ARTICLE
13 August 2024

Cybersecurity For Residential Energy Installations Remains Inadequate–A Frightening Reminder

FL
Foley & Lardner

Contributor

Foley & Lardner LLP looks beyond the law to focus on the constantly evolving demands facing our clients and their industries. With over 1,100 lawyers in 24 offices across the United States, Mexico, Europe and Asia, Foley approaches client service by first understanding our clients’ priorities, objectives and challenges. We work hard to understand our clients’ issues and forge long-term relationships with them to help achieve successful outcomes and solve their legal issues through practical business advice and cutting-edge legal insight. Our clients view us as trusted business advisors because we understand that great legal service is only valuable if it is relevant, practical and beneficial to their businesses.
As I have written in previous posts (here and here), the recent rapid growth of residential solar and energy storage unlocks exciting opportunities, including virtual power plants.
United States Energy and Natural Resources

As I have written in previous posts (here and here), the recent rapid growth of residential solar and energy storage unlocks exciting opportunities, including virtual power plants. But as the FBI recently reminded us, this growth also comes with risks.

Another stark reminder was provided courtesy of a home automation enthusiast near London. While attempting to automate their residential energy storage, Ryan Castellucci unintentionally also gained access to a 200MW virtual power plant.

It would be easy to blame the energy company or the software provider for the inadequate security. The reality, however, is far more frightening: The parties involved do not appear to have been doing anything out of the ordinary with regard to cybersecurity. The (insufficient) level of security protecting access to these resources is commonly in use, despite its known vulnerabilities.

And this is where the growth of residential energy generation and storage becomes an aggravating factor. The erstwhile "hacker" in this case not only gained access to a large amount of confidential customer data (which is bad enough), but they also gained control of 200MW of actual grid-connected energy storage assets.

This time it was embarrassing and perhaps even a little amusing. Next time could be something far more serious–and far more sinister.

We can only hope that the industry takes note and takes action before it is too late.

It took $70 and 24 hours for Ryan Castellucci to gain access to 200 MW of capacity

View referenced article

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More