Fact Check

Solar Winds Hack:

Ukraine Utility System Hack:


Roy Morrison builds solar farms at


Leave a Comment